WorldWideScience

Sample records for cabig security requirements

  1. Windows Security patch required

    CERN Multimedia

    2003-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables, ... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  2. Windows Security patch required

    CERN Multimedia

    3004-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables,... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  3. Windows Security patch required

    CERN Multimedia

    2003-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables,... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  4. GRID INFORMATION SECURITY FUNCTIONAL REQUIREMENT

    OpenAIRE

    Amy Poh Ai Ling; Mukaidono Masao

    2011-01-01

    This paper describes the background of smart information infrastructure and the needs for smart grid information security. It introduces the conceptual analysis to the methodology with the application ofhermeneutic circle and information security functional requirement identification. Information security for the grid market cover matters includes automation and communications industry that affects the operation of electric power systems and the functioning of the utilities that manage them ...

  5. Development of the Lymphoma Enterprise Architecture Database: a caBIG Silver level compliant system.

    Science.gov (United States)

    Huang, Taoying; Shenoy, Pareen J; Sinha, Rajni; Graiser, Michael; Bumpers, Kevin W; Flowers, Christopher R

    2009-04-03

    Lymphomas are the fifth most common cancer in United States with numerous histological subtypes. Integrating existing clinical information on lymphoma patients provides a platform for understanding biological variability in presentation and treatment response and aids development of novel therapies. We developed a cancer Biomedical Informatics Grid (caBIG) Silver level compliant lymphoma database, called the Lymphoma Enterprise Architecture Data-system (LEAD), which integrates the pathology, pharmacy, laboratory, cancer registry, clinical trials, and clinical data from institutional databases. We utilized the Cancer Common Ontological Representation Environment Software Development Kit (caCORE SDK) provided by National Cancer Institute's Center for Bioinformatics to establish the LEAD platform for data management. The caCORE SDK generated system utilizes an n-tier architecture with open Application Programming Interfaces, controlled vocabularies, and registered metadata to achieve semantic integration across multiple cancer databases. We demonstrated that the data elements and structures within LEAD could be used to manage clinical research data from phase 1 clinical trials, cohort studies, and registry data from the Surveillance Epidemiology and End Results database. This work provides a clear example of how semantic technologies from caBIG can be applied to support a wide range of clinical and research tasks, and integrate data from disparate systems into a single architecture. This illustrates the central importance of caBIG to the management of clinical and biological data.

  6. Information technology - Security techniques - Information security management systems - Requirements

    CERN Document Server

    International Organization for Standardization. Geneva

    2005-01-01

    ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

  7. 24 CFR 201.24 - Security requirements.

    Science.gov (United States)

    2010-04-01

    ... manufactured home. (c) Recording and perfection of security. The lender shall assure that the legal description... 24 Housing and Urban Development 2 2010-04-01 2010-04-01 false Security requirements. 201.24... TITLE I PROPERTY IMPROVEMENT AND MANUFACTURED HOME LOANS Eligibility and Disbursement Requirements § 201...

  8. Security Requirements – Analysis of the Issue

    Directory of Open Access Journals (Sweden)

    Jhon Vincent

    2013-12-01

    Full Text Available Needs about security are matters little taken into account when managing requirements engineering , and when considered in the life cycle of the system , they tend to become a general list of functions, as password of protection , firewalls , virus detection tools , and other similar. But in fact, they cannot be considered as requirements of security, because they are implementation mechanisms to try to meet unspecified requirements, as an authenticated access. As a result, the security requirements for the system are ignored, which are required to protect essential services and assets, besides, when are specified, is not considered the prospect of future attacks. This paper describes the need for a systematic approach to managing security requirements engineering, in order to help avoid the problem of generic lists and take into account the future perspective. Several related approaches are described and also are provided references additional material that can help requirements engineers to ensure that their products be taken into account, effectively , the security requirements.

  9. Cloud computing security requirements: a systematic review

    NARCIS (Netherlands)

    Iankoulova, Iliana; Daneva, Maia; Rolland, C; Castro, J.; Pastor, O

    Many publications have dealt with various types of security requirements in cloud computing but not all types have been explored in sufficient depth. It is also hard to understand which types of requirements have been under-researched and which are most investigated. This paper's goal is to provide

  10. Minimum Requirements for Taxicab Security Cameras*

    Science.gov (United States)

    Zeng, Shengke; Amandus, Harlan E.; Amendola, Alfred A.; Newbraugh, Bradley H.; Cantis, Douglas M.; Weaver, Darlene

    2015-01-01

    Problem The homicide rate of taxicab-industry is 20 times greater than that of all workers. A NIOSH study showed that cities with taxicab-security cameras experienced significant reduction in taxicab driver homicides. Methods Minimum technical requirements and a standard test protocol for taxicab-security cameras for effective taxicab-facial identification were determined. The study took more than 10,000 photographs of human-face charts in a simulated-taxicab with various photographic resolutions, dynamic ranges, lens-distortions, and motion-blurs in various light and cab-seat conditions. Thirteen volunteer photograph-evaluators evaluated these face photographs and voted for the minimum technical requirements for taxicab-security cameras. Results Five worst-case scenario photographic image quality thresholds were suggested: the resolution of XGA-format, highlight-dynamic-range of 1 EV, twilight-dynamic-range of 3.3 EV, lens-distortion of 30%, and shutter-speed of 1/30 second. Practical Applications These minimum requirements will help taxicab regulators and fleets to identify effective taxicab-security cameras, and help taxicab-security camera manufacturers to improve the camera facial identification capability. PMID:26823992

  11. Argumentation-Based Security Requirements Elicitation: The Next Round

    NARCIS (Netherlands)

    Ionita, Dan; Bullee, Jan-Willem; Wieringa, Roelf J.

    2014-01-01

    Information Security Risk Assessment can be viewed as part of requirements engineering because it is used to translate security goals into security requirements, where security requirements are the desired system properties that mitigate threats to security goals. To improve the defensibility of

  12. Smart Grid Information Security (IS) Functional Requirement

    OpenAIRE

    Ling, Amy Poh Ai; Masao, Mukaidono

    2011-01-01

    It is important to implement safe smart grid environment to enhance people's lives and livelihoods. This paper provides information on smart grid IS functional requirement by illustrating some discussion points to the sixteen identified requirements. This paper introduces the smart grid potential hazards that can be referred as a triggering factor to improve the system and security of the entire grid. The background of smart information infrastructure and the needs for smart grid IS is descri...

  13. Security Requirements Management in Software Product Line Engineering

    Science.gov (United States)

    Mellado, Daniel; Fernández-Medina, Eduardo; Piattini, Mario

    Security requirements engineering is both a central task and a critical success factor in product line development due to the complexity and extensive nature of product lines. However, most of the current product line practices in requirements engineering do not adequately address security requirements engineering. Therefore, in this chapter we will propose a security requirements engineering process (SREPPLine) driven by security standards and based on a security requirements decision model along with a security variability model to manage the variability of the artefacts related to security requirements. The aim of this approach is to deal with security requirements from the early stages of the product line development in a systematic way, in order to facilitate conformance with the most relevant security standards with regard to the management of security requirements, such as ISO/IEC 27001 and ISO/IEC 15408.

  14. Security and Reliability Requirements for Advanced Security Event Management

    OpenAIRE

    Rieke, Roland; COPPOLINO, Luigi; Hutchinson, Andrew; PRIETO, Elsa; Gaber, Chrystel

    2012-01-01

    International audience; This paper addresses security information management in complex application scenarios. Security Information and Event Management (SIEM) systems collect and examine security related events, with the goal of providing a unified view of the monitored systems' security status. While various SIEMs are in production, there is scope to extend the capability and resilience of these systems. The use of SIEM technology in four disparate scenario areas is used in this paper as a ...

  15. Pattern and security requirements engineering-based establishment of security standards

    CERN Document Server

    Beckers, Kristian

    2015-01-01

    Security threats are a significant problem for information technology companies today. This book focuses on how to mitigate these threats by using security standards and provides ways to address associated problems faced by engineers caused by ambiguities in the standards. The security standards are analysed, fundamental concepts of the security standards presented, and the relations to the elementary concepts of security requirements engineering (SRE) methods explored. Using this knowledge, engineers can build customised methods that support the establishment of security standards. Standard

  16. Requirements of a Better Secure Program Coding

    Directory of Open Access Journals (Sweden)

    Marius POPA

    2012-01-01

    Full Text Available Secure program coding refers to how manage the risks determined by the security breaches because of the program source code. The papers reviews the best practices must be doing during the software development life cycle for secure software assurance, the methods and techniques used for a secure coding assurance, the most known and common vulnerabilities determined by a bad coding process and how the security risks are managed and mitigated. As a tool of the better secure program coding, the code review process is presented, together with objective measures for code review assurance and estimation of the effort for the code improvement.

  17. 20 CFR 209.3 - Social security number required.

    Science.gov (United States)

    2010-04-01

    ... 20 Employees' Benefits 1 2010-04-01 2010-04-01 false Social security number required. 209.3... RAILROAD EMPLOYERS' REPORTS AND RESPONSIBILITIES § 209.3 Social security number required. Each employer shall furnish to the Board a social security number for each employee for whom any report is submitted...

  18. 48 CFR 1352.237-72 - Security processing requirements-national security contracts.

    Science.gov (United States)

    2010-10-01

    ... requirements-national security contracts. 1352.237-72 Section 1352.237-72 Federal Acquisition Regulations... Provisions and Clauses 1352.237-72 Security processing requirements—national security contracts. As prescribed in 48 CFR 1337.110-70(d), use the following clause: Security Processing Requirements—National...

  19. 7 CFR 764.355 - Security requirements.

    Science.gov (United States)

    2010-01-01

    ... through the use of marketing contracts, hedging, options, or other revenue protection mechanisms, and includes a marketing plan or similar risk management practice; (3) The applicant has had positive net cash... applicant has pledged as security for the loan all available personal and business security, except as...

  20. 77 FR 63849 - Facility Security Officer Training Requirements; Correction

    Science.gov (United States)

    2012-10-17

    ... SECURITY Coast Guard Facility Security Officer Training Requirements; Correction AGENCY: Coast Guard, DHS...), announcing a public meeting to receive comments on the development of a Facility Security Officer training program. The notice contains an inaccurate Internet link to RSVP for the public meeting. DATES: The notice...

  1. 7 CFR 764.104 - General real estate security requirements.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 7 2010-01-01 2010-01-01 false General real estate security requirements. 764.104....104 General real estate security requirements. (a) Agency lien position requirements. If real estate... Agency; and (4) Equity in the collateral exists. (b) Real estate held under a purchase contract. If the...

  2. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study

    Directory of Open Access Journals (Sweden)

    Weems William A

    2009-06-01

    Full Text Available Abstract Background Data protection is important for all information systems that deal with human-subjects data. Grid-based systems – such as the cancer Biomedical Informatics Grid (caBIG – seek to develop new mechanisms to facilitate real-time federation of cancer-relevant data sources, including sources protected under a variety of regulatory laws, such as HIPAA and 21CFR11. These systems embody new models for data sharing, and hence pose new challenges to the regulatory community, and to those who would develop or adopt them. These challenges must be understood by both systems developers and system adopters. In this paper, we describe our work collecting policy statements, expectations, and requirements from regulatory decision makers at academic cancer centers in the United States. We use these statements to examine fundamental assumptions regarding data sharing using data federations and grid computing. Methods An interview-based study of key stakeholders from a sample of US cancer centers. Interviews were structured, and used an instrument that was developed for the purpose of this study. The instrument included a set of problem scenarios – difficult policy situations that were derived during a full-day discussion of potentially problematic issues by a set of project participants with diverse expertise. Each problem scenario included a set of open-ended questions that were designed to elucidate stakeholder opinions and concerns. Interviews were transcribed verbatim and used for both qualitative and quantitative analysis. For quantitative analysis, data was aggregated at the individual or institutional unit of analysis, depending on the specific interview question. Results Thirty-one (31 individuals at six cancer centers were contacted to participate. Twenty-four out of thirty-one (24/31 individuals responded to our request- yielding a total response rate of 77%. Respondents included IRB directors and policy-makers, privacy and

  3. Analyzing and Specifying Reusable Security Requirements

    Science.gov (United States)

    2003-09-01

    sections specifying functional requirements. Thus, the functional requirements for an embedded avionics application and an ecommerce website may have...avionics applications and ecommerce applications need to specify levels of identification, authentication, authorization, integrity, privacy, etc. At...consider the following template for specifying integrity requirements: • “The [application / component / data center / business unit] shall protect the

  4. 33 CFR 106.305 - Facility Security Assessment (FSA) requirements.

    Science.gov (United States)

    2010-07-01

    ...; (ii) The number, reliability, and security duties of OCS facility personnel; (iii) Security doors... available to maintain essential services; (vi) The essential maintenance equipment and storage areas; (vii... required in paragraph (a) of this section. (c) Analysis and recommendations. In conducting the FSA, the OCS...

  5. Decomposition of the Security Requirements for Connected Information Domains

    NARCIS (Netherlands)

    Schotanus, H.A.; Boonstra, D.; Broenink, E.G.

    2011-01-01

    The introduction of network enabled capabilities (NEC) changed the way defence organisations look at their IT infrastructure. Finding the right balance between security and duty-to-share has proven to be a difficult challenge. The situations are complex and may lead to high security requirements

  6. Requirements for multimedia metadata schemes in surveillance applications for security

    NARCIS (Netherlands)

    Rest, J.H.C. van; Grootjen, F.A.; Grootjen, M.; Wijn, R.; Aarts, O.A.J.; Roelofs, M.L.; Burghouts, G.J.; Bouma, H.; Alic, L.; Kraaij, W.

    2013-01-01

    Surveillance for security requires communication between systems and humans, involves behavioural and multimedia research, and demands an objective benchmarking for the performance of system components.Metadata representation schemes are extremely important to facilitate (system) interoperability

  7. Information security governance: business requirements and research directions

    CSIR Research Space (South Africa)

    Höne, K

    2009-01-01

    Full Text Available World wide the importance of Information Security Governance is demanding the attention of senior management. This is due to the ever-changing threat landscape requiring that organisations adopt a focussed approach towards the protection...

  8. Grid Information Security Functional Requirement - Fulfilling Information Security of a Smart Grid System

    OpenAIRE

    Ling, Amy Poh Ai; Masao, Mukaidono

    2011-01-01

    This paper describes the background of smart information infrastructure and the needs for smart grid information security. It introduces the conceptual analysis to the methodology with the application of hermeneutic circle and information security functional requirement identification. Information security for the grid market cover matters includes automation and communications industry that affects the operation of electric power systems and the functioning of the utilities that manage them ...

  9. Information security requirements in patient-centred healthcare support systems.

    Science.gov (United States)

    Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

    2013-01-01

    Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

  10. Security Quality Requirements Engineering (SQUARE) Methodology

    Science.gov (United States)

    2005-11-01

    Oriented Do- main Analysis ( FODA ) [Kang 90], Critical Discourse Analysis (CDA) [Schiffrin 94], and the Accelerated Requirements Method (ARM) [Hubbard...99]. Table 12: Comparison of Elicitation Techniques Misuse Cases SSM QFD CORE IBIS JAD FODA CDA ARM Adaptability 3 1 3 2 2 3 2 1 2 CASE Tool 1...Feature- Oriented Domain Analysis ( FODA ) Feasibility Study (CMU/SEI- 90-TR-021, ADA235785). Pittsburgh, PA: Software Engineering Institute, Carnegie

  11. 77 FR 71568 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2012-12-03

    ...; ] SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 240 RIN 3235-AL12 Capital, Margin, and Segregation... proposed capital and margin requirements for security-based swap dealers (``SBSDs'') and major security...

  12. Security and Privacy in Video Surveillance: Requirements and Challenges

    DEFF Research Database (Denmark)

    Mahmood Rajpoot, Qasim; Jensen, Christian D.

    2014-01-01

    Use of video surveillance has substantially increased in the last few decades. Modern video surveillance systems are equipped with techniques that allow traversal of data in an effective and efficient manner, giving massive powers to operators and potentially compromising the privacy of anyone...... observed by the system. Several techniques to protect the privacy of individuals have therefore been proposed, but very little research work has focused on the specific security requirements of video surveillance data (in transit or in storage) and on authorizing access to this data. In this paper, we...... present a general model of video surveillance systems that will help identify the major security and privacy requirements for a video surveillance system and we use this model to identify practical challenges in ensuring the security of video surveillance data in all stages (in transit and at rest). Our...

  13. 49 CFR 236.1033 - Communications and security requirements.

    Science.gov (United States)

    2010-10-01

    ... Train Control Systems § 236.1033 Communications and security requirements. (a) All wireless... shall: (1) Use an algorithm approved by the National Institute of Standards (NIST) or a similarly...; or (ii) When the key algorithm reaches its lifespan as defined by the standards body responsible for...

  14. 77 FR 70213 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2012-11-23

    ... November 23, 2012 Part II Securities and Exchange Commission 17 CFR Part 240 Capital, Margin, and... Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security-Based...''), pursuant to the Securities Exchange Act of 1934 (``Exchange Act''), is proposing capital and margin...

  15. 77 FR 71369 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2012-11-30

    ... From the Federal Register Online via the Government Publishing Office SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 240 RIN 3235-AL12 Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security-Based Swap Participants and Capital Requirements for Broker-Dealers...

  16. PAPS: A Scalable Framework for Prioritization and Partial Selection of Security Requirements

    OpenAIRE

    Mougouei, Davoud

    2017-01-01

    Owing to resource constraints, the existing prioritization and selection techniques for software security requirements (countermeasures) find a subset of higher-priority security requirements ignoring lower-priority requirements or postponing them to the future releases. Ignoring or postponing security requirements however, may on one hand leave some of the security threats (vulnerabilities) unattended and on the other hand influence other security requirements that rely on the ignored or pos...

  17. High performance seismic sensor requirements for military and security applications

    Science.gov (United States)

    Pakhomov, A.; Pisano, D.; Sicignano, A.; Goldburt, T.

    2005-05-01

    General Sensing Systems (GSS) has been developing seismic sensors for different security and military applications for the past several years. Research and development in this area does not have a single-value purpose as security and military applications are of a broad variety. Many of the requirements for seismic sensors are well known. Herein we describe additional requirements for seismic sensors that are not at the center of common attention and associated with high performance seismic sensors. We find that the hard issues related to "remote" deployment/installation methods can be solved, given the seismic sensor does not have the usual single-axis sensitivity, but sensitivity to arbitrary oriented impact/vibrations. Our results show that such a sensor can be designed, in particular based on electret materials. We report that traditional frequency response curve linearity is not always the appropriate goal. Such issues as useful signal frequency band and an interference immunity should be directly taken into account. In addition, the mechanical oscillator of the seismic sensor should have a very broad dynamic range about 120dB, or an adjustable sensitivity for use in various tactical applications. We find that increasing sensitivity is not so much needed as is reducing of the seismic sensor sensitivity threshold. The lower sensitivity threshold in higher target detection range can be obtained in low noise environmental conditions. We will also show that the attempt to design and manufacture a universal seismic sensor for every possible application seems unreasonable. In every respect it makes sense to design a seismic sensor set, which can fit and satisfy all plurality of the applications and multi objective requirements.

  18. A SECURITY REQUIREMENT QUALITY MEASUREMENT MODEL FOR REDUCING ECOMMERCE SECURITY RISK

    OpenAIRE

    Sen-Tarng Lai

    2014-01-01

    E-commerce is an important business transaction system in the network age. However, the network intrusion, malicious users, virus attack and system security vulnerabilities have continued to threaten the operation of the e-commerce, making e-commerce security encounter serious test. In order to avoid system security flaw and defect caused user great loss, how to reduce e-commerce security risk has become a topic worthy of further exploration. In this paper, the critical security r...

  19. Requirements of a security framework for the semantic web

    CSIR Research Space (South Africa)

    Mbaya, IR

    2009-02-01

    Full Text Available introduce new security challenges. Consequently, security becomes a crucial factor for the adoption of the Semantic Web. There are existing suggested security frameworks for the Semantic Web, however none of these address all issues related to the Semantic...

  20. 48 CFR 652.239-71 - Security Requirements for Unclassified Information Technology Resources.

    Science.gov (United States)

    2010-10-01

    ... FAH 11, Information Assurance Handbook. (c) Submittal of IT Security Plan. Within 30 days after... Provisions and Clauses 652.239-71 Security Requirements for Unclassified Information Technology Resources. As prescribed in 639.107-70(b), insert the following clause: Security Requirements for Unclassified Information...

  1. A Business Goal Driven Approach for Understanding and Specifying Information Security Requirements

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most

  2. 20 CFR 703.203 - Application for security deposit determination; information to be submitted; other requirements.

    Science.gov (United States)

    2010-04-01

    ... determination; information to be submitted; other requirements. 703.203 Section 703.203 Employees' Benefits... AND RELATED STATUTES INSURANCE REGULATIONS Insurance Carrier Security Deposit Requirements § 703.203 Application for security deposit determination; information to be submitted; other requirements. (a) Each...

  3. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization (extended version)

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.

    2010-01-01

    Today, companies are required to be in control of the security of their IT assets. This is especially challenging in the presence of limited budgets and conflicting requirements. Here, we present Risk-Based Requirements Elicitation and Prioritization (RiskREP), a method for managing IT security

  4. 17 CFR 242.400 - Customer margin requirements for security futures-authority, purpose, interpretation, and scope.

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Customer margin requirements..., AND NMS AND CUSTOMER MARGIN REQUIREMENTS FOR SECURITY FUTURES Customer Margin Requirements for Security Futures § 242.400 Customer margin requirements for security futures—authority, purpose...

  5. Can EHRs and HIEs get along with HIPAA security requirements?

    Science.gov (United States)

    Sarrico, Christine; Hauenstein, Jim

    2011-02-01

    For Enloe Medical Center in California, a good-faith effort to self-report a breach in the privacy of a patient's medical record resulted in a six-figure fine imposed by a state regulatory agency. Hospitals face a "catch-22" situation in responding to the conflicting mandates of developing electronic health records that allow information sharing across institutions versus ensuring absolute protection and security of patients' individual health information. Some industry analysts suggest that the sanctions for security breaches such as the one experienced by Enloe will have the unintended effect of discouraging self-reporting of breaches.

  6. 17 CFR 405.5 - Risk assessment reporting requirements for registered government securities brokers and dealers.

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Risk assessment reporting requirements for registered government securities brokers and dealers. 405.5 Section 405.5 Commodity and... OF 1934 REPORTS AND AUDIT § 405.5 Risk assessment reporting requirements for registered government...

  7. 7 CFR 773.19 - Interest rate, terms, security requirements, and repayment.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 7 2010-01-01 2010-01-01 false Interest rate, terms, security requirements, and... SERVICE AGENCY, DEPARTMENT OF AGRICULTURE SPECIAL PROGRAMS SPECIAL APPLE LOAN PROGRAM § 773.19 Interest rate, terms, security requirements, and repayment. (a) Interest rate. The interest rate will be fixed...

  8. 7 CFR 774.18 - Interest rate, terms and security requirements.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 7 2010-01-01 2010-01-01 false Interest rate, terms and security requirements. 774.18..., DEPARTMENT OF AGRICULTURE SPECIAL PROGRAMS EMERGENCY LOAN FOR SEED PRODUCERS PROGRAM § 774.18 Interest rate, terms and security requirements. (a) Interest rate. (1) The interest rate on the loan will be zero...

  9. 7 CFR 771.9 - Interest rates, terms, security requirements, and repayment.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 7 2010-01-01 2010-01-01 false Interest rates, terms, security requirements, and... Interest rates, terms, security requirements, and repayment. (a) Interest rate. The interest rate will be fixed for the term of the loan. The rate will be established by FSA, based upon the cost of Government...

  10. 28 CFR 105.11 - Individuals not requiring a security risk assessment.

    Science.gov (United States)

    2010-07-01

    ... requiring a security risk assessment. (a) Citizens and nationals of the United States. A citizen or national... 28 Judicial Administration 2 2010-07-01 2010-07-01 false Individuals not requiring a security risk assessment. 105.11 Section 105.11 Judicial Administration DEPARTMENT OF JUSTICE (CONTINUED) CRIMINAL HISTORY...

  11. 48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Security requirements for unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information technology...

  12. WIRELESS SENSOR NETWORKS – ARCHITECTURE, SECURITY REQUIREMENTS, SECURITY THREATS AND ITS COUNTERMEASURES

    OpenAIRE

    Ranjit Panigrahi; Kalpana Sharma; Ghose, M. K.

    2013-01-01

    Wireless Sensor Network (WSN) has a huge range of applications such as battlefield, surveillance, emergency rescue operation and smart home technology etc. Apart from its inherent constraints such as limited memory and energy resources, when deployed in hostile environmental conditions, the sensor nodes are vulnerable to physical capture and other security constraints. These constraints put security as a major challenge for the researchers in the field of computer networking. T...

  13. 33 CFR 104.305 - Vessel Security Assessment (VSA) requirements.

    Science.gov (United States)

    2010-07-01

    ... baggage; and (vi) Vessel stores; (2) Threat assessments, including the purpose and methodology of the... availability of security communications, information, and equipment. (c) Analysis and recommendations. In... may, if damaged or used illicitly, pose a risk to people, property, or operations on board the vessel...

  14. 77 FR 61771 - Facility Security Officer Training Requirements

    Science.gov (United States)

    2012-10-11

    ... comment on a draft model FSO training course and other elements of the FSO training program. DATES: A... receive comments on the development of a Facility Security Officer training program, with the primary... comments on a draft model FSO training course as well as other aspects of the FSO training program. A draft...

  15. Security in transnational interoperable PPDR communications: Threats and requirements

    NARCIS (Netherlands)

    Ferrús, R.; Sallent, O.; Verkoelen, C.; Fransen, F.; Saijonmaa, J.; Olivieri, C.; Duits, M.; Galin, A.; Pangallo, F.; Modi, D.P.

    2015-01-01

    The relevance of cross border security operations has been identified as a priority at European level for a long time. A European network where Public Protection and Disaster Relief (PPDR) forces share communications processes and a legal framework would greatly enforce response to disaster recovery

  16. Automated analysis of security requirements through risk-based argumentation

    NARCIS (Netherlands)

    Yu, Yijun; Nunes Leal Franqueira, V.; Tun, Thein Tan; Wieringa, Roelf J.; Nuseibeh, Bashar

    2015-01-01

    Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about

  17. 49 CFR 1562.29 - Armed security officer requirements.

    Science.gov (United States)

    2010-10-01

    ... security officer onboard an aircraft operating into or out of DCA may not consume alcohol or use an...) Is not under the influence of alcohol or another intoxicating or hallucinatory drug or substance; and... service with a public agency as a law enforcement officer, other than for reasons of mental instability...

  18. Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. Currently companies achieve this by means of

  19. 33 CFR 105.305 - Facility Security Assessment (FSA) requirements.

    Science.gov (United States)

    2010-07-01

    ... dangerous goods and hazardous substances; (v) Delivery of vessel stores; (vi) Any facility security... use including the presence of stowaways; (v) Smuggling dangerous substances and devices to the... disruption, including disruption to transportation systems, of an attack on or at the facility; and (7...

  20. 78 FR 4365 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2013-01-22

    ... COMMISSION 17 CFR Part 240 RIN 3235-AL12 Capital, Margin, and Segregation Requirements for Security-Based... Federal Register a proposed rule for public comment to establish capital, margin, and segregation... soliciting comment on proposed rules and rule amendments establishing capital, margin, and segregation...

  1. The National Security Education Program and Its Service Requirement: An Exploratory Study of What Areas of Government and for What Duration National Security Education Program Recipients Have Worked

    Science.gov (United States)

    Comp, David J.

    2013-01-01

    The National Security Education Program, established under the National Security Education Act of 1991, has had a post-funding service requirement in the Federal Government for undergraduate scholarship and graduate fellowship recipients since its inception. The service requirement, along with the concern that the National Security Education…

  2. 26 CFR 301.7101-1 - Form of bond and security required.

    Science.gov (United States)

    2010-04-01

    ... current market value, above all encumbrances, equal to at least the penalty of the bond; (iii) All real... 26 Internal Revenue 18 2010-04-01 2010-04-01 false Form of bond and security required. 301.7101-1...) PROCEDURE AND ADMINISTRATION PROCEDURE AND ADMINISTRATION Bonds § 301.7101-1 Form of bond and security...

  3. 7 CFR 1781.9 - Security, feasibility, evidence of debt, title, insurance and other requirements.

    Science.gov (United States)

    2010-01-01

    ... AND DEVELOPMENT (RCD) LOANS AND WATERSHED (WS) LOANS AND ADVANCES § 1781.9 Security, feasibility... 7 Agriculture 12 2010-01-01 2010-01-01 false Security, feasibility, evidence of debt, title, insurance and other requirements. 1781.9 Section 1781.9 Agriculture Regulations of the Department of...

  4. 76 FR 73777 - Guidance on Due Diligence Requirements in Determining Whether Investment Securities Are Eligible...

    Science.gov (United States)

    2011-11-29

    ... Determining Whether Investment Securities Are Eligible for Investment AGENCY: Office of the Comptroller of the... associations in meeting due diligence requirements in assessing credit risk for portfolio investments. DATES... Determining Whether Investment Securities Are Eligible for Investment'' to facilitate the organization and...

  5. Critical water requirements for food, methodology and policy consequences for food security

    NARCIS (Netherlands)

    Gerbens-Leenes, P.W.; Nonhebel, S.

    2004-01-01

    Food security and increasing water scarcity have a dominant place on the food policy agenda. Food security requires sufficient water of adequate quality because water is a prerequisite for plant growth. Nowadays, agriculture accounts for 70% of the worldwide human fresh water use. The expected

  6. 48 CFR 1352.237-70 - Security processing requirements-high or moderate risk contracts.

    Science.gov (United States)

    2010-10-01

    ... includes an Immigration and Customs Enforcement agency check. (c) Additional Requirements for Foreign... an Immigration and Customs Enforcement agency check. It is the option of the Office of Security to...

  7. 17 CFR 41.42 - Customer margin requirements for security futures-authority, purpose, interpretation, and scope.

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Customer margin requirements... Margin Requirements § 41.42 Customer margin requirements for security futures—authority, purpose... to regulate customer margin collected by brokers, dealers, and members of national securities...

  8. The Arctic Region: A Requirement for New Security Architecture?

    Science.gov (United States)

    2013-03-01

    Council as the only circumpolar body and the leading political body for Arctic issues38. Norway also intends to step up its efforts to focus attention on...5711 14. ABSTRACT Global interest in the Arctic will inevitably increase even more in the coming years. International interest in the Arctic will...to manage. This requires a solid, effective regional and global cooperation that constantly adapts to new opportunities and conditions. The Arctic

  9. Report Writer and Security Requirements Finder: User and Admin Manuals

    Science.gov (United States)

    2016-06-15

    engineers and architects to bring the benefit of malware attack analysis to their own product development. They can examine reports of exploited...public user is someone who is about to build an application, such as a requirements engineer or an architect . If you are such a user, you will want to...REST is an architecture style for designing networked applications. It relies on a stateless, client -server, cacheable communications protocol—and

  10. 10 CFR 73.58 - Safety/security interface requirements for nuclear power reactors.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 2 2010-01-01 2010-01-01 false Safety/security interface requirements for nuclear power reactors. 73.58 Section 73.58 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) PHYSICAL PROTECTION OF... requirements for nuclear power reactors. (a) Each operating nuclear power reactor licensee with a license...

  11. 48 CFR 1852.204-76 - Security requirements for unclassified information technolocgy resources.

    Science.gov (United States)

    2010-10-01

    ... yearly “Classroom Exercises.” “Functional Exercises,” shall be coordinated with the Center CIOs and be... extent required to carry out IT security inspection, investigation, and/or audits to safeguard against..., interim access may be granted pending completion of the required investigation and final access...

  12. 77 FR 35259 - Guidance on Due Diligence Requirements in Determining Whether Securities Are Eligible for Investment

    Science.gov (United States)

    2012-06-13

    ..., principles, and due diligence processes should be commensurate with the complexity of the investment... Requirements in Determining Whether Securities Are Eligible for Investment AGENCY: Office of the Comptroller of... in meeting due diligence requirements in assessing credit risk for portfolio investments. Today, the...

  13. Analysis of the security and privacy requirements of cloud-based electronic health records systems.

    Science.gov (United States)

    Rodrigues, Joel J P C; de la Torre, Isabel; Fernández, Gonzalo; López-Coronado, Miguel

    2013-08-21

    The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients' medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access

  14. Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems

    Science.gov (United States)

    Fernández, Gonzalo; López-Coronado, Miguel

    2013-01-01

    Background The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients’ medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. Objective To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. Methods To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Results Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Conclusions Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security

  15. 13 CFR 107.1420 - Articles requirements for 4 percent Preferred Securities.

    Science.gov (United States)

    2010-01-01

    ... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Articles requirements for 4 percent Preferred Securities. 107.1420 Section 107.1420 Business Credit and Assistance SMALL BUSINESS ADMINISTRATION SMALL BUSINESS INVESTMENT COMPANIES SBA Financial Assistance for Licensees (Leverage) Preferred...

  16. 76 FR 12645 - Ownership Limitations and Governance Requirements for Security-Based Swap Clearing Agencies...

    Science.gov (United States)

    2011-03-08

    ... COMMISSION 17 CFR Part 242 RIN 3235-AK74 Ownership Limitations and Governance Requirements for Security... or appropriate to improve the governance of, or to mitigate systemic risk, promote competition or... consolidated assets of $50 billion or more, a nonbank financial company supervised by the Board of Governors of...

  17. 76 FR 30204 - Exelon Nuclear, Dresden Nuclear Power Station, Unit 1; Exemption From Certain Security Requirements

    Science.gov (United States)

    2011-05-24

    ... COMMISSION Exelon Nuclear, Dresden Nuclear Power Station, Unit 1; Exemption From Certain Security... issued for Dresden Nuclear Power Station (DNPS), Unit 1, located in Grundy County, Illinois. DNPS Unit 1... ``Requirements for physical protection of licensed activities in nuclear power reactors against radiological...

  18. Requirements for Secure Logging of Decentralized Cross-Organizational Workflow Executions

    NARCIS (Netherlands)

    Wombacher, Andreas; Wieringa, Roelf J.; Jonker, Willem; Knezevic, P.; Pokraev, S.; meersman, R; Tari, Z; herrero, p; Méndez, G.; Cavedon, L.; Martin, D.; Hinze, A.; Buchanan, G.

    2005-01-01

    The control of actions performed by parties involved in a decentralized cross-organizational workflow is done by several independent workflow engines. Due to the lack of a centralized coordination control, an auditing is required which supports a reliable and secure detection of malicious actions

  19. 48 CFR 3052.204-70 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-10-01

    ... unclassified information technology resources. 3052.204-70 Section 3052.204-70 Federal Acquisition Regulations... for unclassified information technology resources. As prescribed in (HSAR) 48 CFR 3004.470-3, insert a clause substantially the same as follows: Security Requirements for Unclassified Information Technology...

  20. 48 CFR 352.239-72 - Security requirements for Federal information technology resources.

    Science.gov (United States)

    2010-10-01

    ... Federal information technology resources. 352.239-72 Section 352.239-72 Federal Acquisition Regulations... Provisions and Clauses 352.239-72 Security requirements for Federal information technology resources. As... Federal Information Technology Resources (January 2010) (a) Applicability. This clause applies whether the...

  1. Model of assessment of requirements of privacy, security and quality of service for mobile medical applications

    Directory of Open Access Journals (Sweden)

    Edward Paul Guillen Pinto

    2017-08-01

    Full Text Available Introduction: The development of mobile technologies has facilitated the creation of mHealth applications, which are considered key tools for safe and quality care for patients from remote populations and with lack of infrastructure for the provision of health services. The article considers a proposal for an evaluation model that allows to determine weaknesses and vulnerabilities at the security level and quality of service (QoS in mHealth applications. Objective: To carry out an approximation of a model of analysis that supports the decision making, concerning the use and production of safe applications, minimizing the impact and the probability of occurrence of the risks of computer security. Materials and methods: The type of applied research is of a descriptive type, because each one details the characteristics that the mobile health applications must have to achieve an optimum level of safety. The methodology uses the rules that regulate applications and mixes them with techniques of security analysis, using the characterization of risks posed by Open Web Application Security Project-OWASP and the QoS requirements of the International Telecommunication Union-ITU. Results: An effective analysis was obtained in actual current applications, which shows their weaknesses and the aspects to be corrected to comply with appropriate security parameters. Conclusions: The model allows to evaluate the safety and quality of service (QoS requirements of mobile health applications that can be used to evaluate current applications or to generate the criteria before deployment.

  2. DOE Integrated Safeguards and Security (DISS) historical document archival and retrieval analysis, requirements and recommendations

    Energy Technology Data Exchange (ETDEWEB)

    Guyer, H.B.; McChesney, C.A.

    1994-10-07

    The overall primary Objective of HDAR is to create a repository of historical personnel security documents and provide the functionality needed for archival and retrieval use by other software modules and application users of the DISS/ET system. The software product to be produced from this specification is the Historical Document Archival and Retrieval Subsystem The product will provide the functionality to capture, retrieve and manage documents currently contained in the personnel security folders in DOE Operations Offices vaults at various locations across the United States. The long-term plan for DISS/ET includes the requirement to allow for capture and storage of arbitrary, currently undefined, clearance-related documents that fall outside the scope of the ``cradle-to-grave`` electronic processing provided by DISS/ET. However, this requirement is not within the scope of the requirements specified in this document.

  3. Theft of Virtual Property — Towards Security Requirements for Virtual Worlds

    Science.gov (United States)

    Beyer, Anja

    The article is focused to introduce the topic of information technology security for Virtual Worlds to a security experts’ audience. Virtual Worlds are Web 2.0 applications where the users cruise through the world with their individually shaped avatars to find either amusement, challenges or the next best business deal. People do invest a lot of time but beyond they invest in buying virtual assets like fantasy witcheries, wepaons, armour, houses, clothes,...etc with the power of real world money. Although it is called “virtual” (which is often put on the same level as “not existent”) there is a real value behind it. In November 2007 dutch police arrested a seventeen years old teenager who was suspicted to have stolen virtual items in a Virtual World called Habbo Hotel [Reuters07]. In order to successfully provide security mechanisms into Virtual Worlds it is necessarry to fully understand the domain for which the security mechansims are defined. As Virtual Worlds must be clasified into the domain of Social Software the article starts with an overview of how to understand Web 2.0 and gives a short introduction to Virtual Worlds. The article then provides a consideration of assets of Virtual Worlds participants, describes how these assets can be threatened and gives an overview of appopriate security requirements and completes with an outlook of possible countermeasures.

  4. A Guide to Procurement of Trusted Systems: Computer Security Contract Data Requirements List and Data Item Description Tutorial

    Science.gov (United States)

    1994-02-28

    A Guide to Procurement of Trusted Systems: Computer Security Contract Data Requirements List and Data Item Description Tutorial, Volume 3 of 4 in the...Procurement Guideline Series, is written to be used by Federal Agencies to help facilitate the definition of computer security deliverables required

  5. Evaluation and Improvement of Internet Voting Schemes Based on Legally-Founded Security Requirements

    OpenAIRE

    Neumann, Stephan

    2016-01-01

    In recent years, several nations and private associations have introduced Internet voting as additional means to conduct elections. To date, a variety of voting schemes to conduct Internet-based elections have been constructed, both from the scientific community and industry. Because of its fundamental importance to democratic societies, Internet voting – as any other voting method – is bound to high legal standards, particularly imposing security requirements on the voting method. However, t...

  6. NERSC Cyber Security Challenges That Require DOE Development andSupport

    Energy Technology Data Exchange (ETDEWEB)

    Draney, Brent; Campbell, Scott; Walter, Howard

    2007-01-16

    Traditional security approaches do not adequately addressall the requirements of open, scientific computing facilities. Many ofthe methods used for more restricted environments, including almost allcorporate/commercial systems, do not meet the needs of today's science.Use of only the available "state of the practice" commercial methods willhave adverse impact on the ability of DOE to accomplish its sciencegoals, and impacts the productivity of the DOE Science community. Inparticular, NERSC and other high performance computing (HPC) centers havespecial security challenges that are unlikely to be met unless DOE fundsdevelopment and support of reliable and effective tools designed to meetthe cyber security needs of High Performance Science. The securitychallenges facing NERSC can be collected into three basic problem sets:network performance and dynamics, application complexity and diversity,and a complex user community that can have transient affiliations withactual institutions. To address these problems, NERSC proposes thefollowing four general solutions: auditing user and system activityacross sites; firewall port configuration in real time;cross-site/virtual organization identity management and access control;and detecting security issues in application middleware. Solutions arealsoproposed for three general long term issues: data volume,application complexity, and information integration.

  7. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2005-09-01

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was

  8. 19 CFR 149.2 - Importer security filing-requirement, time of transmission, verification of information, update...

    Science.gov (United States)

    2010-04-01

    ... transmission, verification of information, update, withdrawal, compliance date. 149.2 Section 149.2 Customs..., verification of information, update, withdrawal, compliance date. (a) Importer security filing required. For...) Verification of information. Where the party electronically presenting to CBP the Importer Security Filing...

  9. Teaching Case: IS Security Requirements Identification from Conceptual Models in Systems Analysis and Design: The Fun & Fitness, Inc. Case

    Science.gov (United States)

    Spears, Janine L.; Parrish, James L., Jr.

    2013-01-01

    This teaching case introduces students to a relatively simple approach to identifying and documenting security requirements within conceptual models that are commonly taught in systems analysis and design courses. An introduction to information security is provided, followed by a classroom example of a fictitious company, "Fun &…

  10. A Wireless Sensor Network for Hospital Security: From User Requirements to Pilot Deployment

    Directory of Open Access Journals (Sweden)

    Kaseva Ville

    2011-01-01

    Full Text Available Increasing amount of Wireless Sensor Network (WSN applications require low network delays. However, current research on WSNs has mainly concentrated on optimizing energy-efficiency omitting low network delays. This paper presents a novel WSN design targeted at applications requiring low data transfer delays and high reliability. We present the whole design flow from user requirements to an actual pilot deployment in a real hospital unit. The WSN includes multihop low-delay data transfer and energy-efficient mobile nodes reaching lifetime of years with small batteries. The nodes communicate using a low-cost low-power 2.4 GHz radio. The network is used in a security application with which personnel can send alarms in threatening situations. Also, a multitude of sensor measurements and actuator control is possible with the WSN. A full-scale pilot deployment is extensively experimented for performance results. Currently, the pilot network is in use at the hospital.

  11. 76 FR 15874 - Beneficial Ownership Reporting Requirements and Security-Based Swaps

    Science.gov (United States)

    2011-03-22

    ... (202) 551-3500, Division of Corporation Finance, U.S. Securities and Exchange Commission, 100 F Street...) analysis, such as counting beneficial ownership of those derivative securities exercisable or convertible... equity securities through the exercise or conversion of any derivative security, whether or not presently...

  12. 76 FR 34579 - Beneficial Ownership Reporting Requirements and Security-Based Swaps

    Science.gov (United States)

    2011-06-14

    ... (202) 551-3500, Division of Corporation Finance, U.S. Securities and Exchange Commission, 100 F Street... underlying derivative securities exercisable or convertible within 60 days,\\37\\ is imported into the ten... securities through the exercise or conversion of any derivative security, whether or not presently...

  13. AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

    Directory of Open Access Journals (Sweden)

    JAE-GU SONG

    2013-10-01

    Full Text Available Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

  14. Resolving vulnerability identification errors using security requirements on business process models

    OpenAIRE

    Taubenberger, Stefan; Jurjens, Jan; Yu, Yijun; Nuseibeh, Bashar

    2013-01-01

    Purpose - In any information security risk assessment, vulnerabilities are usually identified by information-gathering techniques. However, vulnerability identification errors - wrongly identified or unidentified vulnerabilities - can occur as uncertain data are used. Furthermore, businesses’ security needs are not considered sufficiently. Hence, security functions may not protect business assets sufficiently and cost-effectively.\\ud \\ud Design/methodology/approach - This paper aims to resolv...

  15. Knowledge Base for an Intelligent System in order to Identify Security Requirements for Government Agencies Software Projects

    Directory of Open Access Journals (Sweden)

    Adán Beltrán G.

    2016-01-01

    Full Text Available It has been evidenced that one of the most common causes in the failure of software security is the lack of identification and specification of requirements for information security, it is an activity with an insufficient importance in the software development or software acquisition We propose the knowledge base of CIBERREQ. CIBERREQ is an intelligent knowledge-based system used for the identification and specification of security requirements in the software development cycle or in the software acquisition. CIBERREQ receives functional software requirements written in natural language and produces non-functional security requirements through a semi-automatic process of risk management. The knowledge base built is formed by an ontology developed collaboratively by experts in information security. In this process has been identified six types of assets: electronic data, physical data, hardware, software, person and service; as well as six types of risk: competitive disadvantage, loss of credibility, economic risks, strategic risks, operational risks and legal sanctions. In addition there are defined 95 vulnerabilities, 24 threats, 230 controls, and 515 associations between concepts. Additionally, automatic expansion was used with Wikipedia for the asset types Software and Hardware, obtaining 7125 and 5894 software and hardware subtypes respectively, achieving thereby an improvement of 10% in the identification of the information assets candidates, one of the most important phases of the proposed system.

  16. Strategic information security

    CERN Document Server

    Wylder, John

    2003-01-01

    Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

  17. Security and functional requirements for the smart meter gateway; Sicherheitstechnische Vorgaben und funktionale Anforderungen an das Smart Meter Gateway

    Energy Technology Data Exchange (ETDEWEB)

    Bast, Holger; Vollmer, Stefan [Bundesamt fuer Sicherheit in der Informationstechnik, Bonn (Germany)

    2012-07-01

    The availability of smart metering for the majority of both private and corporate prosumers is an essential precondition to get smart grids into operation. However, several concerns about data protection and security issues of smart meters have been raised and discussed in German media. The German Federal Data Protection Commissioner argued that without any further precautions personal data processed in smart meters could be collected and misused by unauthorized third parties if there is no technical standard that specifies technical requirements for necessary data security functions combined with regulatory instruments to make them mandatory. The German Federal Office for Information Security develops a protection profile based on Common Criteria and Technical Guidelines that allow a comparable security certification of such devices. (orig.)

  18. Minimum Lateral Bone Coverage Required for Securing Fixation of Cementless Acetabular Components in Hip Dysplasia

    Directory of Open Access Journals (Sweden)

    Masanori Fujii

    2017-01-01

    Full Text Available Objectives. To determine the minimum lateral bone coverage required for securing stable fixation of the porous-coated acetabular components (cups in hip dysplasia. Methods. In total, 215 primary total hip arthroplasties in 199 patients were reviewed. The average follow-up period was 49 months (range: 24–77 months. The lateral bone coverage of the cups was assessed by determining the cup center-edge (cup-CE angle and the bone coverage index (BCI from anteroposterior pelvic radiographs. Further, cup fixation was determined using the modified DeLee and Charnley classification system. Results. All cups were judged to show stable fixation by bone ingrowth. The cup-CE angle was less than 0° in 7 hips (3.3% and the minimum cup-CE angle was −9.2° (BCI: 48.8%. Thin radiolucent lines were observed in 5 hips (2.3%, which were not associated with decreased lateral bone coverage. Loosening, osteolysis, dislocation, or revision was not observed in any of the cases during the follow-up period. Conclusion. A cup-CE angle greater than −10° (BCI > 50% was acceptable for stable bony fixation of the cup. Considering possible errors in manual implantation, we recommend that the cup position be planned such that the cup-CE angle is greater than 0° (BCI > 60%.

  19. 77 FR 52692 - NIST Federal Information Processing Standard (FIPS) 140-3 (Second Draft), Security Requirements...

    Science.gov (United States)

    2012-08-30

    ... may be sent to: Chief, Computer Security Division, Information Technology Laboratory, Attention: Dr... Security Division, 100 Bureau Drive, Mail Stop 8930, National Institute of Standards and Technology... standard, but suggested technical modifications to address advances in technology that had occurred after...

  20. 75 FR 10973 - Hazardous Materials: Risk-Based Adjustment of Transportation Security Plan Requirements

    Science.gov (United States)

    2010-03-09

    ... dangerous goods for which enhanced security measures are recommended in the United Nations Model Regulations on the Transport of Dangerous Goods (UN Recommendations). The recommended security measures include... Recommendations define high consequence dangerous goods as materials with the ``potential for mis-use in a...

  1. Identification of the Required Security Practices during e-Government Maturity

    Science.gov (United States)

    Shayan, Ali; Abdi, Behnam; Qeisari, Malihe

    In spite of the e-government benefits, there are some problems during its successful implementation. One of which is information security issues. In this paper, attempts will be made to illustrate the main practices of information security management in each stage of e-government maturity. This study is based on Delphi technique which carried out in two rounds. Based on the literature, a questionnaire was developed and distributed among 38 experts in the first round. In the second round, 12 experts participated. The IQR (Interquartile ranges) was calculated and it founds that the consensus is convenient. According to the results, trends can be depicted in the security practices which have implications for security vision, policies and practices during e-government maturity. The findings suggest that dealing with few aspects is not sufficient, and comprehensive integrated system of information security management should be regarded according to the specific circumstances of the organizations.

  2. Human resources requirements for diabetic patients healthcare in primary care clinics of the Mexican Institute of Social Security

    OpenAIRE

    Doubova, Svetlana V; Claudine Ramírez-Sánchez; Alejandro Figueroa-Lara; Ricardo Pérez-Cuevas

    2013-01-01

    Objective. To estimate the requirements of human resources (HR) of two models of care for diabetes patients: conventional and specific, also called DiabetIMSS, which are provided in primary care clinics of the Mexican Institute of Social Security (IMSS). Materials and methods. An evaluative research was conducted. An expert group identified the HR activities and time required to provide healthcare consistent with the best clinical practices for diabetic patients. HR were estimated by using th...

  3. Maritime supply chain security: Navigating through a sea of compliance requirements

    Directory of Open Access Journals (Sweden)

    Emma Maspero

    2008-11-01

    Full Text Available As a direct result of the 9-11 New York attack all modes of freight and passengertransportation were scrutinised for vulnerabilities. Over 90% of international trade takes place via sea transport for at least some part of the supply chain and as a result there has been a drive to better secure maritime transportation. This paper outlines the background to and the rationale behind the most important of the new security measures for maritime transportation and provides an overview of the likely implications for supply chain role-players. In addition the paper endeavours to create awareness of the importance of maritime supply chain security.

  4. The Requirement of a Positive Definite Covariance Matrix of Security Returns for Mean-Variance Portfolio Analysis: A Pedagogic Illustration

    Directory of Open Access Journals (Sweden)

    Clarence C. Y. Kwan

    2010-07-01

    Full Text Available This study considers, from a pedagogic perspective, a crucial requirement for the covariance matrix of security returns in mean-variance portfolio analysis. Although the requirement that the covariance matrix be positive definite is fundamental in modern finance, it has not received any attention in standard investment textbooks. Being unaware of the requirement could cause confusion for students over some strange portfolio results that are based on seemingly reasonable input parameters. This study considers the requirement both informally and analytically. Electronic spreadsheet tools for constrained optimization and basic matrix operations are utilized to illustrate the various concepts involved.

  5. Technology transfer of dynamic IT outsourcing requires security measures in SLAs

    OpenAIRE

    Dickmann, Frank; Brodhun, Maximilian; Falkner, Jürgen; Knoch, Tobias; Sax, Ulrich

    2010-01-01

    textabstractFor the present efforts in dynamic IT outsourcing environments like Grid or Cloud computing security and trust are ongoing issues. SLAs are a proved remedy to build up trust in outsourcing relations. Therefore, it is necessary to determine whether SLAs can improve trust from the perspective of the outsourcing customer by integration of security measures. The conducted survey indicates that customers see SLAs as an approach to increase their level of trust in IT outsourcing partner...

  6. LTE security

    CERN Document Server

    Forsberg, Dan; Moeller, Wolf-Dietrich

    2010-01-01

    Addressing the security solutions for LTE, a cellular technology from Third Generation Partnership Project (3GPP), this book shows how LTE security substantially extends GSM and 3G security. It also encompasses the architectural aspects, known as SAE, to give a comprehensive resource on the topic. Although the security for SAE/LTE evolved from the security for GSM and 3G, due to different architectural and business requirements of fourth generation systems the SAE/LTE security architecture is substantially different from its predecessors. This book presents in detail the security mechanisms em

  7. Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production

    DEFF Research Database (Denmark)

    Coles, Graeme D; Wratten, Stephen D; Porter, John Roy

    2016-01-01

    and nutritional security will largely be an outcome of national or regional agroeconomies addressing their own food needs. We hope that our model will be used for similar analyses of food production systems in other countries, agroecological zones and economies.......Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively...... with an accompanying economic analysis of commercially-available, pre-prepared or simply-cooked foods that can be produced from our case-study crop and animal products. We calculate the per-person, per-day cost of both quality-corrected protein and dietary energy as provided in the processed foods. We conclude...

  8. 75 FR 65881 - Ownership Limitations and Governance Requirements for Security-Based Swap Clearing Agencies...

    Science.gov (United States)

    2010-10-26

    ... structures relating to ownership, voting, and governance of security- based swap clearing agencies, SB SEFs... Internet comment form ( http://www.sec.gov/rules/proposed.shtml ); or Send an e-mail to [email protected] the Commission's Internet Web site ( http://www.sec.gov/rules/proposed.shtml ). Comments are also...

  9. Requirements, model and prototype for a multi-utility locational and security information hub.

    Science.gov (United States)

    2015-11-01

    This project lays the foundation for building an exchange hub for locational and security data and risk assessment of potential excavation work. It acts primarily at 2 stages: upstream of the mark-out process, as a decision support tool to help strea...

  10. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. In this paper, we present a Risk-Based

  11. Technology transfer of dynamic IT outsourcing requires security measures in SLAs

    NARCIS (Netherlands)

    F. Dickmann (Frank); M. Brodhun (Maximilian); J. Falkner (Jürgen); T.A. Knoch (Tobias); U. Sax (Ulrich)

    2010-01-01

    textabstractFor the present efforts in dynamic IT outsourcing environments like Grid or Cloud computing security and trust are ongoing issues. SLAs are a proved remedy to build up trust in outsourcing relations. Therefore, it is necessary to determine whether SLAs can improve trust from the

  12. 75 FR 31273 - Social Security Administration Implementation of OMB Guidance for Drug-Free Workplace Requirements

    Science.gov (United States)

    2010-06-03

    ... 20 CFR Part 439 RIN 0960-AH14 Social Security Administration Implementation of OMB Guidance for Drug... at http://www.gpoaccess.gov/fr/index.html . Background Congress passed the Drug-Free Workplace Act of... as it applied to grants. 54 FR 4946, January 31, 1989. The agencies issued a final common rule after...

  13. 49 CFR 1572.9 - Applicant information required for HME security threat assessment.

    Science.gov (United States)

    2010-10-01

    ... governmental authorities in accordance with law and international agreement. (d) The applicant must certify and... endorsement for a commercial driver's license. Furnishing this information, including your SSN or alien... relating to the security threat assessments; to appropriate governmental agencies for licensing, law...

  14. Human resources requirements for diabetic patients healthcare in primary care clinics of the Mexican Institute of Social Security

    Directory of Open Access Journals (Sweden)

    Svetlana V Doubova

    2013-11-01

    Full Text Available Objective. To estimate the requirements of human resources (HR of two models of care for diabetes patients: conventional and specific, also called DiabetIMSS, which are provided in primary care clinics of the Mexican Institute of Social Security (IMSS. Materials and methods. An evaluative research was conducted. An expert group identified the HR activities and time required to provide healthcare consistent with the best clinical practices for diabetic patients. HR were estimated by using the evidence-based adjusted service target approach for health workforce planning; then, comparisons between existing and estimated HRs were made. Results. To provide healthcare in accordance with the patients’ metabolic control, the conventional model required increasing the number of family doctors (1.2 times nutritionists (4.2 times and social workers (4.1 times. The DiabetIMSS model requires greater increase than the conventional model. Conclusions. Increasing HR is required to provide evidence-based healthcare to diabetes patients.

  15. [Human resources requirements for diabetic patients healthcare in primary care clinics of the Mexican Institute of Social Security].

    Science.gov (United States)

    Doubova, Svetlana V; Ramírez-Sánchez, Claudine; Figueroa-Lara, Alejandro; Pérez-Cuevas, Ricardo

    2013-12-01

    To estimate the requirements of human resources (HR) of two models of care for diabetes patients: conventional and specific, also called DiabetIMSS, which are provided in primary care clinics of the Mexican Institute of Social Security (IMSS). An evaluative research was conducted. An expert group identified the HR activities and time required to provide healthcare consistent with the best clinical practices for diabetic patients. HR were estimated by using the evidence-based adjusted service target approach for health workforce planning; then, comparisons between existing and estimated HRs were made. To provide healthcare in accordance with the patients' metabolic control, the conventional model required increasing the number of family doctors (1.2 times) nutritionists (4.2 times) and social workers (4.1 times). The DiabetIMSS model requires greater increase than the conventional model. Increasing HR is required to provide evidence-based healthcare to diabetes patients.

  16. Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems

    OpenAIRE

    JPC Rodrigues, Joel; de la Torre, Isabel; Fern?ndez, Gonzalo; L?pez-Coronado, Miguel

    2013-01-01

    Background The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients? medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the pr...

  17. Strengthening global health security by embedding the International Health Regulations requirements into national health systems.

    Science.gov (United States)

    Kluge, Hans; Martín-Moreno, Jose Maria; Emiroglu, Nedret; Rodier, Guenael; Kelley, Edward; Vujnovic, Melitta; Permanand, Govin

    2018-01-01

    The International Health Regulations (IHR) 2005, as the overarching instrument for global health security, are designed to prevent and cope with major international public health threats. But poor implementation in countries hampers their effectiveness. In the wake of a number of major international health crises, such as the 2014 Ebola and 2016 Zika outbreaks, and the findings of a number of high-level assessments of the global response to these crises, it has become clear that there is a need for more joined-up thinking between health system strengthening activities and health security efforts for prevention, alert and response. WHO is working directly with its Member States to promote this approach, more specifically around how to better embed the IHR (2005) core capacities into the main health system functions. This paper looks at how and where the intersections between the IHR and the health system can be best leveraged towards developing greater health system resilience. This merging of approaches is a key component in pursuit of Universal Health Coverage and strengthened global health security as two mutually reinforcing agendas.

  18. 49 CFR 1542.201 - Security of the secured area.

    Science.gov (United States)

    2010-10-01

    ... SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Operations § 1542.201 Security of the secured area. (a) Each airport operator required to have a security... 49 Transportation 9 2010-10-01 2010-10-01 false Security of the secured area. 1542.201 Section...

  19. 17 CFR Appendix B to Part 30 - Interpretative Statement With Respect to the Secured Amount Requirement Set Forth in § 30.7

    Science.gov (United States)

    2010-04-01

    ... Respect to the Secured Amount Requirement Set Forth in § 30.7 B Appendix B to Part 30 Commodity and... Requirement Set Forth in § 30.7 1. Rule 30.7 requires FCMs who accept money, securities or property from... herein as “Rule 30.10 firms”) must make certain representations set forth in the Rule 30.10 order issued...

  20. Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production.

    Science.gov (United States)

    Coles, Graeme D; Wratten, Stephen D; Porter, John R

    2016-01-01

    Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively, requirements for high-quality protein are met more efficiently by animal production from such land. We present a model that can be used to assess dietary energy and quality-corrected protein production from various crop and crop/animal production systems, and demonstrate its utility. We extend our analysis with an accompanying economic analysis of commercially-available, pre-prepared or simply-cooked foods that can be produced from our case-study crop and animal products. We calculate the per-person, per-day cost of both quality-corrected protein and dietary energy as provided in the processed foods. We conclude that mixed dairy/cropping systems provide the greatest quantity of high-quality protein per unit price to the consumer, have the highest food energy production and can support the dietary requirements of the highest number of people, when assessed as all-year-round production systems. Global food and nutritional security will largely be an outcome of national or regional agroeconomies addressing their own food needs. We hope that our model will be used for similar analyses of food production systems in other countries, agroecological zones and economies.

  1. Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production

    Directory of Open Access Journals (Sweden)

    Graeme D. Coles

    2016-07-01

    Full Text Available Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively, requirements for high-quality protein are met more efficiently by animal production from such land. We present a model that can be used to assess dietary energy and quality-corrected protein production from various crop and crop/animal production systems, and demonstrate its utility. We extend our analysis with an accompanying economic analysis of commercially-available, pre-prepared or simply-cooked foods that can be produced from our case-study crop and animal products. We calculate the per-person, per-day cost of both quality-corrected protein and dietary energy as provided in the processed foods. We conclude that mixed dairy/cropping systems provide the greatest quantity of high-quality protein per unit price to the consumer, have the highest food energy production and can support the dietary requirements of the highest number of people, when assessed as all-year-round production systems. Global food and nutritional security will largely be an outcome of national or regional agroeconomies addressing their own food needs. We hope that our model will be used for similar analyses of food production systems in other countries, agroecological zones and economies.

  2. 78 FR 78470 - Registration and Financial Security Requirements for Freight Forwarders; International...

    Science.gov (United States)

    2013-12-26

    ...) household goods (HHG) program from the $75,000 bond requirement at 49 CFR 387.403(c). FMCSA promulgated this... household goods from certain FMC licensing requirements. Institution of Proceeding and Request for Comments...

  3. 78 FR 78472 - Registration and Financial Security Requirements for Brokers of Property and Freight Forwarders...

    Science.gov (United States)

    2013-12-26

    ... the upper right hand side of the screen. Then, in the ``Keyword'' box, insert ``FMCSA-2013-0513'' and... changing market demands and the diverse requirements of the shipping and traveling public. . . .'' 49 U.S.C... higher bond requirement, AIPBA believes the new requirement will serve as a barrier to entry into the...

  4. Node security

    CERN Document Server

    Barnes, Dominic

    2013-01-01

    A practical and fast-paced guide that will give you all the information you need to secure your Node applications.If you are a developer who wishes to secure your Node applications, whether you are already using Node Security in production, or are considering using it for your next project, then this book will enable you to ensure security of your applications. An understanding of JavaScript is a prerequisite, and some experience with Node is recommended, though not required.

  5. Analysis of ISO NE Balancing Requirements: Uncertainty-based Secure Ranges for ISO New England Dynamic Inerchange Adjustments

    Energy Technology Data Exchange (ETDEWEB)

    Etingov, Pavel V.; Makarov, Yuri V.; Wu, Di; Hou, Zhangshuan; Sun, Yannan; Maslennikov, S.; Luo, X.; Zheng, T.; George, S.; Knowland, T.; Litvinov, E.; Weaver, S.; Sanchez, E.

    2013-01-31

    The document describes detailed uncertainty quantification (UQ) methodology developed by PNNL to estimate secure ranges of potential dynamic intra-hour interchange adjustments in the ISO-NE system and provides description of the dynamic interchange adjustment (DINA) tool developed under the same contract. The overall system ramping up and down capability, spinning reserve requirements, interchange schedules, load variations and uncertainties from various sources that are relevant to the ISO-NE system are incorporated into the methodology and the tool. The DINA tool has been tested by PNNL and ISO-NE staff engineers using ISO-NE data.

  6. 78 FR 77606 - Security Requirements for Facilities Storing Spent Nuclear Fuel

    Science.gov (United States)

    2013-12-24

    ... Fuel AGENCY: Nuclear Regulatory Commission. ACTION: Draft regulatory basis; availability of responses... requirements for storing spent nuclear fuel (SNF) in an independent spent fuel storage installation (ISFSI...

  7. Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey

    Directory of Open Access Journals (Sweden)

    Mohamed S. Abdalzaher

    2016-06-01

    Full Text Available We present a study of using game theory for protecting wireless sensor networks (WSNs from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs.

  8. Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey.

    Science.gov (United States)

    Abdalzaher, Mohamed S; Seddik, Karim; Elsabrouty, Maha; Muta, Osamu; Furukawa, Hiroshi; Abdel-Rahman, Adel

    2016-06-29

    We present a study of using game theory for protecting wireless sensor networks (WSNs) from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs.

  9. Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey

    Science.gov (United States)

    Abdalzaher, Mohamed S.; Seddik, Karim; Elsabrouty, Maha; Muta, Osamu; Furukawa, Hiroshi; Abdel-Rahman, Adel

    2016-01-01

    We present a study of using game theory for protecting wireless sensor networks (WSNs) from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs. PMID:27367700

  10. 78 FR 54720 - Registration and Financial Security Requirements for Brokers of Property and Freight Forwarders

    Science.gov (United States)

    2013-09-05

    ...)(3), a broker of household goods (HHG) who engages in interstate operations without the required....403 require household goods freight forwarders to obtain cargo insurance in the amount of $5,000 for loss of, or damage to, household goods carried on any one motor vehicle; and $10,000 for loss of, or...

  11. Improving Deterministic Reserve Requirements for Security Constrained Unit Commitment and Scheduling Problems in Power Systems

    Science.gov (United States)

    Wang, Fengyu

    Traditional deterministic reserve requirements rely on ad-hoc, rule of thumb methods to determine adequate reserve in order to ensure a reliable unit commitment. Since congestion and uncertainties exist in the system, both the quantity and the location of reserves are essential to ensure system reliability and market efficiency. The modeling of operating reserves in the existing deterministic reserve requirements acquire the operating reserves on a zonal basis and do not fully capture the impact of congestion. The purpose of a reserve zone is to ensure that operating reserves are spread across the network. Operating reserves are shared inside each reserve zone, but intra-zonal congestion may block the deliverability of operating reserves within a zone. Thus, improving reserve policies such as reserve zones may improve the location and deliverability of reserve. As more non-dispatchable renewable resources are integrated into the grid, it will become increasingly difficult to predict the transfer capabilities and the network congestion. At the same time, renewable resources require operators to acquire more operating reserves. With existing deterministic reserve requirements unable to ensure optimal reserve locations, the importance of reserve location and reserve deliverability will increase. While stochastic programming can be used to determine reserve by explicitly modelling uncertainties, there are still scalability as well as pricing issues. Therefore, new methods to improve existing deterministic reserve requirements are desired. One key barrier of improving existing deterministic reserve requirements is its potential market impacts. A metric, quality of service, is proposed in this thesis to evaluate the price signal and market impacts of proposed hourly reserve zones. Three main goals of this thesis are: 1) to develop a theoretical and mathematical model to better locate reserve while maintaining the deterministic unit commitment and economic dispatch

  12. Regional, national and international security requirements for the transport of nuclear cargo by sea

    Energy Technology Data Exchange (ETDEWEB)

    Booker, P.A.; Barnwell, I. [Marine Operations, BNFL International Transport and British Nuclear Group Security (United Kingdom)

    2004-07-01

    Since the beginning of the nuclear age in the 1940's, the world has focused on the immense possibilities of nuclear power with both its destructive and productive capabilities. The civil nuclear industry in the UK, as in most nuclear weapons states, grew from the military facilities built in the post war years under the political climate of the Cold War. In the early years of the industry, civil and defence nuclear facilities were inextricably linked both in public perceptions and the regulatory infrastructure under which they operated. The nuclear arms race and the spread of communism overshadowed people's perceptions of there being two separate uses of nuclear material. This was a double edged sword which initially allowed the industry to develop largely unhindered by public concerns but latterly meant the industry could not break away from its roots and to many is still perceived as a dangerous and destructive force. Regulatory frameworks governing all aspects of the industry have developed both nationally and internationally driven by valid public concerns, political agendas and an international consensus that the unregulated use of nuclear material has catastrophic possibilities on an international scale. With the internationalisation of the civil nuclear industry and the costs associated with developing facilities to fully support each stage of the fuel cycle, from enrichment, fuel manufacturing, reprocessing and waste remediation, it became inevitable that a transport infrastructure would develop to make best use of the facilities. Regulations, both national and international are implicit in ensuring the security of nuclear material in transit. Due to the physical size of many of the irradiated fuel packages and implications of the changes to transport safety regulations, international transports of nuclear material, other than within mainland Europe, is predominantly carried out by sea.

  13. 76 FR 65542 - N.S. Savannah; Exemption From Certain Security Requirements

    Science.gov (United States)

    2011-10-21

    ... purpose of the rule. Additionally, as has been noted at other decommissioning nuclear power facilities... licensees. The NRC became aware that some Part 50 licensees with facilities in decommissioning status did... licensees with facilities in decommissioning status and other stakeholders that the requirements of 10 CFR...

  14. 14 CFR 1274.937 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-01-01

    ... systems include, for example, those that can transmit commands directly modifying the behavior of..., for example, those that can transmit commands directly modifying the behavior of payloads on... ethics, and best practices in accordance with NPG 2810.1, Section 4.3 requirements. The Recipient may use...

  15. 48 CFR 1352.237-71 - Security processing requirements-low risk contracts.

    Science.gov (United States)

    2010-10-01

    ... includes an Immigration and Customs Enforcement agency check. (e) Additional Requirements for Foreign...) must undergo a NACI that includes an agency check conducted by the Immigration and Customs Enforcement... Customs Enforcement SAC on Form OFI-86C, by checking Block #7, Item I. In Block 13, the Sponsor should...

  16. 48 CFR 1352.239-72 - Security requirements for information technology resources.

    Science.gov (United States)

    2010-10-01

    ... information (data). Information technology services include, but are not limited to, the management, operation... comply with the requirements contained in the DOC Information Technology Management Handbook (see DOC..., including project management information (at a minimum the tasks, resources, and milestones) for the...

  17. 15 CFR 744.11 - License requirements that apply to entities acting contrary to the national security or foreign...

    Science.gov (United States)

    2010-01-01

    ... entities acting contrary to the national security or foreign policy interests of the United States. 744.11... national security or foreign policy interests of the United States. BIS may impose foreign policy export... of being or becoming involved in activities that are contrary to the national security or foreign...

  18. Perceptions of self-drive tourists along the Alaska-Canada border toward the increased security requirements of the western hemisphere travel initiative

    Science.gov (United States)

    Nicholas Palso

    2009-01-01

    This study explores the attitudes and feelings of self-drive tourists who cross the Alaska-Canada border about the increased security requirements of the Western Hemisphere Travel Initiative (WHTI), and how such attitudes and feelings may impact the tourism industry in this region. Results of a 2007 survey suggest that implementation of passport requirements will have...

  19. Information security fundamentals

    CERN Document Server

    Peltier, Thomas R

    2013-01-01

    Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise's effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.The book examines the elements of computer security, employee roles and r

  20. Security for grids

    Energy Technology Data Exchange (ETDEWEB)

    Humphrey, Marty; Thompson, Mary R.; Jackson, Keith R.

    2005-08-14

    Securing a Grid environment presents a distinctive set of challenges. This paper groups the activities that need to be secured into four categories: naming and authentication; secure communication; trust, policy, and authorization; and enforcement of access control. It examines the current state of the art in securing these processes and introduces new technologies that promise to meet the security requirements of Grids more completely.

  1. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study.

    Science.gov (United States)

    Manion, Frank J; Robbins, Robert J; Weems, William A; Crowley, Rebecca S

    2009-06-15

    Data protection is important for all information systems that deal with human-subjects data. Grid-based systems--such as the cancer Biomedical Informatics Grid (caBIG)--seek to develop new mechanisms to facilitate real-time federation of cancer-relevant data sources, including sources protected under a variety of regulatory laws, such as HIPAA and 21CFR11. These systems embody new models for data sharing, and hence pose new challenges to the regulatory community, and to those who would develop or adopt them. These challenges must be understood by both systems developers and system adopters. In this paper, we describe our work collecting policy statements, expectations, and requirements from regulatory decision makers at academic cancer centers in the United States. We use these statements to examine fundamental assumptions regarding data sharing using data federations and grid computing. An interview-based study of key stakeholders from a sample of US cancer centers. Interviews were structured, and used an instrument that was developed for the purpose of this study. The instrument included a set of problem scenarios--difficult policy situations that were derived during a full-day discussion of potentially problematic issues by a set of project participants with diverse expertise. Each problem scenario included a set of open-ended questions that were designed to elucidate stakeholder opinions and concerns. Interviews were transcribed verbatim and used for both qualitative and quantitative analysis. For quantitative analysis, data was aggregated at the individual or institutional unit of analysis, depending on the specific interview question. Thirty-one (31) individuals at six cancer centers were contacted to participate. Twenty-four out of thirty-one (24/31) individuals responded to our request- yielding a total response rate of 77%. Respondents included IRB directors and policy-makers, privacy and security officers, directors of offices of research, information

  2. Information Security Maturity Model

    OpenAIRE

    Information Security Maturity Model

    2011-01-01

    To ensure security, it is important to build-in security in both the planning and the design phases andadapt a security architecture which makes sure that regular and security related tasks, are deployedcorrectly. Security requirements must be linked to the business goals. We identified four domains thataffect security at an organization namely, organization governance, organizational culture, thearchitecture of the systems, and service management. In order to identify and explore the strengt...

  3. Quality of Security Service: Adaptive Security

    National Research Council Canada - National Science Library

    Levin, Timothy E; Irvine, Cynthia E; Spyropoulou, Evdoxia

    2004-01-01

    The premise of Quality of Security Service is that system and network management functions can be more effective if variable levels of security services and requirements can be presented to users or network tasks...

  4. Security during the Construction of New Nuclear Power Plants: Technical Basis for Access Authorization and Fitness-For-Duty Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Branch, Kristi M.; Baker, Kathryn A.

    2009-09-01

    A technical letter report to the NRC summarizing the findings of a benchmarking study, literature review, and workshop with experts on current industry standards and expert judgments about needs for security during the construction phase of critical infrastructure facilities in the post-September 11 U.S. context, with a special focus on the construction phase of nuclear power plants and personnel security measures.

  5. Junos Security

    CERN Document Server

    Cameron, Rob; Giecco, Patricio; Eberhard, Timothy; Quinn, James

    2010-01-01

    Junos® Security is the complete and authorized introduction to the new Juniper Networks SRX hardware series. This book not only provides a practical, hands-on field guide to deploying, configuring, and operating SRX, it also serves as a reference to help you prepare for any of the Junos Security Certification examinations offered by Juniper Networks. Network administrators and security professionals will learn how to use SRX Junos services gateways to address an array of enterprise data network requirements -- including IP routing, intrusion detection, attack mitigation, unified threat manag

  6. Unix Security Cookbook

    Science.gov (United States)

    Rehan, S. C.

    This document has been written to help Site Managers secure their Unix hosts from being compromised by hackers. I have given brief introductions to the security tools along with downloading, configuring and running information. I have also included a section on my recommendations for installing these security tools starting from an absolute minimum security requirement.

  7. Protecting America's economy, environment, health, and security against invasive species requires a strong federal program in systematic biology

    Science.gov (United States)

    Hilda Diaz-Soltero; Amy Y. Rossman

    2011-01-01

    Systematics is the science that identifies and groups organisms by understanding their origins, relationships, and distributions. It is fundamental to understanding life on earth, our crops, wildlife, and diseases, and it provides the scientific foundation to recognize and manage invasive species. Protecting America's economy, environment, health, and security...

  8. FOOD SECURITY

    Directory of Open Access Journals (Sweden)

    Dorina Ardelean

    2013-12-01

    Full Text Available The assurance of food security at the individual level doesn’t implicitly provide for the one at family level as the concepts of hunger, malnutrition and food insecurity are the steps of the same process of access restricted to a sufficient supply of food. In order to achieve food security at the individual level the following is necessary: ensuring food availability (production, reserve stocks; redistribution of food availability within the country or out through international exchanges; effective access of the population to purchase food consumer goods, by ensuring its effective demand as required. Food security of families (FFS is required for assuring individual food security (IFS, but it is not sufficient because the food available may be unevenly distributed between family members. National food security (NFS corresponds to the possibilities that different countries have to ensure both FFS and IFS without sacrificing other important objectives. Under the name of GAS is defined the global food security which represents permanent access for the entire population of the globe to the necessary food for a healthy and active life.

  9. Secure portal.

    Energy Technology Data Exchange (ETDEWEB)

    Nelson, Cynthia Lee

    2007-09-01

    There is a need in security systems to rapidly and accurately grant access of authorized personnel to a secure facility while denying access to unauthorized personnel. In many cases this role is filled by security personnel, which can be very costly. Systems that can perform this role autonomously without sacrificing accuracy or speed of throughput are very appealing. To address the issue of autonomous facility access through the use of technology, the idea of a ''secure portal'' is introduced. A secure portal is a defined zone where state-of-the-art technology can be implemented to grant secure area access or to allow special privileges for an individual. Biometric technologies are of interest because they are generally more difficult to defeat than technologies such as badge swipe and keypad entry. The biometric technologies selected for this concept were facial and gait recognition. They were chosen since they require less user cooperation than other biometrics such as fingerprint, iris, and hand geometry and because they have the most potential for flexibility in deployment. The secure portal concept could be implemented within the boundaries of an entry area to a facility. As a person is approaching a badge and/or PIN portal, face and gait information can be gathered and processed. The biometric information could be fused for verification against the information that is gathered from the badge. This paper discusses a facial recognition technology that was developed for the purposes of providing high verification probabilities with low false alarm rates, which would be required of an autonomous entry control system. In particular, a 3-D facial recognition approach using Fisher Linear Discriminant Analysis is described. Gait recognition technology, based on Hidden Markov Models has been explored, but those results are not included in this paper. Fusion approaches for combining the results of the biometrics would be the next step in realizing

  10. Protein security and food security in China

    Directory of Open Access Journals (Sweden)

    Zheng RUAN,Shumei MI,Yan ZHOU,Zeyuan DENG,Xiangfeng KONG,Tiejun LI,Yulong YIN

    2015-06-01

    Full Text Available Food security, the need to meet nutritional requirements, and four main problems for food protein security in China are analyzed. From the perspective of residentsrsquo; nutritional requirements and balanced dietary patterns, the conclusion is that food security in China is in essence dependent on protein production and security of supply and that fat and carbohydrates supply in China can reach self-sufficiency. Considering the situation of food protein production and consumption in China, policy suggestions are made, which could ensure a balanced supply and demand for food protein and food security in China.

  11. Data security in genomics: A review of Australian privacy requirements and their relation to cryptography in data storage.

    Science.gov (United States)

    Schlosberg, Arran

    2016-01-01

    The advent of next-generation sequencing (NGS) brings with it a need to manage large volumes of patient data in a manner that is compliant with both privacy laws and long-term archival needs. Outside of the realm of genomics there is a need in the broader medical community to store data, and although radiology aside the volume may be less than that of NGS, the concepts discussed herein are similarly relevant. The relation of so-called "privacy principles" to data protection and cryptographic techniques is explored with regards to the archival and backup storage of health data in Australia, and an example implementation of secure management of genomic archives is proposed with regards to this relation. Readers are presented with sufficient detail to have informed discussions - when implementing laboratory data protocols - with experts in the fields.

  12. Leadership in organizations with high security and reliability requirements; Liderazgo en organizaciones con altos requisitos de seguridad y fiabilidad

    Energy Technology Data Exchange (ETDEWEB)

    Gonzalez, F.

    2013-07-01

    Developing leadership skills in organizations is the key to ensure the sustain ability of excellent results in industries with high requirements safety and reliability. In order to have a model of leadership development specific to this type of organizations, Tecnatom in 2011, we initiated a project internal, to find and adapt a competency model to these requirements.

  13. Microsoft Azure security

    CERN Document Server

    Freato, Roberto

    2015-01-01

    This book is intended for Azure administrators who want to understand the application of security principles in distributed environments and how to use Azure to its full capability to reduce the risks of security breaches. Only basic knowledge of the security processes and services of Microsoft Azure is required.

  14. Learning Puppet security

    CERN Document Server

    Slagle, Jason

    2015-01-01

    If you are a security professional whose workload is increasing, or a Puppet professional looking to increase your knowledge of security, or even an experienced systems administrator, then this book is for you. This book will take you to the next level of security automation using Puppet. The book requires no prior knowledge of Puppet to get started.

  15. Arguing Against Security Communitarianism

    DEFF Research Database (Denmark)

    Bilgin, Pinar

    2016-01-01

    as a particular approach that seeks to limit the scope of security to one’s community – be it the ‘nation-state’ or ‘civilization’. I will suggest that arguing against ‘security communitarianism’ requires paying further attention to the postcolonial critique of cosmopolitanism.......Anthony Burke’s ‘security cosmopolitanism’ is a fresh and thought-provoking contribution to critical theorizing about security. In this discussion piece, I would like to join Burke’s call for ‘security cosmopolitanism’ by way of arguing against ‘security communitarianism’. I understand the latter...

  16. Homeland Security

    Science.gov (United States)

    Provides an overview of EPA's homeland security roles and responsibilities, and links to specific homeland security issues: water security, research, emergency response, recovery, and waste management.

  17. Android application security essentials

    CERN Document Server

    Rai, Pragati

    2013-01-01

    Android Application Security Essentials is packed with examples, screenshots, illustrations, and real world use cases to secure your apps the right way.If you are looking for guidance and detailed instructions on how to secure app data, then this book is for you. Developers, architects, managers, and technologists who wish to enhance their knowledge of Android security will find this book interesting. Some prior knowledge of development on the Android stack is desirable but not required.

  18. Relaxing Chosen-Ciphertext Security

    DEFF Research Database (Denmark)

    Canetti, Ran; Krawczyk, Hugo; Nielsen, Jesper Buus

    2003-01-01

    Security against adaptive chosen ciphertext attacks (or, CCA security) has been accepted as the standard requirement from encryption schemes that need to withstand active attacks. In particular, it is regarded as the appropriate security notion for encryption schemes used as components within...... general protocols and applications. Indeed, CCA security was shown to suffice in a large variety of contexts. However, CCA security often appears to be somewhat too strong: there exist encryption schemes (some of which come up naturally in practice) that are not CCA secure, but seem sufficiently secure...... “for most practical purposes.” We propose a relaxed variant of CCA security, called Replayable CCA (RCCA) security. RCCA security accepts as secure the non-CCA (yet arguably secure) schemes mentioned above; furthermore, it suffices for most existing applications of CCA security. We provide three...

  19. Security Dilemma

    DEFF Research Database (Denmark)

    Wivel, Anders

    2011-01-01

    What is a security dilemma? What are the consequences of security dilemmas in international politics?......What is a security dilemma? What are the consequences of security dilemmas in international politics?...

  20. 26 CFR 1.401(a)-15 - Requirement that plan benefits are not decreased on account of certain Social Security increases.

    Science.gov (United States)

    2010-04-01

    ... on account of certain Social Security increases. 1.401(a)-15 Section 1.401(a)-15 Internal Revenue... decreased on account of certain Social Security increases. (a) In general. Under section 401(a)(15), a trust...-separation social security benefit increase effective after the later of— (i) September 2, 1974, or (ii) The...

  1. Operating System Security

    CERN Document Server

    Jaeger, Trent

    2008-01-01

    Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build "secure" operating systems - operating systems whose mechanisms protect the system against a motivated adversary. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems. In this book, we examine past research that outlines the requirements for a secure operating system and research that implements example systems that aim for such requirements. For system designs that aimed to

  2. Federal technology transfer requirements :a focused study of principal agencies approaches with implications for the Department of Homeland Security.

    Energy Technology Data Exchange (ETDEWEB)

    Koker, Denise; Micheau, Jill M.

    2006-07-01

    This report provides relevant information and analysis to the Department of Homeland Security (DHS) that will assist DHS in determining how to meet the requirements of federal technology transfer legislation. These legal requirements are grouped into five categories: (1) establishing an Office of Research and Technology Applications, or providing the functions thereof; (2) information management; (3) enabling agreements with non-federal partners; (4) royalty sharing; and (5) invention ownership/obligations. These five categories provide the organizing framework for this study, which benchmarks other federal agencies/laboratories engaged in technology transfer/transition Four key agencies--the Department of Health & Human Services (HHS), the U.S. Department of Agriculture (USDA), the Department of Energy (DOE), and the Department of Defense (DoD)--and several of their laboratories have been surveyed. An analysis of DHS's mission needs for commercializing R&D compared to those agencies/laboratories is presented with implications and next steps for DHS's consideration. Federal technology transfer legislation, requirements, and practices have evolved over the decades as agencies and laboratories have grown more knowledgeable and sophisticated in their efforts to conduct technology transfer and as needs and opinions in the federal sector have changed with regards to what is appropriate. The need to address requirements in a fairly thorough manner has, therefore, resulted in a lengthy paper. There are two ways to find summary information. Each chapter concludes with a summary, and there is an overall ''Summary and Next Steps'' chapter on pages 57-60. For those readers who are unable to read the entire document, we recommend referring to these pages.

  3. Securing collaborative environments

    Energy Technology Data Exchange (ETDEWEB)

    Agarwal, Deborah [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States); Jackson, Keith [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States); Thompson, Mary [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States)

    2002-05-16

    The diverse set of organizations and software components involved in a typical collaboratory make providing a seamless security solution difficult. In addition, the users need support for a broad range of frequency and locations for access to the collaboratory. A collaboratory security solution needs to be robust enough to ensure that valid participants are not denied access because of its failure. There are many tools that can be applied to the task of securing collaborative environments and these include public key infrastructure, secure sockets layer, Kerberos, virtual and real private networks, grid security infrastructure, and username/password. A combination of these mechanisms can provide effective secure collaboration capabilities. In this paper, we discuss the requirements of typical collaboratories and some proposals for applying various security mechanisms to collaborative environments.

  4. Security Expertise

    DEFF Research Database (Denmark)

    and to reflect on the impact and responsibility of security analysis. In science and technology studies, the study of security politics adds a challenging new case to the agenda of research on expertise and policy. The contributors investigate cases such as academic security studies, security think tanks......, the collaboration between science, anthropology and the military, transnational terrorism, and the ethical consequences of security expertise. Together they challenge our understanding of how expertise works and what consequences it has for security politics and international relations. This book...... will be of particular interest to students of critical security studies, sociology, science and technology studies, and IR/security studies in general....

  5. Security Requirements for Cryptographic Modules

    Science.gov (United States)

    1999-01-01

    ANSI X9.17, Washington, D.C., 1995. American Bankers Association, Digital Signatures using Reversible Public Key Cryptography for the Financial Services Industry (rDSA...Algorithm Modes of Operation, ANSI X9.52-1998, Washington, D.C., 1998. American Bankers Association, Public Key Cryptography for the Financial Services Industry : Agreement...Bankers Association, Public Key Cryptography for the Financial Services Industry : The Elliptic Curve Digital Signature Algorithm, American National

  6. 75 FR 32840 - Securities Offering Disclosures

    Science.gov (United States)

    2010-06-09

    ... Office of Thrift Supervision Securities Offering Disclosures AGENCY: Office of Thrift Supervision (OTS... on the following information collection. Title of Proposal: Securities Offering Disclosures. OMB... requirement: 12 CFR 563g. Description: The Securities Offering regulation provides necessary information...

  7. Systems Security Engineering

    Science.gov (United States)

    2010-08-22

    thereby reducing the number of bits required for transmissions . Further assume that the system designers would like even greater security regarding...scenarios. A common systemic security analogy for cognition lies within the context of a command and control structure’s observe, orient, decide... telephony , satellite communications and networks). Critical Program Information (CPI): ICT that is a critical component is defined as Critical

  8. Cyber security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

  9. Financial security

    NARCIS (Netherlands)

    de Goede, M.; Burgess, J.P.

    2010-01-01

    1. Introduction J. Peter Burgess Part 1: New Security Concepts 2. Civilizational Security Brett Bowden 3. Risk Oliver Kessler 4. Small Arms Keith Krause 5. Critical Human Security Taylor Owen 6. Critical Geopolitics Simon Dalby Part 2: New Security Subjects 7. Biopolitics Michael Dillon 8. Gendered

  10. Information security management with ITIL V3

    CERN Document Server

    Cazemier, Jacques A; Peters, Louk

    2010-01-01

    This groundbreaking new title looks at Information Security from defining what security measures positively support the business, to implementation to maintaining the required level and anticipating required changes. It covers:Fundamentals of information security ? providing readers insight and give background about what is going to be managed. Topics covered include: types of security controls, business benefits and the perspectives of business, customers, partners, service providers, and auditors.Fundamentals of management of information security - explains what information security manageme

  11. 20 CFR 664.210 - How is the “requires additional assistance to complete an educational program, or to secure and...

    Science.gov (United States)

    2010-04-01

    ... secure and hold employment” criterion in § 664.200(c)(6) defined and documented? Definitions and... and documented? 664.210 Section 664.210 Employees' Benefits EMPLOYMENT AND TRAINING ADMINISTRATION... educational program, or to secure and hold employment” criterion of § 664.200(c)(6) may be established at the...

  12. 25 CFR 101.13 - Security.

    Science.gov (United States)

    2010-04-01

    ... 25 Indians 1 2010-04-01 2010-04-01 false Security. 101.13 Section 101.13 Indians BUREAU OF INDIAN... § 101.13 Security. (a) United States direct loans shall be secured by such security as the Commissioner may require. A lack of security will not preclude the making of a loan if the proposed use of the...

  13. 7 CFR 1942.114 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 13 2010-01-01 2009-01-01 true Security. 1942.114 Section 1942.114 Agriculture... Security. Specific requirements for security for each loan will be included in the letter of conditions. Loans must be secured by the best security position practicable, in a manner which will adequately...

  14. SecurID

    CERN Document Server

    Now called RSA SecurID, SecurID is a mechanism developed by Security Dynamics that allows two-factor authentication for a user on a network resource. It works on the principle of the unique password mode, based on a shared secret. Every sixty seconds, the component generates a new six-digit token on the screen. The latter comes from the current time (internal clock) and the seed (SecurID private key that is available on the component, and is also from the SecurID server). During an authentication request, the SecurID server will check the entered token by performing exactly the same calculation as that performed by your component. The server knows the two information required for this calculation: the current time and the seed of your component. Access is allowed if the token calculated by the server matches the token you specified.

  15. Mobile IP: Security & application

    NARCIS (Netherlands)

    Tuquerres, G.; Salvador, M.R.; Sprenkels, Ron

    1999-01-01

    As required in the TGS Mobile IP Advanced Module, this paper presents a survey of common security threats which mobile IP networks are exposed to as well as some proposed solutions to deal with such threats.

  16. Managing for Enterprise Security

    National Research Council Canada - National Science Library

    Caralli, Richard A; Allen, Julia H; Stevens, James F; Willke, Bradford J; Wilson, William R

    2004-01-01

    Security has become one of the most urgent issues for many organizations. It is an essential requirement for doing business in a globally networked economy and for achieving organizational goals and mission...

  17. Surviving security how to integrate people, process, and technology

    CERN Document Server

    Andress, Amanda

    2003-01-01

    WHY DO I NEED SECURITY? Introduction The Importance of an Effective Security Infrastructure People, Process, and Technology What Are You Protecting Against? Types of Attacks Types of Attackers Security as a Competitive Advantage Choosing a Solution Finding Security Employees The Layered Approach UNDERSTANDING REQUIREMENTS AND RISK What Is Risk? Embracing Risk Information Security Risk Assessment Assessing Risk Insurance SECURITY POLICIES AND PROCEDURES Internal Focus Is Key Security Awareness and Education Policy Life Cycle Developing Policies Components of a Security Policy Sample Security Po

  18. Watermarking security

    CERN Document Server

    Bas, Patrick; Cayre, François; Doërr, Gwenaël; Mathon, Benjamin

    2016-01-01

    This book explains how to measure the security of a watermarking scheme, how to design secure schemes but also how to attack popular watermarking schemes. This book gathers the most recent achievements in the field of watermarking security by considering both parts of this cat and mouse game. This book is useful to industrial practitioners who would like to increase the security of their watermarking applications and for academics to quickly master this fascinating domain.

  19. Security Locks

    Science.gov (United States)

    Hart, Kevin

    2010-01-01

    According to a 2008 "Year in Review" report by Educational Security Incidents, an online repository that collects data on higher education security issues, the total number of security incidents reported at universities and colleges worldwide rose to 173 in 2008, a 24.5 percent increase over 2007. The number of institutions…

  20. 78 FR 69286 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

    Science.gov (United States)

    2013-11-19

    ... COMMISSION 10 CFR Part 95 RIN 3150-AJ07 Facility Security Clearance and Safeguarding of National Security..., Classified National Security Information. In addition, this direct final rule allowed licensees flexibility... required security education training for employees of NRC licensees possessing security clearances so that...

  1. SMS security system for smart home detectors

    OpenAIRE

    Cekova, Katerina; Gelev, Saso

    2016-01-01

    Security has always been an important problem everywhere. Home security has been a major issue where crime is increasing and everybody wants home security to protect the home. Safety from theft and flame are the most important requirements of a home security system for people. A remote home security system offers many benefits from keeping homeowners, and their property safe. This paper present controlling of the home security system remotely from Android Application. Owners can turn on or...

  2. Four Phase Methodology for Developing Secure Software

    OpenAIRE

    Carlos Gonzalez-Flores; Ernesto Liñan-García

    2016-01-01

    A simple and robust approach for developing secure software. A Four Phase methodology consists in developing the non-secure software in phase one, and for the next three phases, one phase for each of the secure developing types (i.e. self-protected software, secure code transformation, and the secure shield). Our methodology requires first the determination and understanding of the type of security level needed for the software. The methodology proposes the use of several teams to accomplish ...

  3. Aligning Two Specifications for Controlling Information Security

    OpenAIRE

    Nykänen, Riku; Kärkkäinen, Tommi

    2014-01-01

    Assuring information security is a necessity in modern organizations. Many recommendations for information security management exist, which can be used to define a baseline of information security requirements. ISO/ IEC 27001 prescribes a process for an information security management system, and guidance to implement security controls is provided in ISO/IEC 27002. Finnish National Security Auditing Criteria (KATAKRI) has been developed by the national authorities in Finland as a ...

  4. Moving towards Cloud Security

    Directory of Open Access Journals (Sweden)

    Edit Szilvia Rubóczki

    2015-01-01

    Full Text Available Cloud computing hosts and delivers many different services via Internet. There are a lot of reasons why people opt for using cloud resources. Cloud development is increasing fast while a lot of related services drop behind, for example the mass awareness of cloud security. However the new generation upload videos and pictures without reason to a cloud storage, but only few know about data privacy, data management and the proprietary of stored data in the cloud. In an enterprise environment the users have to know the rule of cloud usage, however they have little knowledge about traditional IT security. It is important to measure the level of their knowledge, and evolve the training system to develop the security awareness. The article proves the importance of suggesting new metrics and algorithms for measuring security awareness of corporate users and employees to include the requirements of emerging cloud security.

  5. 78 FR 35043 - Aviation Security Advisory Committee Charter Renewal and Request for Applicants

    Science.gov (United States)

    2013-06-11

    ... security requirements. The membership categories are: Victims of Terrorist Acts Against Aviation Law... SECURITY Transportation Security Administration Aviation Security Advisory Committee Charter Renewal and... (TSA) announces the renewal of the charter for the Aviation Security Advisory Committee (ASAC). The...

  6. The Johnson Space Center Management Information Systems (JSCMIS). 1: Requirements Definition and Design Specifications for Versions 2.1 and 2.1.1. 2: Documented Test Scenario Environments. 3: Security Design and Specifications

    Science.gov (United States)

    1986-01-01

    The Johnson Space Center Management Information System (JSCMIS) is an interface to computer data bases at NASA Johnson which allows an authorized user to browse and retrieve information from a variety of sources with minimum effort. This issue gives requirements definition and design specifications for versions 2.1 and 2.1.1, along with documented test scenario environments, and security object design and specifications.

  7. Demarcation of Security in Authentication Protocols

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Security analysis of communication protocols is a slippery business; many “secure” protocols later turn out to be insecure. Among many, two complains are more frequent: inadequate definition of security and unstated assumptions in the security model. In our experience, one principal cause...... for such state of affairs is an apparent overlap of security and correctness, which may lead to many sloppy security definitions and security models. Although there is no inherent need to separate security and correctness requirements, practically, such separation is significant. It makes security analysis...... easier, and enables us to define security goals with a fine granularity. We present one such separation, by introducing the notion of binding sequence as a security primitive. A binding sequence, roughly speaking, is the only required security property of an authentication protocol. All other...

  8. 7 CFR 1951.866 - Security.

    Science.gov (United States)

    2010-01-01

    ... indicates the need for such security. (c) Appraisals. Real property serving as security for all loans to... REGULATIONS (CONTINUED) SERVICING AND COLLECTIONS Rural Development Loan Servicing § 1951.866 Security. (a) Loans from RDLF intermediaries to ultimate recipients. Security requirements for loans from...

  9. 7 CFR 1780.14 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 12 2010-01-01 2010-01-01 false Security. 1780.14 Section 1780.14 Agriculture... (CONTINUED) WATER AND WASTE LOANS AND GRANTS General Policies and Requirements § 1780.14 Security. Loans will be secured by the best security position practicable in a manner which will adequately protect the...

  10. Grid Security

    CERN Multimedia

    CERN. Geneva

    2004-01-01

    The aim of Grid computing is to enable the easy and open sharing of resources between large and highly distributed communities of scientists and institutes across many independent administrative domains. Convincing site security officers and computer centre managers to allow this to happen in view of today's ever-increasing Internet security problems is a major challenge. Convincing users and application developers to take security seriously is equally difficult. This paper will describe the main Grid security issues, both in terms of technology and policy, that have been tackled over recent years in LCG and related Grid projects. Achievements to date will be described and opportunities for future improvements will be addressed.

  11. Securing Hadoop

    CERN Document Server

    Narayanan, Sudheesh

    2013-01-01

    This book is a step-by-step tutorial filled with practical examples which will focus mainly on the key security tools and implementation techniques of Hadoop security.This book is great for Hadoop practitioners (solution architects, Hadoop administrators, developers, and Hadoop project managers) who are looking to get a good grounding in what Kerberos is all about and who wish to learn how to implement end-to-end Hadoop security within an enterprise setup. It's assumed that you will have some basic understanding of Hadoop as well as be familiar with some basic security concepts.

  12. Access Point Security Service for wireless ad-hoc communication

    OpenAIRE

    Scholten, Johan; Nijdam, M.

    2006-01-01

    This paper describes the design and implementation of a security solution for ad-hoc peer-to-peer communication. The security solution is based on a scenario where two wireless devices require secure communication, but share no security relationship a priori. The necessary requirements for the security solution described here comprise topics such as energy efficiency, security standards and ad-hoc networks. The devised solution is called Access Point Security Service (APSS). APSS is able to p...

  13. Lemnos Interoperable Security Program

    Energy Technology Data Exchange (ETDEWEB)

    Stewart, John [Tennessee Valley Authority, Knoxville, TN (United States); Halbgewachs, Ron [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Chavez, Adrian [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Smith, Rhett [Schweitzer Engineering Laboratories, Chattanooga, TN (United States); Teumim, David [Teumim Technical, Allentown, PA (United States)

    2012-01-31

    The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relating to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or tunnels , to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock

  14. Redefining security.

    Science.gov (United States)

    Mathews, J T

    1989-01-01

    The concept of US national security was redefined in the 1970s to include international economics, and lately environmental degradation has also become a factor, as pollution transcends boundaries. By 2100 another 5-6 billion people may be added to the world's population requiring dramatic production and technology transformation with the resultant expanded energy use, emissions, and waste impacting the ecosystem. Climate change through global warming is in the offing. The exponential growth of the population in the developing world poses a crucial challenge for food production, housing, and employment. At a 1% growth rate population doubles in 72 years, while at 3% it doubles in 24 years. Africa's growth rate is almost 3%, it is close to 2% in Latin America, and it is somewhat less in Asia. Renewable resources such as overfished fishing grounds can become nonrenewable, and vanished species can never be resurrected. Deforestation leads to soil erosion, damage to water resources through floods and silting of irrigation networks, and accelerated loss of species. 20% of species could disappear by 2000 thereby losing genetic resources for chemicals, drugs, and food sources. Overcultivation has caused major erosion and decline of agricultural productivity in Haiti, Guatemala, Turkey, and India. Lopsided land ownership in Latin America requires land reform for sustainable agricultural production in the face of the majority of people cultivating plots for bare subsistence. Human practices that have caused environmental damage include concessions granted to logging companies in the Philippines, mismanagement of natural resources in sub-Saharan Africa, the ozone hole, and the greenhouse effect with potential climate changes. Solutions include family planning, efficient energy use, sustainable agroforestry techniques, and environmental accounting of goods and services.

  15. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2006-01-01

    Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Application Program Security. Cryptography. Computer, System, and Security Architecture. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigation and Ethics. Physical Security.

  16. INFORMATION SYSTEM SECURITY (CYBER SECURITY

    Directory of Open Access Journals (Sweden)

    Muhammad Siddique Ansari

    2016-03-01

    Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers

  17. Improving Supervisor and Coworker Reporting of Information of Security Concern

    National Research Council Canada - National Science Library

    Wood, Suzanne

    2003-01-01

    PERSEREC examined government requirements that cleared supervisors and employees report to security managers behavior they observe among subordinates and coworkers that they believe to be security-relevant...

  18. Social security for seafarers globally

    DEFF Research Database (Denmark)

    Jensen, Olaf; Canals, Luisa; Haarløv, Erik

    2013-01-01

    Social security for seafarers globally Background: Social security protection is one of the essential elements of decent work. The issue is complex and no previous epidemiological studies of the coverage among seafarers have yet been performed. Objectives: The aim was to overcome the gap...... of knowledge to promote the discussion and planning of the implementation of social security for all seafarers. Methods: The seafarers completed a short questionnaire concerning their knowledge about their social security status. Results: Significant disparities of coverage of social security were pointed out...... comes from poorer countries without substantial social security systems. The solutions suggested are to implement the minimum requirements as recommended by the ILO 2006 Convention, to survey the implementation and in the long term to struggle for global social equality. Key words: Social security...

  19. The Fundamental Right to Public Security and the Untermassverbot Principle: A Required Review of The Article #152 of the Brazilian Procedural Criminal Code

    Directory of Open Access Journals (Sweden)

    Marcial Duarte Coêlho

    2017-02-01

    Full Text Available The increasing of violence in Brazil affects the fundamental right to public security. When the State does not sufficiently protects a fundamental right there is a violation of the so-called untermassverbot principle. This paper aims to explore the interpretation of the article #152 of the brazilian procedural criminal code under the untermassverbot principle. The traditional interpretation understands that the criminal procedure will be stopped, but the prescription penal period is not equally interrupted. It is proposed a new reading of that article, under the approaches of the proportionality principle and the integral penal guaranteeism.

  20. Security Bingo

    CERN Multimedia

    Computer Security Team

    2011-01-01

    Want to check your security awareness and win one of three marvellous books on computer security? Just print out this page, mark which of the 25 good practices below you already follow, and send the sheet back to us by 31 October 2011 at either Computer.Security@cern.ch or P.O. Box G19710.   Winners[1] must show that they fulfil at least five good practices in a continuous vertical, horizontal or diagonal row. For details on CERN Computer Security, please consult http://cern.ch/security. I personally…   …am concerned about computer security. …run my computer with an anti-virus software and up-to-date signature files. …lock my computer screen whenever I leave my office. …have chosen a reasonably complex password. …have restricted access to all my files and data. …am aware of the security risks and threats to CERN’s computing facilities. &hell...

  1. Infrastructure Plan for Home Security System

    OpenAIRE

    Tong, Yao

    2011-01-01

    Tong, Yao. 2011. Infrastructure Plan for Home Security System. Bachelor’s Thesis. Kemi-Tornio University of Applied Sciences. Business and Culture. Pages 53. Appendix 1. The aims of this research were to design an infrastructure plan for home security system, analyze the most mature and emerging technologies, connect the security services through different types of interfaces, and assign different security levels for home security system based on the user requirements. The whole infrastru...

  2. Developing security protocols in χ-Spaces

    DEFF Research Database (Denmark)

    Crazzolara, Federico; Milicia, Giuseppe

    2002-01-01

    It is of paramount importance that a security protocol effectively enforces the desired security requirements. The apparent simplicity of informal protocol descriptions hides the inherent complexity of their interactions which, often, invalidate informal correctness arguments and justify the effort......-Spaces aids several steps in the development of a security protocol – protocol executions can be simulated in hostile environments, a security protocol can be implemented, and security properties of implementations can be formally verified....

  3. Secure PVM

    Energy Technology Data Exchange (ETDEWEB)

    Dunigan, T.H.; Venugopal, N.

    1996-09-01

    This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user`s PVM application, or, optionally, security can be provided on a message-by message basis. Diffe-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.

  4. Computer security

    CERN Document Server

    Gollmann, Dieter

    2011-01-01

    A completely up-to-date resource on computer security Assuming no previous experience in the field of computer security, this must-have book walks you through the many essential aspects of this vast topic, from the newest advances in software and technology to the most recent information on Web applications security. This new edition includes sections on Windows NT, CORBA, and Java and discusses cross-site scripting and JavaScript hacking as well as SQL injection. Serving as a helpful introduction, this self-study guide is a wonderful starting point for examining the variety of competing sec

  5. 17 CFR 242.403 - Required margin.

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Required margin. 242.403...) REGULATIONS M, SHO, ATS, AC, AND NMS AND CUSTOMER MARGIN REQUIREMENTS FOR SECURITY FUTURES Customer Margin Requirements for Security Futures § 242.403 Required margin. (a) Applicability. Each security futures...

  6. Secure Java For Web Application Development

    CERN Document Server

    Bhargav, Abhay

    2010-01-01

    As the Internet has evolved, so have the various vulnerabilities, which largely stem from the fact that developers are unaware of the importance of a robust application security program. This book aims to educate readers on application security and building secure web applications using the new Java Platform. The text details a secure web application development process from the risk assessment phase to the proof of concept phase. The authors detail such concepts as application risk assessment, secure SDLC, security compliance requirements, web application vulnerabilities and threats, security

  7. Use of Evaluation Criteria in Security Education

    National Research Council Canada - National Science Library

    Nguyen, Thuy D; Irvine, Cynthia E

    2008-01-01

    .... A cornerstone of this success will be the ability of Information Assurance professionals to develop sound security requirements and determine the suitability of evaluated security products for mission-specific systems...

  8. Security Threat Assessments for Hazmat Drivers

    National Research Council Canada - National Science Library

    Rothberg, Paul F

    2005-01-01

    ...). This provision seeks to reduce some of the security risks associated with hazardous materials (hazmat) transportation by requiring a security threat assessment of drivers with a hazmat endorsement on their commercial drivers license...

  9. European Security

    DEFF Research Database (Denmark)

    Møller, Bjørn

    Theoretical chapters on "Security", "Organisations" and "Regions," Historical Chapters on "Europe and Its Distinguishing Features" and on "The United Nations," "NATO," "The CSCE/OSCE and the Council of Europe" and "The European Union"......Theoretical chapters on "Security", "Organisations" and "Regions," Historical Chapters on "Europe and Its Distinguishing Features" and on "The United Nations," "NATO," "The CSCE/OSCE and the Council of Europe" and "The European Union"...

  10. Security Studies

    OpenAIRE

    ,

    2005-01-01

    Security Studies has firmly established itself as a leading journal on international security issues. The journal publishes theoretical, historical and policy-oriented articles on the causes and consequences of war, and the sources and conditions of peace. The journal has published articles on balancing vs. bandwagoning, deterrence in enduring rivalries, the Domino theory, nuclear weapons proliferation, civil-military relations, political reforms in China, strategic culture in Asia and the P...

  11. Secure Directories

    OpenAIRE

    Chadwick, David W.

    2000-01-01

    This paper describes the mechanisms that are needed in order to provide a secure directory service based on the X.500 data model. A brief introduction to the X.500 data model is given followed by an overview of the Lightweight Directory Access Protocol. Security can be provided by three functions: an application level firewall, an authentication mechanism, and an access control scheme. A description of the X.500 and LDAP access control models is presented followed by the authentication method...

  12. Security an introduction

    CERN Document Server

    Purpura, Philip P

    2011-01-01

    Section I The History and Profession of SecurityDefinition, Role, and History of Security Security Defined The Contexts of Security The Roles of Security The History of Security Security in an Environment of Threats, Terrorism, and All-Hazards Threats and Hazards Terrorism National Strategies The Profession and Business of Security The Business of Security Professionalism and Security Associations Ethics Regulation of the Security Industry Security Training Higher Education Careers Section II Protecting People and AssetsSecurity Methodology Methodology Defined Security Business Proposals Secur

  13. Process Control/SCADA system vendor security awareness and security posture.

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Lüders, S.

    2009-01-01

    A starting point for the adequate security of process control/SCADA systems is the security awareness and security posture by the manufacturers, vendors, system integrators, and service organisations. The results of a short set of questions indicate that major security improvements are required in

  14. [Food security in Mexico].

    Science.gov (United States)

    Urquía-Fernández, Nuria

    2014-01-01

    An overview of food security and nutrition in Mexico is presented, based on the analysis of the four pillars of food security: availability, access, utilization of food, and stability of the food supply. In addition, the two faces of malnutrition in Mexico were analyzed: obesity and undernourishment. Data were gathered from the food security indicators of the United Nations's Food and Agriculture Organization, from the Mexican Scale of Food Security, and from the National Health and Nutrition Survey. Mexico presents an index of availability of 3 145 kilocalories per person per day, one of the highest indexes in the world, including both food production and imports. In contrast, Mexico is affected by a double burden of malnutrition: whereas children under five present 14% of stunt, 30% of the adult population is obese. Also, more than 18% of the population cannot afford the basic food basket (food poverty). Using perception surveys, people reports important levels of food insecurity, which concentrates in seven states of the Mexican Federation. The production structure underlying these indicators shows a very heterogeneous landscape, which translates in to a low productivity growth across the last years. Food security being a multidimensional concept, to ensure food security for the Mexican population requires a revision and redesign of public productive and social policies, placing a particular focus on strengthening the mechanisms of institutional governance.

  15. SIM parameter-based security for mobile e-commerce settings

    National Research Council Canada - National Science Library

    Francisco Orlando Martínez Pabón; Jaime Caicedo Guerrero; Rodrigo Hernández Cuenca; Oscar Mauricio Caicedo Rendón; Javier Alexander Hurtado Guaca

    2010-01-01

    Security requirements are more demanding in the e-commerce domain. However, mobile e -commerce settings not only insist on security requirements, they also require balance between security levels and hardware and usability device ability...

  16. American Computer Security Industries, Inc., COMPSEC-II

    Science.gov (United States)

    1991-06-10

    The National Computer Security Center (NSC) examined the security protection mechanisms provide by American Computer Security Industries...against the Computer Security Subsystem interpretation (CSSI). Specifically, the applicable requirements for this evaluation included Identification...NCSC, I and A, DAC, AUD, CSSI, OR, American Computer Security Industries, Inc., COMPSEC-11 USA American Version, release B3.1

  17. 49 CFR 1552.23 - Security awareness training programs.

    Science.gov (United States)

    2010-10-01

    ... employee to identify— (i) Uniforms and other identification, if any are required at the flight school, for... SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY FLIGHT SCHOOLS Flight School Security Awareness Training § 1552.23 Security awareness training programs. (a) General. A flight...

  18. HUMAN RIGHTS IN TIME OF GLOBALIZING SECURITY

    Directory of Open Access Journals (Sweden)

    Gregor Garb

    2013-01-01

    Full Text Available Diversity of processes in the contemporary international environment and the attendant effects, including security risks bring rapid changes in society. On the other hand, new opportunities and challenges are characterized by globalization of security and modern security paradigm, triggered by the overwhelming number of processes within existing systems of national security that modify the state's role in ensuring the safety of its citizens or residents.In the contemporary security paradigm appears a tendency to provide individual security or deviation to the concept of ensuring security of the individual. Security is becoming a fundamental civil right which requires the synthesis of a wide range of state and social policies, including respect of human rights.International terrorism, as one of the security risks, against which many countries have accepted anti-terrorism laws, which intervene in the free exercise of individual rights and that leads to an imbalance between freedom and security.

  19. On Building Secure Communication Systems

    DEFF Research Database (Denmark)

    Carvalho Quaresma, Jose Nuno

    perspective of the communications between different principals. The notation used in the GSD framework extends that notation with constructs that allow the security requirements of the messages to be described. From that specification, the developer is guided through a semi-automatic translation that enables......’s flexibility allows for the addition of constructs that model new security properties as well as new plugins that implement the security properties. In order to provide higher security assurances, the system specification can be verified by formal methods tools such as the Beliefs and Knowledge (BAK) tool...

  20. DIRAC Security

    CERN Document Server

    Casajús Ramo, A

    2006-01-01

    DIRAC is the LHCb Workload and Data Management System. Based on a service-oriented architecture, it enables generic distributed computing with lightweight Agents and Clients for job execution and data transfers. DIRAC implements a client-server architecture exposing server methods through XML Remote Procedure Call (XML-RPC) protocol. DIRAC is mostly coded in python. DIRAC security infrastructure has been designed to be a completely generic XML-RPC transport over a SSL tunnel. This new security layer is able to handle standard X509 certificates as well as grid-proxies to authenticate both sides of the connection. Serve and client authentication relies over OpenSSL and py-Open SSL, but to be able to handle grid proxies some modifications have been added to those libraries. DIRAC security infrastructure handles authorization and authorization as well as provides extended capabilities like secure connection tunneling and file transfer. Using this new security infrastructure all LHCb users can safely make use o...

  1. Collective Security

    DEFF Research Database (Denmark)

    Galster, Kjeld

    Collective Security: National Egotism (Abstract) In Danish pre-World War I defence debate the notion of collective security is missing. During the early years of the 19th century, the political work is influenced by a pervasive feeling of rising tension and danger on the continent of Europe......, but while creation of defensive alliances appears unrealistic, new defence laws appearing 1909 show strong resolve to defend Denmark’s status as a neutral power. The Great War proves that these laws provided an adequate tool to be wielded by the politicians actually in office during that conflict. Following...... World War I it is not surprising that a salient feature of the defence debate is aversion against armed conflict. The Wilsonian agenda of a new system of collective security featuring prominently in the peace talks as well as in European debate generally does indeed have ramifications in Danish...

  2. Cloud Computing Security: A Survey

    Directory of Open Access Journals (Sweden)

    Issa M. Khalil

    2014-02-01

    Full Text Available Cloud computing is an emerging technology paradigm that migrates current technological and computing concepts into utility-like solutions similar to electricity and water systems. Clouds bring out a wide range of benefits including configurable computing resources, economic savings, and service flexibility. However, security and privacy concerns are shown to be the primary obstacles to a wide adoption of clouds. The new concepts that clouds introduce, such as multi-tenancy, resource sharing and outsourcing, create new challenges to the security community. Addressing these challenges requires, in addition to the ability to cultivate and tune the security measures developed for traditional computing systems, proposing new security policies, models, and protocols to address the unique cloud security challenges. In this work, we provide a comprehensive study of cloud computing security and privacy concerns. We identify cloud vulnerabilities, classify known security threats and attacks, and present the state-of-the-art practices to control the vulnerabilities, neutralize the threats, and calibrate the attacks. Additionally, we investigate and identify the limitations of the current solutions and provide insights of the future security perspectives. Finally, we provide a cloud security framework in which we present the various lines of defense and identify the dependency levels among them. We identify 28 cloud security threats which we classify into five categories. We also present nine general cloud attacks along with various attack incidents, and provide effectiveness analysis of the proposed countermeasures.

  3. Privatising Security

    Directory of Open Access Journals (Sweden)

    Irina Mindova-Docheva

    2016-06-01

    Full Text Available The article proposes an analysis of the different approaches towards employing the international legal framework in the regulation and oversight of private military and security companies’ operation in armed conflicts and in peace time security systems. It proposes a partnership-based approach for public and private actors aiming at creating and sharing common values under the principles of solidarity, protection of human rights and rule of law. A focus of further research should be the process of shaping those common values.

  4. Food security under climate change

    Science.gov (United States)

    Hertel, Thomas W.

    2016-01-01

    Using food prices to assess climate change impacts on food security is misleading. Differential impacts on income require a broader measure of household well-being, such as changes in absolute poverty.

  5. 78 FR 46594 - Extension of Agency Information Collection Activity Under OMB Review: Aviation Security Customer...

    Science.gov (United States)

    2013-08-01

    ... OMB Review: Aviation Security Customer Satisfaction Performance Measurement Passenger Survey AGENCY... satisfaction of aviation security in an effort to more efficiently manage its security screening performance at.... Information Collection Requirement Title: Aviation Security Customer Satisfaction Performance Measurement...

  6. 78 FR 4856 - Extension of Agency Information Collection Activity Under OMB Review: Aviation Security...

    Science.gov (United States)

    2013-01-23

    ... OMB Review: Aviation Security Infrastructure Fee Records Retention AGENCY: Transportation Security... Aviation Security Infrastructure Fee (ASIF), including information about air carriers' and foreign air.... Information Collection Requirement Title: Aviation Security Infrastructure Fee Records Retention. Type of...

  7. Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    2006-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most

  8. Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    2007-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most

  9. COMPUTER SECURITY AND SECURITY TECHNOLOGIES

    Directory of Open Access Journals (Sweden)

    Lazar Stošić

    2013-01-01

    Full Text Available With the increasing development of computer and communications technology growth and increasing needs and development of information systems security. The problem of security must be approached with greater caution. With the development of computer and communication technologies have developed numerous tools to protect files and other information. A set of tools, procedures, policies and solutions to defend against attacks are collectively referred to as computer network security. It is necessary above all to define and learn about the concepts of attack, risk, threat, vulnerability and asset value. During the design and implementation of information systems should primarily take into account a set of measures to increase security and maintenance at an acceptable level of risk. In any case, there is a need to know the risks in the information system. Sources of potential security problems are challenges and attacks, while the risk relates to the probable outcome and its associated costs due to occurrence of certain events. There are numerous techniques help protect your computer: cryptography, authentication, checked the software, licenses and certificates, valid authorization... This paper explains some of the procedures and potential threats to break into the network and computers as well as potential programs that are used. Guidance and explanation of these programs is not to cause a break-in at someone else's computer, but to highlight the vulnerability of the computer's capabilities.

  10. Access Point Security Service for wireless ad-hoc communication

    NARCIS (Netherlands)

    Scholten, Johan; Nijdam, M.

    2006-01-01

    This paper describes the design and implementation of a security solution for ad-hoc peer-to-peer communication. The security solution is based on a scenario where two wireless devices require secure communication, but share no security relationship a priori. The necessary requirements for the

  11. Required Information Release

    OpenAIRE

    Chong, Stephen N

    2010-01-01

    Many computer systems have a functional requirement to release information. Such requirements are an important part of a system’s information security requirements. Current information-flow control techniques are able to reason about permitted information flows, but not required information flows. In this paper, we introduce and explore the specification and enforcement of required information release in a language-based setting. We define semantic security conditions that express both what i...

  12. Required Information Release

    OpenAIRE

    Chong, Stephen N

    2012-01-01

    Many computer systems have a functional requirement to release information. Such requirements are an important part of a system's information security requirements. Current information-flow control techniques are able to reason about permitted information flows, but not required information flows. In this paper, we introduce and explore the specification and enforcement of required information release in a language-based setting. We define semantic security conditions that express both wha...

  13. Secure Ties

    NARCIS (Netherlands)

    Joep de Hart; Frans Knol; Cora Maas - de Waal; Theo Roes

    2002-01-01

    Original title: Zekere banden. Discussions about the Netherlands of today often throw up terms such as 'social cohesion', 'social integration', 'liveability' and 'security'. The Netherlands Institute for Social Research/SCP has carried out a study of this phenomenon and presents the results in

  14. Food security

    NARCIS (Netherlands)

    Ridder, M. de

    2011-01-01

    Food security is back on the agenda as a top priority for policy makers. In January 2011, record high food prices resulted in protests in Tunisia, which subsequently led to the spread of the revolutions in other North African and Middle Eastern countries. Although experts have asserted that no

  15. Information Security

    NARCIS (Netherlands)

    Hartel, Pieter H.; Suryana Herman, Nanna; Leukfeldt, E.R.; Stol, W.Ph.

    2012-01-01

    Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is

  16. 76 FR 4079 - Information Technology (IT) Security

    Science.gov (United States)

    2011-01-24

    ... SPACE ADMINISTRATION 48 CFR Parts 1804 and 1852 RIN 2700-AD46 Information Technology (IT) Security... NASA FAR Supplement (NFS) to update requirements related to Information Technology Security, consistent with Federal policies for the security of unclassified information and information systems. The rule...

  17. 15 CFR 742.4 - National security.

    Science.gov (United States)

    2010-01-01

    ... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false National security. 742.4 Section 742.4... CONTROLS § 742.4 National security. (a) License requirements. It is the policy of the United States to... the EAR) that would prove detrimental to the national security of the United States. License Exception...

  18. Enhancing Parliamentary Oversight for Effective Security Sector ...

    African Journals Online (AJOL)

    2015-06-09

    Jun 9, 2015 ... security forces continued to serve the interests of the ruling elites rather than the security requirement of the people (Bendix .... Benjamin Adeniran Aluko. Enhancing Parliamentary Oversight for Effective Security Sector Reform in Democratic Nigeria. 4. Accountability;. 5. Public trust;. 6. Local ownership;. 7.

  19. 10 CFR 39.71 - Security.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 1 2010-01-01 2010-01-01 false Security. 39.71 Section 39.71 Energy NUCLEAR REGULATORY COMMISSION LICENSES AND RADIATION SAFETY REQUIREMENTS FOR WELL LOGGING Security, Records, Notifications § 39.71 Security. (a) A logging supervisor must be physically present at a temporary jobsite whenever...

  20. 14 CFR 460.53 - Security.

    Science.gov (United States)

    2010-01-01

    ... 14 Aeronautics and Space 4 2010-01-01 2010-01-01 false Security. 460.53 Section 460.53 Aeronautics and Space COMMERCIAL SPACE TRANSPORTATION, FEDERAL AVIATION ADMINISTRATION, DEPARTMENT OF....53 Security. An operator must implement security requirements to prevent any space flight participant...

  1. The Informatics Security Cost of Distributed Applications

    Directory of Open Access Journals (Sweden)

    Ion IVAN

    2010-01-01

    Full Text Available The objective, necessity, means and estimated efficiency of information security cost modeling are presented. The security requirements of distributed informatics applications are determined. Aspects regarding design, development and implementation are established. Influence factors for informatics security are presented and their correlation is analyzed. The costs associated to security processes are studied. Optimal criteria for informatics security are established. The security cost of the informatics application for validating organizational identifiers is determined using theoretical assumptions made for cost models. The conclusions highlight the validity of research results and offer perspectives for future research.

  2. The Extended Concept of Security and the Czech Security Practice

    Directory of Open Access Journals (Sweden)

    Libor Stejskal

    2008-12-01

    Full Text Available According to the extended concept of security, the nation state is no longer the sole privileged reference object of security. The traditional model of national security is developing from military terms to a broader concept which embraces the international, economic, social, environmental, and human rights dimensions of security. The meaning and relevance of the concept is being extended “upwards”, to international organisations, and “downwards”, to regional and local authorities, non-governmental organisations, communities, and individual citizens. This has immediate bearing on the everyday security reality of the Czech Republic. In international context, the “security frontier” of the Czech Republic is expanding, e.g. through the country’s involvement in UN and NATO security missions in conflict-ridden regions of Europe and the world. The country also helps enhance the internal security of the European Union, whose strength depends on its Member States’ willingness to “harmonise” the pursuit of their respective national security interests. This approach is especially important with regard to the principal security threats Europe faces and will continue to face in the future: terrorism and organised crime. It is vital that the Czech Republic have a well-working security system capable of responding effectively to a broad range of threats. This requirement applies first and foremost to the Police, the Fire and Rescue Service, and intelligence services. Unfortunately, with the present effectiveness of the Czech security system, much remains wishful thinking and, due to the lack of a comprehensive framework, a comparatively low level of protection against emergencies exists. Fight against crime is hampered by inefficient operation of the Police and judiciary. A thorough analysis of the aforementioned problems could provide basis for a broader public debate over the priorities and goals of Czech security policy, which should

  3. Opinions about Component Energetic Security

    OpenAIRE

    Elena GOLUMBEANU (GEORGESCU)

    2012-01-01

    Collective security (international) represent the morphological expression of individual security components. According to the Report presented at the United Nations Development Programme, collective security (international) as well as national security, is the expression of seven synergistic dimensions as follows: economic security, food security, environmental security, personal security, community security, political security and individual security. As part of economic security, energy an...

  4. Security Investigation Database (SID)

    Data.gov (United States)

    US Agency for International Development — Security Investigation & Personnel Security Clearance - COTS personnel security application in a USAID virtualized environement that can support USAID's business...

  5. Security Administration Reports Application

    Data.gov (United States)

    Social Security Administration — Contains SSA Security Reports that allow Information Security Officers (ISOs) to access, review and take appropriate action based on the information contained in the...

  6. Computer Security: the security marathon

    CERN Multimedia

    Computer Security Team

    2014-01-01

    If you believe that “security” is a sprint, that a quick hack is invulnerable, that quick bug fixing is sufficient, that plugging security measures on top of existing structures is good, that once you are secure your life will be easy... then let me convince you otherwise.   An excellent example of this is when the summer students join us at CERN. As the summer period is short, software projects must be accomplished quickly, like a sprint. Rush, rush! But often, this sprint ends with aching muscles. Regularly, these summer students approach us to have their project or web server made visible to the Internet. Regularly, quick security reviews of those web servers diagnose severe underperformance with regards to security: the web applications are flawed or use insecure protocols; the employed software tools, databases or web frameworks are sub-optimal and not adequately chosen for that project; the operating system is non-standard and has never been brought up-to-date; and ...

  7. Model-Based Security Testing

    Directory of Open Access Journals (Sweden)

    Ina Schieferdecker

    2012-02-01

    Full Text Available Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.

  8. Network Security Validation Using Game Theory

    Science.gov (United States)

    Papadopoulou, Vicky; Gregoriades, Andreas

    Non-functional requirements (NFR) such as network security recently gained widespread attention in distributed information systems. Despite their importance however, there is no systematic approach to validate these requirements given the complexity and uncertainty characterizing modern networks. Traditionally, network security requirements specification has been the results of a reactive process. This however, limited the immunity property of the distributed systems that depended on these networks. Security requirements specification need a proactive approach. Networks' infrastructure is constantly under attack by hackers and malicious software that aim to break into computers. To combat these threats, network designers need sophisticated security validation techniques that will guarantee the minimum level of security for their future networks. This paper presents a game-theoretic approach to security requirements validation. An introduction to game theory is presented along with an example that demonstrates the application of the approach.

  9. A Secure Communication Framework for ECUs

    OpenAIRE

    Ali Shuja Siddiqui; Yutian Gui; Jim Plusquellic; Fareena Saqib

    2017-01-01

    Electronic Control Units (ECUs) generate diagnostic and telemetric data that is communicated over the internal vehicular network. ECUs are resource constraint devices and have limited resources to devote for data security. In recent times, threats against vehicular networks have emerged that require attention of the research community. In this paper, we demonstrate data security threats in automobile, and present a hardware based security framework that provides real time secure communication...

  10. A Security Architecture for Health Information Networks

    OpenAIRE

    Kailar, Rajashekar

    2007-01-01

    Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today’s healthcare enterprise. Recent work on ‘nationwide health information network’ architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set t...

  11. Information Security Awareness: An Innovation Approach

    OpenAIRE

    Corona, Carlos Orozco

    2010-01-01

    Scholars and security practitioners seem to converge in the understanding that Information Security is in great part a problem about people; hence the need for a more holistic approach in order to understand human behaviour in the Information Security field which requires a multidisciplinary approach. Recent events such as the “Interdisciplinary Workshop on Security and Human Behaviour” hosted in Boston, Massachusetts in June 2008, are considering this approach and they have conveyed a multi...

  12. Security system

    Science.gov (United States)

    Baumann, Mark J.; Kuca, Michal; Aragon, Mona L.

    2016-02-02

    A security system includes a structure having a structural surface. The structure is sized to contain an asset therein and configured to provide a forceful breaching delay. The structure has an opening formed therein to permit predetermined access to the asset contained within the structure. The structure includes intrusion detection features within or associated with the structure that are activated in response to at least a partial breach of the structure.

  13. THz and Security Applications

    CERN Document Server

    Sizov, Fedir; Detectors, Sources and Associated Electronics for THz Applications

    2014-01-01

    These proceedings comprise invited papers from highly experienced researchers in THz technology and security applications. THz detection of explosives represents one of the most appealing technologies to have recently emerged in dealing with terrorist attacks encountered by civil security and military forces throughout the world. Discussed are the most advanced technologies and developments, the various points of operational strength and weaknesses as well as are suggestions and predictions the best technological solutions to  overcome current operational limits.  The current status of various levels of cooling in THz detectors, sources and associated electronics are also addressed. The goal was to provide a clear view on the current technologies available and the required advances needed in order to achieve more efficient systems. This goal was outlined in part by establishing the baseline of current uncertainty estimations in physics-based modelling and the identification of key areas which require additi...

  14. Usable SPACE: Security, Privacy, and Context for the Mobile User

    Science.gov (United States)

    Jutla, Dawn

    Users breach the security of data within many financial applications daily as human and/or business expediency to access and use information wins over corporate security policy guidelines. Recognizing that changing user context often requires different security mechanisms, we discuss end-to-end solutions combining several security and context mechanisms for relevant security control and information presentation in various mobile user situations. We illustrate key concepts using Dimitri Kanevskys (IBM Research) early 2000s patented inventions for voice security and classification.

  15. Statistical security for Social Security.

    Science.gov (United States)

    Soneji, Samir; King, Gary

    2012-08-01

    The financial viability of Social Security, the single largest U.S. government program, depends on accurate forecasts of the solvency of its intergenerational trust fund. We begin by detailing information necessary for replicating the Social Security Administration's (SSA's) forecasting procedures, which until now has been unavailable in the public domain. We then offer a way to improve the quality of these procedures via age- and sex-specific mortality forecasts. The most recent SSA mortality forecasts were based on the best available technology at the time, which was a combination of linear extrapolation and qualitative judgments. Unfortunately, linear extrapolation excludes known risk factors and is inconsistent with long-standing demographic patterns, such as the smoothness of age profiles. Modern statistical methods typically outperform even the best qualitative judgments in these contexts. We show how to use such methods, enabling researchers to forecast using far more information, such as the known risk factors of smoking and obesity and known demographic patterns. Including this extra information makes a substantial difference. For example, by improving only mortality forecasting methods, we predict three fewer years of net surplus, $730 billion less in Social Security Trust Funds, and program costs that are 0.66% greater for projected taxable payroll by 2031 compared with SSA projections. More important than specific numerical estimates are the advantages of transparency, replicability, reduction of uncertainty, and what may be the resulting lower vulnerability to the politicization of program forecasts. In addition, by offering with this article software and detailed replication information, we hope to marshal the efforts of the research community to include ever more informative inputs and to continue to reduce uncertainties in Social Security forecasts.

  16. Metric-Aware Secure Service Orchestration

    Directory of Open Access Journals (Sweden)

    Gabriele Costa

    2012-12-01

    Full Text Available Secure orchestration is an important concern in the internet of service. Next to providing the required functionality the composite services must also provide a reasonable level of security in order to protect sensitive data. Thus, the orchestrator has a need to check whether the complex service is able to satisfy certain properties. Some properties are expressed with metrics for precise definition of requirements. Thus, the problem is to analyse the values of metrics for a complex business process. In this paper we extend our previous work on analysis of secure orchestration with quantifiable properties. We show how to define, verify and enforce quantitative security requirements in one framework with other security properties. The proposed approach should help to select the most suitable service architecture and guarantee fulfilment of the declared security requirements.

  17. Network security

    CERN Document Server

    Perez, André

    2014-01-01

    This book introduces the security mechanisms deployed in Ethernet, Wireless-Fidelity (Wi-Fi), Internet Protocol (IP) and MultiProtocol Label Switching (MPLS) networks. These mechanisms are grouped throughout the book according to the following four functions: data protection, access control, network isolation, and data monitoring. Data protection is supplied by data confidentiality and integrity control services. Access control is provided by a third-party authentication service. Network isolation is supplied by the Virtual Private Network (VPN) service. Data monitoring consists of applying

  18. Arctic Security

    DEFF Research Database (Denmark)

    Wang, Nils

    2013-01-01

    The inclusion of China, India, Japan, Singapore and Italy as permanent observers in the Arctic Council has increased the international status of this forum significantly. This chapter aims to explain the background for the increased international interest in the Arctic region through an analysis...... of the general security situation and to identify both the explicit and the implicit agendas of the primary state actors. The region contains all the ingredients for confrontation and conflict but the economical potential for all the parties concerned creates a general interest in dialogue and cooperation...

  19. Information Security and Integrity Systems

    Science.gov (United States)

    1990-01-01

    Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

  20. Web services and their security

    OpenAIRE

    Asfaw, Belete Ayele

    2004-01-01

    Web Service security is an ongoing battle. On one side are those who want to break into the service providers system, either for fun or for some advantage to themselves or their organization. On the other side are people who are putting up defences to prevent these break-ins. This ongoing battle results in continuing changes to security solutions. Another dimension is that there is an evolving set of security requirements, such as giving a new group of outsiders controlled access to the syst...

  1. 17 CFR 41.45 - Required margin.

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 1 2010-04-01 2010-04-01 false Required margin. 41.45 Section... PRODUCTS Customer Accounts and Margin Requirements § 41.45 Required margin. (a) Applicability. Each security futures intermediary shall determine the required margin for the security futures and related...

  2. 49 CFR 1542.203 - Security of the air operations area (AOA).

    Science.gov (United States)

    2010-10-01

    ...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Operations § 1542.203 Security of the air operations area (AOA). (a) Each airport operator required to have a... 49 Transportation 9 2010-10-01 2010-10-01 false Security of the air operations area (AOA). 1542...

  3. A security architecture for health information networks.

    Science.gov (United States)

    Kailar, Rajashekar; Muralidhar, Vinod

    2007-10-11

    Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today's healthcare enterprise. Recent work on 'nationwide health information network' architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately.

  4. Performance Issues on Integration of Security Services

    Science.gov (United States)

    Pereira, Fábio Dacêncio; Moreno, Edward David

    The integration of security services is an important solution to combat anomalies and attacks on computer systems, assuming that possible difficulties of a security service may be compensated by others. The current works that aim to integrate two or more security services are usually focused on a particular implementation strategy, because the systematic approach to integrated security systems requires the analysis of relations between security data. In our work was proposed and developed a Security Services Integrated Layer (SSIL), consisting of an organization pattern of information security, as well as behavioral models to analyze the occurrence of abnormality identified. The Hidden Markov Model and the proposed solutions as subHMM and Sequential Model allowed the integration of security services based on behavior. In this article we highlight the rates of detection of anomalies and a critical analysis of results.

  5. Interdomain Routing Security (BGP-4)

    OpenAIRE

    Zouaghi, Rostom

    2008-01-01

    The Border Gateway Protocol (BGP) is the most important protocol for the interconnectivity of the Internet. Although it has shown acceptable performance, there are many issues about its capability to meet the scale of the growth of the Internet, mainly because of the security issues that surround interdomain routing. The Internet is important to many organisations in various contexts. Thus, it is required to provide a highly secure protocol to keep the normal operation of the Internet. BGP...

  6. INFORMATION SECURITY IN LOGISTICS COOPERATION

    Directory of Open Access Journals (Sweden)

    Tomasz Małkus

    2015-03-01

    Full Text Available Cooperation of suppliers of raw materials, semi-finished products, finished products, wholesalers, retailers in the form of the supply chain, as well as outsourcing of specialized logistics service require ensuring adequate support of information. It concerns the use of appropriate computer tools. The security of information in such conditions of collaboration becomes the important problem for parties of contract. The objective of the paper is to characterize main issues relating to security of information in logistics cooperation.

  7. Future consumer mobile phone security: A case study using the data-centric security model

    NARCIS (Netherlands)

    van Cleeff, A.

    Consumer mobile phone security requires more attention, now that their data storage capacity is increasing. At the same time, much effort is spent on data-centric security for large enterprises. In this article we try to apply data-centric security to consumer mobile phones. We show a maturity model

  8. 75 FR 77783 - Designation of National Security Positions

    Science.gov (United States)

    2010-12-14

    ...; ] OFFICE OF PERSONNEL MANAGEMENT 5 CFR Part 732 RIN 3206-AM27 Designation of National Security Positions... Management (OPM) is proposing to revise its regulation regarding designation of national security positions... should observe when designating national security positions as required under E.O. 10450, Security...

  9. 32 CFR 154.16 - Security clearance.

    Science.gov (United States)

    2010-07-01

    ... U.S. Senate and House of Representatives do not require personnel security clearances. They may be... part. The Director, Washington Headquarters Services (WHS) will initiate the required investigation...

  10. Embedding security messages in existing processes: a pragmatic and effective approach to information security culture change

    CERN Document Server

    Lopienski, Sebastian

    Companies and organizations world-wide depend more and more on IT infrastructure and operations. Computer systems store vital information and sensitive data; computing services are essential for main business processes. This high dependency comes with a number of security risks, which have to be managed correctly on technological, organizational and human levels. Addressing the human aspects of information security often boils down just to procedures, training and awareness raising. On the other hand, employees and collaborators do not adopt security attitude and habits simply when told to do so – a real change in behaviour requires an established security culture. But how to introduce a security culture? This thesis outlines the need of developing or improving security culture, and discusses how this can be done. The proposed approach is to gradually build security knowledge and awareness, and influence behaviours. The way to achieve this is to make security communication pervasive by embedding security me...

  11. A Secure Communication Framework for ECUs

    Directory of Open Access Journals (Sweden)

    Ali Shuja Siddiqui

    2017-08-01

    Full Text Available Electronic Control Units (ECUs generate diagnostic and telemetric data that is communicated over the internal vehicular network. ECUs are resource constraint devices and have limited resources to devote for data security. In recent times, threats against vehicular networks have emerged that require attention of the research community. In this paper, we demonstrate data security threats in automobile, and present a hardware based security framework that provides real time secure communication using lightweight cryptographic primitives and propose hardware based authentication protocol. Implementation details, performance and security analysis of proposed framework are presented.

  12. 20 CFR 404.408b - Reduction of retroactive monthly social security benefits where supplemental security income (SSI...

    Science.gov (United States)

    2010-04-01

    ....408b Section 404.408b Employees' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD-AGE, SURVIVORS AND... retroactive monthly social security benefits where supplemental security income (SSI) payments were received for the same period. (a) When reduction is required. We will reduce your retroactive social security...

  13. Domain Specific and Model Based Systems Engineering in the Smart Grid as Prerequesite for Security by Design

    National Research Council Canada - National Science Library

    Neureiter, Christian; Engel, Dominik; Uslar, Mathias

    2016-01-01

    .... In order to maintain the strict security requirements, holistic systems engineering concepts and reference architectures are required that enable the integration, maintenance and evaluation of Smart Grid security...

  14. Efficient Aviation Security: Strengthening the Analytic Foundation for Making Air Transportation Security Decisions

    Science.gov (United States)

    2012-01-01

    security practices, technologies, and the aviation security enterprise as a whole, with a focus on examining the costs and benefits of aviation security...Mueller and Stewart, 2008). Gaining control of an airliner today would require a more complex operation (e.g., breaking through forti- fied cockpit ...first is posed by the existing, largely detection-based security measures intended to keep explosives and other weapons off aircraft. The tem- plate

  15. Computer Security: the security marathon, part 2

    CERN Multimedia

    Computer Security Team

    2014-01-01

    Do you recall our latest article on the “Security Marathon” (see here) and why it’s wrong to believe that computer security is a sprint, that a quick hack is invulnerable, that quick bug-fixing is sufficient, that plugging security measures on top of existing structures is a good idea, that once you are secure, your life is cosy?   In fact, security is a marathon for us too. Again and again, we have felt comfortable with the security situation at CERN, with dedicated protections deployed on individual hosts, with the security measures deployed by individual service managers, with the attentiveness and vigilance of our users, and with the responsiveness of the Management. Again and again, however, we subsequently detect or receive reports that this is wrong, that protections are incomplete, that security measures are incomplete, that security awareness has dropped. Thus, unfortunately, we often have to go back to square one and address similar issues over and over...

  16. Securing the Global Airspace System Via Identity-Based Security

    Science.gov (United States)

    Ivancic, William D.

    2015-01-01

    Current telecommunications systems have very good security architectures that include authentication and authorization as well as accounting. These three features enable an edge system to obtain access into a radio communication network, request specific Quality-of-Service (QoS) requirements and ensure proper billing for service. Furthermore, the links are secure. Widely used telecommunication technologies are Long Term Evolution (LTE) and Worldwide Interoperability for Microwave Access (WiMAX) This paper provides a system-level view of network-centric operations for the global airspace system and the problems and issues with deploying new technologies into the system. The paper then focuses on applying the basic security architectures of commercial telecommunication systems and deployment of federated Authentication, Authorization and Accounting systems to provide a scalable, evolvable reliable and maintainable solution to enable a globally deployable identity-based secure airspace system.

  17. 42 CFR 3.106 - Security requirements.

    Science.gov (United States)

    2010-10-01

    ... work product, limiting access to authorized users, and sanitizing and destroying such media before..., unauthorized, or inappropriate receipt, access, or handling of patient safety work product, and (ii) Methods to...

  18. Requirements For Security Sector Reform Success

    Science.gov (United States)

    2016-05-26

    over the long term. 57 John W. Creswell , Qualitative Inquiry & Research Design : Choosing among Five Approaches, 3rd ed. (Los Angeles, CA: Sage...the Conflict Trap: Civil War and Development Policy. New York: World Bank, 2003. Creswell , John W. Qualitative Inquiry & Research Design ...have, in this case SSR.56 Methodology This monograph will use a qualitative methodology to validate the thesis. Qualitative research can follow

  19. Defining and Enforcing Hardware Security Requirements

    Science.gov (United States)

    2011-12-01

    by Baez [78]. PLY, in turn, is based on the methods used in the lex-yacc family of parsers [79]. PLY is an LR - parser . Our tool parses PSL’s Foundation...insight on malicious inclusions, and ● Cindy Eisner, for making the IBM Sugar Parser available, her excellent book with Dana Fisman on PSL, and for... parser is described in Section D. After the parse tree for the formula is generated, we pass it through a system of rewrite rules. There are two sets

  20. Information Systems Security Audit

    OpenAIRE

    Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

    2007-01-01

    The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  1. Information Systems Security Audit

    Directory of Open Access Journals (Sweden)

    Gheorghe Popescu

    2007-12-01

    Full Text Available The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  2. Information security management handbook, v.7

    CERN Document Server

    O'Hanley, Richard

    2013-01-01

    Updated annually, the Information Security Management Handbook, Sixth Edition, Volume 7 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations. Reporting on the latest developments in information security and recent changes to the (ISC)2(R) CISSP Common Body of Knowledge (CBK(R)), this volume features 27 new chapters on topics

  3. Social Security Bulletin

    Data.gov (United States)

    Social Security Administration — The Social Security Bulletin (ISSN 1937-4666) is published quarterly by the Social Security Administration. The Bulletin is prepared in the Office of Retirement and...

  4. Security, Fraud Detection

    Indian Academy of Sciences (India)

    First page Back Continue Last page Overview Graphics. Secure. Secure. Server – Intruder prevention/detection; Network – Encryption, PKI; Client - Secure. Fraud detection based on audit trails. Automatic alerts like credit-card alerts based on suspicious patterns.

  5. Transforming Homeland Security [video

    OpenAIRE

    McIntyre, David; Center for Homeland Defense and Security Naval Postgraduate School

    2011-01-01

    A pioneer in homeland security, and homeland security education, David McIntyre discusses the complexities in transforming homeland security from a national program in its inception, to also include state and local agencies and other public and private parties.

  6. USCG Security Plan Review

    Data.gov (United States)

    Department of Homeland Security — The Security Plan Review module is intended for vessel and facility operators to check on the status of their security plans submitted to the US Coast Guard. A MISLE...

  7. Network security risk level

    Directory of Open Access Journals (Sweden)

    Emil BURTESCU

    2006-01-01

    Full Text Available The advantages of the existence of a computers network within any company with pretensions are obvious. But the construction and the existence of a network without meeting some minimum security requirements, although it would be preferable to be optimal, can lead to bad functioning in the performance of the company’s business. The vulnerability of a grouping, such as a network, is given by the weakest point in its competence. The establishing of the risk level of each component of the network, and implicitly of the grouping, is highly necessary

  8. Cyberspace security system

    Science.gov (United States)

    Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

    2014-06-24

    A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

  9. Security guide for subcontractors

    Energy Technology Data Exchange (ETDEWEB)

    Adams, R.C.

    1991-01-01

    This security guide of the Department of Energy covers contractor and subcontractor access to DOE and Mound facilities. The topics of the security guide include responsibilities, physical barriers, personnel identification system, personnel and vehicular access controls, classified document control, protecting classified matter in use, storing classified matter repository combinations, violations, security education clearance terminations, security infractions, classified information nondisclosure agreement, personnel security clearances, visitor control, travel to communist-controlled or sensitive countries, shipment security, and surreptitious listening devices.

  10. Foundational aspects of security

    DEFF Research Database (Denmark)

    Chatzikokolakis, Konstantinos; Mödersheim, Sebastian Alexander; Palamidessi, Catuscia

    2014-01-01

    This Special Issue of the Journal of Computer Security focuses on foundational aspects of security, which in recent years have helped change much of the way we think about and approach system security.......This Special Issue of the Journal of Computer Security focuses on foundational aspects of security, which in recent years have helped change much of the way we think about and approach system security....

  11. A Research Agenda for Security Engineering

    Directory of Open Access Journals (Sweden)

    Rich Goyette

    2013-08-01

    Full Text Available Despite nearly 30 years of research and application, the practice of information system security engineering has not yet begun to exhibit the traits of a rigorous scientific discipline. As cyberadversaries have become more mature, sophisticated, and disciplined in their tradecraft, the science of security engineering has not kept pace. The evidence of the erosion of our digital security – upon which society is increasingly dependent – appears in the news almost daily. In this article, we outline a research agenda designed to begin addressing this deficit and to move information system security engineering toward a mature engineering discipline. Our experience suggests that there are two key areas in which this movement should begin. First, a threat model that is actionable from the perspectives of risk management and security engineering should be developed. Second, a practical and relevant security-measurement framework should be developed to adequately inform security-engineering and risk-management processes. Advances in these areas will particularly benefit business/government risk assessors as well as security engineers performing security design work, leading to more accurate, meaningful, and quantitative risk analyses and more consistent and coherent security design decisions. Threat modelling and security measurement are challenging activities to get right – especially when they need to be applied in a general context. However, these are decisive starting points because they constitute the foundation of a scientific security-engineering practice. Addressing these challenges will require stronger and more coherent integration between the sub-disciplines of risk assessment and security engineering, including new tools to facilitate that integration. More generally, changes will be required in the way security engineering is both taught and practiced to take into account the holistic approach necessary from a mature, scientific

  12. Practical unix & internet security

    National Research Council Canada - National Science Library

    Garfinkel, Simson; Spafford, Gene; Schwartz, Alan

    2003-01-01

    ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Part I. Computer Security Basics 1. Introduction: Some Fundamental Questions What Is Computer Security? What Is an Operating System? What Is a...

  13. Practical unix & internet security

    National Research Council Canada - National Science Library

    Garfinkel, Simson; Spafford, Gene; Schwartz, Alan

    2003-01-01

    ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Part I. Computer Security Basics 1. Introduction: Some Fundamental Questions What Is Computer Security? What Is an Operating System? What Is a Deployment...

  14. Personnel Security Investigations -

    Data.gov (United States)

    Department of Transportation — This data set contains the types of background investigations, decisions, level of security clearance, date of security clearance training, and credentials issued to...

  15. Explosive detection technologies for airline security

    OpenAIRE

    Maruyama, Xavier K.

    2000-01-01

    Aviation safety and security has become a topic of paramount national concern. Informed decision making requires an appreciation of trends in technology in response to projected future terrorist activities. In the area of security, explosive detection is made possible by a bewildering array of newly offered equipment. This document describes the science and engineering of the various technologies. The information presented here was written for airline security, but it applies also to a wi...

  16. Security measures for AIDS and HIV.

    Science.gov (United States)

    Torres, C G; Turner, M E; Harkess, J R; Istre, G R

    1991-02-01

    This study describes the measures being taken by AIDS surveillance offices across the country to ensure the security of information regarding patients with AIDS and HIV infection. Security measures were evaluated according to the cumulative number of AIDS cases reported, whether partner notification services were provided, and whether HIV seropositive reporting by name was also required. This study showed that public health departments have taken extra steps to ensure the security of AIDS and HIV data.

  17. Governing for Enterprise Security (GES) Implementation Guide

    Science.gov (United States)

    2007-08-01

    practices and standards. The International Organi- zation for Standardization (ISO) leads the way with ISO 17799 [ISO 05a] and ISO 27001 [ISO 05b]. The Na...Service Management – 2 parts (2005) • ISO/IEC 27001 : Information Technology – Security Techniques – Information Security Management Systems...techniques - Information security management systems - Requirements. ISO/IEC 27001 :2005(E), First edition, October 15, 2005. [ITCI 06] IT Audit

  18. Reconciling food security and bioenergy : Priorities for action

    NARCIS (Netherlands)

    Kline, Keith L.; Msangi, Siwa; Dale, Virginia H.; Woods, Jeremy; Souza, Glaucia m.; Osseweijer, P.; Clancy, Joy S.; Hilbert, Jorge A.; Johnson, Francis X.; Mcdonnell, Patrick C.; Mugera, Harriet K.

    Understanding the complex interactions among food security, bioenergy sustainability, and resource management requires a focus on specific contextual problems and opportunities. The United Nations' 2030 Sustainable Development Goals place a high priority on food and energy security; bioenergy

  19. A framework for evaluating food security and nutrition monitoring ...

    African Journals Online (AJOL)

    level information and operated at the national level. Future challenges in addressing household food security will require devolution of the process of food security monitoring and intervention systems to decentralized levels. The authors also find ...

  20. Technologies to counter aviation security threats

    Science.gov (United States)

    Karoly, Steve

    2017-11-01

    The Aviation and Transportation Security Act (ATSA) makes TSA responsible for security in all modes of transportation, and requires that TSA assess threats to transportation, enforce security-related regulations and requirements, and ensure the adequacy of security measures at airports and other transportation facilities. Today, TSA faces a significant challenge and must address a wide range of commercial, military grade, and homemade explosives and these can be presented in an infinite number of configurations and from multiple vectors. TSA screens 2 million passengers and crew, and screens almost 5 million carry-on items and 1.2 million checked bags daily. As TSA explores new technologies for improving efficiency and security, those on the forefront of research and development can help identify unique and advanced methods to combat terrorism. Research and Development (R&D) drives the development of future technology investments that can address an evolving adversary and aviation threat. The goal is to rethink the aviation security regime in its entirety, and rather than focusing security at particular points in the enterprise, distribute security from the time a reservation is made to the time a passenger boards the aircraft. The ultimate objective is to reengineer aviation security from top to bottom with a continued focus on increasing security throughout the system.

  1. Security 2020 Reduce Security Risks This Decade

    CERN Document Server

    Howard, Doug; Schneier, Bruce

    2010-01-01

    Identify real security risks and skip the hype After years of focusing on IT security, we find that hackers are as active and effective as ever. This book gives application developers, networking and security professionals, those that create standards, and CIOs a straightforward look at the reality of today's IT security and a sobering forecast of what to expect in the next decade. It debunks the media hype and unnecessary concerns while focusing on the knowledge you need to combat and prioritize the actual risks of today and beyond.IT security needs are constantly evolving; this guide examine

  2. Security guide for subcontractors

    Energy Technology Data Exchange (ETDEWEB)

    Adams, R.C.

    1993-06-01

    This guide is provided to aid in the achievement of security objectives in the Department of Energy (DOE) contractor/subcontractor program. The objectives of security are to protect information that, if released, would endanger the common defense and security of the nation and to safeguard plants and installations of the DOE and its contractors to prevent the interruption of research and production programs. The security objective and means of achieving the objective are described. Specific security measures discussed in this guide include physical barriers, personnel identification systems, personnel and vehicular access control, classified document control, protection of classified matter in use, storing classified matter, and repository combinations. Means of dealing with security violations and security infractions are described. Maintenance of a security education program is discussed. Also discussed are methods of handling clearance terminations, visitor control, travel to sensitive countries, and shipment security. The Technical Surveillance Countermeasures Program (TSCM), the Computer Security Program, and the Operations Security Plan (OPSEC) are examined.

  3. The corporate security professional

    DEFF Research Database (Denmark)

    Petersen, Karen Lund

    2013-01-01

    In our age of globalization and complex threat environments, every business is called upon to manage security. This tendency is reflected in the fact that a wide range of businesses increasingly think about security in broad terms and strive to translate national security concerns into corporate...... speech. This article argues that the profession of the security manager has become central for understanding how the relationship between national and corporate security is currently negotiated. The national security background of most private sector security managers makes the corporate security...... professional inside the company a powerful hybrid agent. By zooming in on the profession and the practice of national security inside companies, the article raises questions about where to draw the line between corporate security and national security along with the political consequences of the constitution...

  4. The nature of international health security.

    Science.gov (United States)

    Chiu, Ya-Wen; Weng, Yi-Hao; Su, Yi-Yuan; Huang, Ching-Yi; Chang, Ya-Chen; Kuo, Ken N

    2009-01-01

    Health issues occasionally intersect security issues. Health security has been viewed as an essential part of human security. Policymakers and health professionals, however, do not share a common definition of health security. This article aims to characterize the notions of health security in order to clarify what constitutes the nexus of health and security. The concept of health security has evolved over time so that it encompasses many entities. Analyzing the health reports of four multilateral organizations (the United Nations, World Health Organization, Asia-Pacific Economic Cooperation, and the European Union) produced eight categories of most significant relevance to contemporary health security, allowing comparison of the definitions. The four categories are: emerging diseases; global infectious disease; deliberate release of chemical and biological materials; violence, conflict, and humanitarian emergencies. Two other categories of common concern are natural disasters and environmental change, as well as chemical and radioactive accidents. The final two categories, food insecurity and poverty, are discussed less frequently. Nevertheless, food security is emerging as an increasingly important issue in public health. Health security is the first line of defence against health emergencies. As globalization brings more complexities, dealing with the increased scale and extent of health security will require greater international effort and political support.

  5. From Secure Memories to Smart Card Security

    Science.gov (United States)

    Handschuh, Helena; Trichina, Elena

    Non-volatile memory is essential in most embedded security applications. It will store the key and other sensitive materials for cryptographic and security applications. In this chapter, first an overview is given of current flash memory architectures. Next the standard security features which form the basis of so-called secure memories are described in more detail. Smart cards are a typical embedded application that is very vulnerable to attacks and that at the same time has a high need for secure non-volatile memory. In the next part of this chapter, the secure memories of so-called flash-based high-density smart cards are described. It is followed by a detailed analysis of what the new security challenges for such objects are.

  6. Home-Network Security Model in Ubiquitous Environment

    OpenAIRE

    Dong-Young Yoo; Jong-Whoi Shin; Jin-Young Choi

    2007-01-01

    Social interest and demand on Home-Network has been increasing greatly. Although various services are being introduced to respond to such demands, they can cause serious security problems when linked to the open network such as Internet. This paper reviews the security requirements to protect the service users with assumption that the Home-Network environment is connected to Internet and then proposes the security model based on the requirement. The proposed security mode...

  7. Motorola Secure Software Development Model

    Directory of Open Access Journals (Sweden)

    Francis Mahendran

    2008-08-01

    Full Text Available In today's world, the key to meeting the demand for improved security is to implement repeatable processes that reliably deliver measurably improved security. While many organizations have announced efforts to institutionalize a secure software development process, there is little or no industry acceptance for a common process improvement framework for secure software development. Motorola has taken the initiative to develop such a framework, and plans to share this with the Software Engineering Institute for possible inclusion into its Capability Maturity Model Integration (CMMI®. This paper will go into the details of how Motorola is addressing this issue. The model that is being developed is designed as an extension of the existing CMMI structure. The assumption is that the audience will have a basic understanding of the SEI CMM® / CMMI® process framework. The paper will not describe implementation details of a security process model or improvement framework, but will address WHAT security practices are required for a company with many organizations operating at different maturity levels. It is left to the implementing organization to answer the HOW, WHEN, WHO and WHERE aspects. The paper will discuss how the model is being implemented in the Motorola Software Group.

  8. Soil Security Assessment of Tasmania

    Science.gov (United States)

    Field, Damien; Kidd, Darren; McBratney, Alex

    2017-04-01

    The concept of soil security aligns well with the aspirational and marketing policies of the Tasmanian Government, where increased agricultural expansion through new irrigation schemes and multiple-use State managed production forests co-exists beside pristine World Heritage conservation land, a major drawcard of the economically important tourism industry . Regarding the Sustainable Development Gaols (SDG's) this could be seen as a exemplar of the emerging tool for quantification of spatial soil security to effectively protect our soil resource in terms of food (SDG 2.4, 3.9) and water security (SDG 6.4, 6.6), biodiversity maintenance and safeguarding fragile ecosystems (SDG 15.3, 15.9). The recent development and application of Digital Soil Mapping and Assessment capacities in Tasmania to stimulate agricultural production and better target appropriate soil resources has formed the foundational systems that can enable the first efforts in quantifying and mapping Tasmanian Soil Security, in particular the five Soil Security dimensions (Capability, Condition, Capital, Codification and Connectivity). However, to provide a measure of overall soil security, it was necessary to separately assess the State's three major soil uses; Agriculture, Conservation and Forestry. These products will provide an indication of where different activities are sustainable or at risk, where more soil data is needed, and provide a tool to better plan for a State requiring optimal food and fibre production, without depleting its natural soil resources and impacting on the fragile ecosystems supporting environmental benefits and the tourism industry.

  9. Multi-cultural network security

    Energy Technology Data Exchange (ETDEWEB)

    Stevens, D.F.

    1996-04-01

    Education and awareness are widely acknowledged to be among the fundamental issues of Internet security, but only in the sense of making Internet users more security conscious. For the Internet to achieve its promise as an information highway, however, a complementary education effort is needed. If adequate Internet security is to be achieved, we must also increase the awareness of the professional security community of the requirements, attitudes, and habits of the many different cultures that participate in the Internet. Discussions of {open_quotes}the Internet{close_quotes} encourage the misapprehension that there is a single, uniform user community instead of a loose alliance of many cultures that differ in many fundamental aspects. This is true even if we limit our consideration to ethical cultures. At this Workshop alone we have representatives of administrative and military cultures, Governmental and commercial cultures, profit-cultures and non-profit cultures, research and operational cultures. Internet cultures are united in their desire to exploit the connectivity, flexibility, and rapidity of communication provided by the net, but differ greatly in their motivations, their attitudes towards authority, their willingness to cooperate within their own communities, their interest in technical arcana, and the patience with which they will put up with - or the enthusiasm with which they will embrace - the growing list of procedures deemed necessary for acceptable security. They even differ in how they define {open_quotes}acceptable security{close_quotes}.

  10. Security Technologies for Open Networking Environments (STONE)

    Energy Technology Data Exchange (ETDEWEB)

    Muftic, Sead

    2005-03-31

    -domain scenarios is supported by a set of security engines that represent the core of the Federated Identities Management Server, which is also an extension of the Domain Security Server. The Federated Identity Management server allows users to federate their identities or terminate the federation between the service provider and the identity provider. At the service provider web site, the users are offered a list of identity providers to which they can choose to federate their identities. After users federate their identity, they can perform Single Sign-On protocol in an environment of federated domains. The group security system consists of a number of security technologies under a unified architecture, which supports creation of secure groups and execution of secure group transactions and applications in an open networking environment. The system is based on extensions of the GSAKMP standard for group key distribution and management. The Top layer is the Security Infrastructure with the Security Management and Administration System components and protocols that provide security functions common to all secure network applications The Middle layer is the Secure Group Protocols and Applications layer, consisting of the Policy and Group Key Distribution Server and Web-based (thin) Client. The Bottom layer is the supporting Middleware Security Platform, the cryptographic platform already described above. The group security system is designed to perform the functions necessary to create secure groups and enable secure group applications. Specifically, the system can manage group roles, create and disseminate a group security policy, perform authentication and authorization of users using PKI certificates and Web services security, generate group keys, and recover from compromises. In accordance with the GSAKMP standard, the group security system must perform all the required group life-cycle functions: group definition, group establishment, group maintenance, and group removal. The

  11. Securing underwater wireless communication networks

    OpenAIRE

    Domingo Aladrén, Mari Carmen

    2011-01-01

    Underwater wireless communication networks are particularly vulnerable to malicious attacks due to the high bit error rates, large and variable propagation delays, and low bandwidth of acoustic channels. The unique characteristics of the underwater acoustic communication channel, and the differences between underwater sensor networks and their ground-based counterparts require the development of efficient and reliable security mechanisms. In this article, a compl...

  12. Secure Storage Architectures

    Energy Technology Data Exchange (ETDEWEB)

    Aderholdt, Ferrol [Tennessee Technological University; Caldwell, Blake A [ORNL; Hicks, Susan Elaine [ORNL; Koch, Scott M [ORNL; Naughton, III, Thomas J [ORNL; Pogge, James R [Tennessee Technological University; Scott, Stephen L [Tennessee Technological University; Shipman, Galen M [ORNL; Sorrillo, Lawrence [ORNL

    2015-01-01

    help with this issue, which are a particular instances of the more general challenge of efficient host/guest IO that is the focus of interfaces like virtio. A collection of bridging technologies have been identified in Chapter 4, which can be helpful to overcome the limitations and challenges of supporting efficient storage for secure enclaves. The synthesis of native filesystem security mechanisms and bridging technologies led to an isolation-centric storage architecture that is proposed in Chapter 5, which leverages isolation mechanisms from different layers to facilitate secure storage for an enclave. Recommendations: The following highlights recommendations from the investigations done thus far. - The Lustre filesystem offers excellent performance but does not support some security related features, e.g., encryption, that are included in GPFS. If encryption is of paramount importance, then GPFS may be a more suitable choice. - There are several possible Lustre related enhancements that may provide functionality of use for secure-enclaves. However, since these features are not currently integrated, the use of Lustre as a secure storage system may require more direct involvement (support). (*The network that connects the storage subsystem and users, e.g., Lustre s LNET.) - The use of OpenStack with GPFS will be more streamlined than with Lustre, as there are available drivers for GPFS. - The Manilla project offers Filesystem as a Service for OpenStack and is worth further investigation. Manilla has some support for GPFS. - The proposed Lustre enhancement of Dynamic-LNET should be further investigated to provide more dynamic changes to the storage network which could be used to isolate hosts and their tenants. - The Linux namespaces offer a good solution for creating efficient restrictions to shared HPC filesystems. However, we still need to conduct a thorough round of storage/filesystem benchmarks. - Vendor products should be more closely reviewed, possibly to

  13. Critical Perspective on ASEAN's Security Policy Under ASEAN Political and Security Community

    Directory of Open Access Journals (Sweden)

    Irawan Jati

    2016-03-01

    Full Text Available   Despite economic integration challenges, ASEAN faces greater security challenges. It is obvious to assert that a stable economic development requires a secure regional atmosphere. The most probable threats against ASEAN are ranging from hostile foreign entities infiltration, intra and inter states disputes, radical religious movements, human trafficking, drugs and narcotics smuggling, cybercrimes and environmental disasters. In 2009, ASEAN established the ASEAN Political and Security Community as the umbrella of ASEAN’s political and security initiatives. APSC slots in some significant fora; ASEAN Intergovernmental Commission on Human Rights (AICHR, ASEAN Foreign Ministers Meeting (AMM,  ASEAN Regional Forum (ARF, ASEAN Defense Minister’s Meeting (ADMM, ASEAN Law Ministers Meeting (ALAWMM, and ASEAN Ministerial Meeting on Transnational Crimes (AMMTC. The wide array of these forums signify ASEAN efforts to confront double features of security; the traditional and nontraditional or critical security. The traditional security considers state security as the primary object security. While the critical security tends to focus on non-state aspects such as individual human being as its referent object. Even though some argue that APSC has been able to preserve the stability in the region, it still lack of confidence in solving critical issues such as territorial disputes and irregular migrants problems.Therefore, this piece would examine the fundamental questions: How does ASEAN address beyond state security issues in its security policy through APSC? To search for the answer this paper would apply critical security studies approach. Critical security posits that threats are not always for the states but in many cases for the people. Based on the examination of ASEAN security policies, this paper argues that ASEAN’s security policy has touched the non-traditional security issues but showing slow progress on its development and application. 

  14. Usable security and e-banking

    DEFF Research Database (Denmark)

    Hertzum, Morten; Jørgensen, Niels; Nørgaard, Mie

    2004-01-01

    Electronic banking must be secure and easy to use. An evaluation of six Danish web-based electronic banking systems indicates that the systems have serious weaknesses with respect to ease of use. Our analysis of the weaknesses suggests that security requirements are among their causes and that th...

  15. Usable Security and E-Banking

    DEFF Research Database (Denmark)

    Hertzum, Morten; Juul, Niels Christian; Jørgensen, Niels Henrik

    2004-01-01

    Electronic banking must be secure and easy to use. An evaluation of six Danish web-based electronic banking systems indicates that the systems have serious weaknesses with respect to ease of use. Analysis of the weaknesses suggests that security requirements are among their causes and that the we...

  16. 27 CFR 18.19 - Security.

    Science.gov (United States)

    2010-04-01

    ... 27 Alcohol, Tobacco Products and Firearms 1 2010-04-01 2010-04-01 false Security. 18.19 Section 18.19 Alcohol, Tobacco Products and Firearms ALCOHOL AND TOBACCO TAX AND TRADE BUREAU, DEPARTMENT OF THE... Provisions Document Requirements § 18.19 Security. The concentrate plant and equipment will be so constructed...

  17. Cyber Security--Are You Prepared?

    Science.gov (United States)

    Newman, Scott

    2007-01-01

    During the summer 2002 term, Oklahoma State University-Okmulgee's Information Technologies Division offered a one credit-hour network security course--which barely had adequate student interest to meet the institution's enrollment requirements. Today, OSU-Okmulgee boasts one of the nation's premier cyber security programs. Many prospective…

  18. 32 CFR 2001.51 - Technical security.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Technical security. 2001.51 Section 2001.51....51 Technical security. Based upon the risk management factors referenced in § 2001.40 of this directive, agency heads shall determine the requirement for technical countermeasures such as Technical...

  19. Chapter 3: Energy Security

    Energy Technology Data Exchange (ETDEWEB)

    Foust, Thomas D.; Arent, Doug; de Carvalho Macedo, Isaias; Goldemberg, Jose; Hoysala, Chanakya; Filho, Rubens Maciel; Nigro, Francisco E. B.; Richard, Tom L.; Saddler, Jack; Samseth, Jon; Somerville, Chris R.

    2015-04-01

    This chapter considers the energy security implications and impacts of bioenergy. We provide an assessment to answer the following questions: What are the implications for bioenergy and energy security within the broader policy environment that includes food and water security, development, economic productivity, and multiple foreign policy aspects? What are the conditions under which bioenergy contributes positively to energy security?

  20. Untangle network security

    CERN Document Server

    El-Bawab, Abd El-Monem A

    2014-01-01

    If you are a security engineer or a system administrator and want to secure your server infrastructure with the feature-rich Untangle, this book is for you. For individuals who want to start their career in the network security field, this book would serve as a perfect companion to learn the basics of network security and how to implement it using Untangle NGFW.

  1. Security research roadmap

    Energy Technology Data Exchange (ETDEWEB)

    Rouhiainen, V. (ed.)

    2007-02-15

    VTT has a broad range of security research ongoing in many areas of technology. The main areas have been concentrating on public safety and security, but VTT is also participating in several research projects related to defence technology. To identify and define expertise and research goals in more detail, the Security research roadmap was developed. The roadmap identified three particularly significant areas related to security. The assurance of a critical infrastructure emphasises the protection of energy networks, information networks, water supply, traffic and transport, and obviously also the citizens. For assuring the activities of entrepreneurship, significant areas include the security of production and services, the security of sites and assets, and information security for embedded systems. The most important security products and technologies needed are, for example, management of total security, detection, identification, localisation and communication, protection of information networks and systems, as well as physical protection. In the EU's Security programme, which aims at ensuring the security of society and its vital functions, it is stated that. Technology alone can not assure security, but security can not be assured without the support of technology. VTT is conducting security research in all its areas of expertise and clusters. The area has a significant research potential. The development of products and systems designed for the improvement of security has just started. There is still room for innovation. This report presents knowledge and development needs in more detail, as well as future development potential seen in the area of security. (orig.)

  2. Professional Cocoa Application Security

    CERN Document Server

    Lee, Graham J

    2010-01-01

    The first comprehensive security resource for Mac and iPhone developers. The Mac platform is legendary for security, but consequently, Apple developers have little appropriate security information available to help them assure that their applications are equally secure. This Wrox guide provides the first comprehensive go-to resource for Apple developers on the available frameworks and features that support secure application development.: While Macs are noted for security, developers still need to design applications for the Mac and the iPhone with security in mind; this guide offers the first

  3. Security of Dependable Systems

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Security and dependability are crucial for designing trustworthy systems. The approach “security as an add-on” is not satisfactory, yet the integration of security in the development process is still an open problem. Especially, a common framework for specifying dependability and security is very...... much needed. There are many pressing challenges however; here, we address some of them. Firstly, security for dependable systems is a broad concept and traditional view of security, e.g., in terms of confidentiality, integrity and availability, does not suffice. Secondly, a clear definition of security...

  4. IAEA nuclear security program

    Energy Technology Data Exchange (ETDEWEB)

    Ek, D. [International Atomic Energy Agency, Vienna (Austria)

    2006-07-01

    Although nuclear security is a State responsibility, it is nevertheless an international concern, as the consequences of a nuclear security incident would have worldwide impact. These concerns have resulted in the development of numerous international instruments on nuclear security since the terrorist events in the USA on September 11, 2001. The IAEA Office of Nuclear Security has been charged to assist Member States to improvement their nuclear security and to meet the intent of these international obligations in order to ensure a cohesive thread of nuclear security protects the global community. The programs underway and planned by the Office of Nuclear Security will be discussed in this paper. (author)

  5. Lecture 2: Software Security

    CERN Multimedia

    CERN. Geneva

    2013-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development, testing and deployment. Sebastian Lopienski is CERN’s deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and ...

  6. 49 CFR 1540.301 - Withdrawal of approval of a security program.

    Science.gov (United States)

    2010-10-01

    ...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY CIVIL AVIATION... withdrawal. If TSA finds that there is an emergency with respect to aviation security requiring immediate... 49 Transportation 9 2010-10-01 2010-10-01 false Withdrawal of approval of a security program. 1540...

  7. Security for multi-hop wireless networks

    CERN Document Server

    Mahmoud, Mohamed M E A

    2014-01-01

    This Springer Brief discusses efficient security protocols and schemes for multi-hop wireless networks. It presents an overview of security requirements for these networks, explores challenges in securing networks and presents system models. The authors introduce mechanisms to reduce the overhead and identify malicious nodes that drop packets intentionally. Also included is a new, efficient cooperation incentive scheme to stimulate the selfish nodes to relay information packets and enforce fairness. Many examples are provided, along with predictions for future directions of the field. Security

  8. Security Protocols: Specification, Verification, Implementation, and Composition

    DEFF Research Database (Denmark)

    Almousa, Omar

    An important aspect of Internet security is the security of cryptographic protocols that it deploys. We need to make sure that such protocols achieve their goals, whether in isolation or in composition, i.e., security protocols must not suffer from any aw that enables hostile intruders to break...... called SPS (Security Protocol Specification) language, that enables users, without requiring deep expertise in formal models from them, to specify a wide range of real-world protocols in a simple and intuitive way. Thus, SPS allows users to verify their protocols using different tools, and generate...

  9. Concepts and Practices of Cooperative Security

    DEFF Research Database (Denmark)

    Keating, Vincent; Wheeler, Nicholas J

    2013-01-01

    This chapter considers how the security dilemma can be overcome in ways that promote cooperation and even trust, mitigating or transcending the international uncertainty that can otherwise inhibit interstate cooperation. It argues that there are two mechanisms to create the trust necessary...... for the development of a security community, Charles Osgood's GRIT strategy and a unilateral 'leap of trust.' Both of these, however, initially require elites to develop security dilemma sensibility. The long-term stability of security communities is fundamentally linked to the presence of embedded trust among...

  10. Considerations on Cyber Security Assessments of Korean Nuclear Power Plants

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Jung-Woon; Song, Jae-Gu; Han, Kyung-Soo; Lee, Cheol Kwon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of); Kang, Mingyun [E-Gonggam Co. Ltd., Daejeon (Korea, Republic of)

    2015-10-15

    Korea Institute of Nuclear Nonproliferation and Control (KINAC) has prepared the regulatory standard RS-015 based on RG 5.71. RS-015 defines the elements of a cyber security program to be established in nuclear facilities and describes the security control items and relevant requirements. Cyber security assessments are important initial activities in a cyber security program for NPPs. Cyber security assessments can be performed in the following key steps: 1) Formation of a cyber security assessment team (CSAT); 2) Identification of critical systems and critical digital assets (CDAs); 3) Plant compliance checks with the security control requirements in RS-015. Through the assessments, the current status of security controls applied to NPPs can be found out. The assessments provide baseline data for remedial activities. Additional analyses with the results from the assessments should be performed before the implementation of remedial security controls. The cyber security team at the Korea Atomic Energy Research Institute (KAERI) has studied how to perform cyber security assessments for NPPs based on the regulatory requirements. Recently, KAERI's cyber security team has performed pilot cyber security assessments of a Korean NPP. Based on this assessment experience, considerations and checkpoints which would be helpful for full-scale cyber security assessments of Korean NPPs and the implementation of remedial security controls are discussed in this paper. Cyber security assessment is one of important and immediate activities for NPP cyber security. The quality of the first assessment will be a barometer for NPP cyber security. Hence cyber security assessments of Korean NPPs should be performed elaborately.

  11. Quality of protection evaluation of security mechanisms.

    Science.gov (United States)

    Ksiezopolski, Bogdan; Zurek, Tomasz; Mokkas, Michail

    2014-01-01

    Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol.

  12. Quality of Protection Evaluation of Security Mechanisms

    Directory of Open Access Journals (Sweden)

    Bogdan Ksiezopolski

    2014-01-01

    Full Text Available Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol.

  13. Open source systems security certification

    CERN Document Server

    Damiani, Ernesto; El Ioini, Nabil

    2009-01-01

    Open Source Advances in Computer Applications book series provides timely technological and business information for: Enabling Open Source Systems (OSS) to become an integral part of systems and devices produced by technology companies; Inserting OSS in the critical path of complex network development and embedded products, including methodologies and tools for domain-specific OSS testing (lab code available), plus certification of security, dependability and safety properties for complex systems; Ensuring integrated systems, including OSS, meet performance and security requirements as well as achieving the necessary certifications, according to the overall strategy of OSS usage on the part of the adopter

  14. Making grandma's data secure: a security architecture for home telemedicine.

    Science.gov (United States)

    Starren, J; Sengupta, S; Hripcsak, G; Ring, G; Klerer, R; Shea, S

    2001-01-01

    Home telemedicine presents special challenges for data security and privacy. Experience in the Informatics for Diabetes Education And Telemedicine (IDEATel) project has demonstrated that data security is not a one-size-fits-all problem. The IDEATel users include elderly patients in their homes, nurse case managers, physicians, and researchers. The project supports multiple computer systems that require a variety of user interactions, including: data entry, data review, patient education, videoconferencing, and electronic monitoring. To meet these various needs, a number of different of security solutions were utilized, including: UserID/Password, PKI certificates, time-based tokens, IP filtering, VPNs, symmetric and asymmetric encryption schemes, firewalls and dedicated connections. These were combined in different ways to meet the needs of each user groups.

  15. Incorporating User-oriented Security into CC

    DEFF Research Database (Denmark)

    Sharp, Robin

    2009-01-01

    Current versions of the Common Criteria concentrate very heavily on technical security issues which are relevant for the design of secure systems. This approach largely ignores a number of questions which can have great significance for whether or not the system can be operated securely...... in an environment which contains not only other computer systems, but also human users. A case study involving the design of a secure medical instrumentation system will be used to illustrate the problems involved in incorporating user requirements into a secure design, so that system, when implemented, will help...... users to understand whether they are operating the system in a secure manner, thus avoiding user-related pitfalls such as leaking of confidential data as a result of inappropriate input, loss of patient privacy, inappropriate user reactions due to slow system response, or other similar threats...

  16. Security model for VM in cloud

    Science.gov (United States)

    Kanaparti, Venkataramana; Naveen K., R.; Rajani, S.; Padmvathamma, M.; Anitha, C.

    2013-03-01

    Cloud computing is a new approach emerged to meet ever-increasing demand for computing resources and to reduce operational costs and Capital Expenditure for IT services. As this new way of computation allows data and applications to be stored away from own corporate server, it brings more issues in security such as virtualization security, distributed computing, application security, identity management, access control and authentication. Even though Virtualization forms the basis for cloud computing it poses many threats in securing cloud. As most of Security threats lies at Virtualization layer in cloud we proposed this new Security Model for Virtual Machine in Cloud (SMVC) in which every process is authenticated by Trusted-Agent (TA) in Hypervisor as well as in VM. Our proposed model is designed to with-stand attacks by unauthorized process that pose threat to applications related to Data Mining, OLAP systems, Image processing which requires huge resources in cloud deployed on one or more VM's.

  17. Methods of responding to healthcare security incidents.

    Science.gov (United States)

    Furnell, S; Gritzalis, D; Katsikas, S; Mavroudakis, K; Sanders, P; Warren, M

    1998-01-01

    This paper considers the increasing requirement for security in healthcare IT systems and, in particular, identifies the need for appropriate means by which healthcare establishments (HCEs) may respond to incidents. The main discussion focuses upon two significant initiatives that have been established in order to improve understanding and awareness of healthcare security issues. The first is the establishment of a dedicated Incident Reporting Scheme (IRS) for HCEs, enabling the level and types of security incidents faced within the healthcare community to be monitored and advice appropriately targeted. The second aspect presents a description of healthcare security World Wide Web service, which provides a comprehensive source of advice and guidance for establishments when trying to address and prevent IT security breaches. The discussion is based upon work that is currently being undertaken with the ISHTAR (Implementing Secure Healthcare Telematics Applications in Europe) project, as part of the Telematics Applications for Health programme of the European Commission.

  18. Problem of Information Security Traffic on Internet

    Directory of Open Access Journals (Sweden)

    Slavko Šarić

    2012-10-01

    Full Text Available Internet information traffic becomes greater and moreimportant. With increasing growth of information importancerequirement for its security becomes indispensable. Theinformation security problem especially affect large and smallcompanies whose prosperity is depending on Internet presence.This affecting the three areas of Internet commerce: credit cardtransactions, virtual private networks and digital certification.To ensure information traffic it is necessary to find a solution,in a proper way, for three major problems: frontier problem,market problem and government problem. While the eventualemergence of security standards for Internet transactions isexpected, it will not automatically result in secure Internettransactions. In future, there is a wealth of security issues thatwill continue to require attention: internal security, continuedhacking, social engineering, malicious code, reliability andperformance, skills shortages and denial of se1vice attacks.

  19. 48 CFR 952.204-2 - Security.

    Science.gov (United States)

    2010-10-01

    ... nuclear material in the production of energy, but excluding data declassified or removed from the... control which are required to be reported to the Securities and Exchange Commission, the Federal Trade...

  20. Strategy to Enhance International Supply Chain Security

    National Research Council Canada - National Science Library

    2007-01-01

    .... at 1901, 1903, October 13, 2006) which require the development of a strategic plan to enhance the security of the international supply chain, including protocols for the expeditious resumption of the flow of trade following...

  1. 7 CFR 331.11 - Security.

    Science.gov (United States)

    2010-01-01

    ... access, theft, loss, or release. (b) The security plan must be designed according to a site-specific risk... approved individual; (3) Provide for the control of select agents and toxins by requiring freezers...

  2. Analysis of Security Protocols in Embedded Systems

    DEFF Research Database (Denmark)

    Bruni, Alessandro

    .e., protecting the system from the external world). With increased connectivity of these systems to external networks the attack surface has grown, and consequently there is a need for securing the system from external attacks. Introducing security protocols in safety critical systems requires careful......Embedded real-time systems have been adopted in a wide range of safety-critical applications—including automotive, avionics, and train control systems—where the focus has long been on safety (i.e., protecting the external world from the potential damage caused by the system) rather than security (i...... considerations on the available resources, especially in meeting real-time and resource constraints, as well as cost and reliability requirements. For this reason many proposed security protocols in this domain have peculiar features, not present in traditional security literature. In this thesis we tackle...

  3. Managing Cisco network security

    CERN Document Server

    Knipp, Eric

    2002-01-01

    An in-depth knowledge of how to configure Cisco IP network security is a MUST for anyone working in today''s internetworked world"There''s no question that attacks on enterprise networks are increasing in frequency and sophistication..."-Mike Fuhrman, Cisco Systems Manager, Security ConsultingManaging Cisco Network Security, Second Edition offers updated and revised information covering many of Cisco''s security products that provide protection from threats, detection of network security incidents, measurement of vulnerability and policy compliance and management of security policy across an extended organization. These are the tools that network administrators have to mount defenses against threats. Chapters also cover the improved functionality and ease of the Cisco Secure Policy Manger software used by thousands of small-to-midsized businesses and a special section on the Cisco Aironet Wireless Security Solutions.Security from a real-world perspectiveKey coverage of the new technologies offered by the Cisc...

  4. Defining Information Security.

    Science.gov (United States)

    Lundgren, Björn; Möller, Niklas

    2017-11-15

    This article proposes a new definition of information security, the 'Appropriate Access' definition. Apart from providing the basic criteria for a definition-correct demarcation and meaning concerning the state of security-it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called 'soft issues' of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security-the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.

  5. Do you write secure code?

    CERN Multimedia

    Computer Security Team

    2011-01-01

    At CERN, we are excellent at producing software, such as complex analysis jobs, sophisticated control programs, extensive monitoring tools, interactive web applications, etc. This software is usually highly functional, and fulfils the needs and requirements as defined by its author. However, due to time constraints or unintentional ignorance, security aspects are often neglected. Subsequently, it was even more embarrassing for the author to find out that his code flawed and was used to break into CERN computers, web pages or to steal data…   Thus, if you have the pleasure or task of producing software applications, take some time before and familiarize yourself with good programming practices. They should not only prevent basic security flaws in your code, but also improve its readability, maintainability and efficiency. Basic rules for good programming, as well as essential books on proper software development, can be found in the section for software developers on our security we...

  6. ENDPOINT PROTECTION SECURITY SYSTEM FOR AN ENTERPRISE

    OpenAIRE

    Ruotsalainen, Petri

    2013-01-01

    The thesis subscriber was Metso Shared Services Ltd. The objective was to find out if Microsoft Forefront Endpoint Protection 2010 (FEP) would be secure and cost-effective enough system to fulfill the requirements of the company’s endpoint protection security system. Microsoft FEP was compared and benchmarked with some other most significant endpoint protection products based on the requirements and definitions of the subscriber. The comparison and evaluation were based on investigation a...

  7. Cyber Security and Resilient Systems

    Energy Technology Data Exchange (ETDEWEB)

    Robert S. Anderson

    2009-07-01

    The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

  8. Nation State as Security Provider in Human Security Issue

    OpenAIRE

    Maya Padmi, Made Fitri

    2015-01-01

    Human Security notion is emphasizing on human as the central of security studies, challenging the position of state as the core of security. Some studies are tried to separate the state security and human security, however there are strong connection between these two notions. State has important role in establishing and maintaining the security of its own citizens. Through social contract and social security protection, state are oblige to set the security of its own people as their security...

  9. Security classification of information

    Energy Technology Data Exchange (ETDEWEB)

    Quist, A.S.

    1993-04-01

    This document is the second of a planned four-volume work that comprehensively discusses the security classification of information. The main focus of Volume 2 is on the principles for classification of information. Included herein are descriptions of the two major types of information that governments classify for national security reasons (subjective and objective information), guidance to use when determining whether information under consideration for classification is controlled by the government (a necessary requirement for classification to be effective), information disclosure risks and benefits (the benefits and costs of classification), standards to use when balancing information disclosure risks and benefits, guidance for assigning classification levels (Top Secret, Secret, or Confidential) to classified information, guidance for determining how long information should be classified (classification duration), classification of associations of information, classification of compilations of information, and principles for declassifying and downgrading information. Rules or principles of certain areas of our legal system (e.g., trade secret law) are sometimes mentioned to .provide added support to some of those classification principles.

  10. Digital security technology simplified.

    Science.gov (United States)

    Scaglione, Bernard J

    2007-01-01

    Digital security technology is making great strides in replacing analog and other traditional security systems including CCTV card access, personal identification and alarm monitoring applications. Like any new technology, the author says, it is important to understand its benefits and limitations before purchasing and installing, to ensure its proper operation and effectiveness. This article is a primer for security directors on how digital technology works. It provides an understanding of the key components which make up the foundation for digital security systems, focusing on three key aspects of the digital security world: the security network, IP cameras and IP recorders.

  11. Android apps security

    CERN Document Server

    Gunasekera, Sheran

    2012-01-01

    Android Apps Security provides guiding principles for how to best design and develop Android apps with security in mind. It explores concepts that can be used to secure apps and how developers can use and incorporate these security features into their apps. This book will provide developers with the information they need to design useful, high-performing, and secure apps that expose end-users to as little risk as possible.  Overview of Android OS versions, features, architecture and security.  Detailed examination of areas where attacks on applications can take place and what controls should b

  12. Securing the Vista Environment

    CERN Document Server

    Gregory, Peter

    2007-01-01

    "Securing the Vista Environment" takes you on a quick tour of the most significant security features in Vista, Microsoft's first revision of Windows in almost six years. You'll get background on threats and vulnerabilities that will make you think differently about security. Security is more than just the technology and configurations--it's about how we use the system that makes it secure or not. Then we'll cover Vista's security features, from user privileges to Windows Defender, User Account Control, and BitLocker, as well as strategies for protecting your information from unwanted disclo

  13. Smart security proven practices

    CERN Document Server

    Quilter, J David

    2014-01-01

    Smart Security: Understanding and Contributing to the Business is a video presentation. Length: 68 minutes. In Smart Security: Understanding and Contributing to the Business, presenter J. David Quilter demonstrates the benefits of how a fully integrated security program increases business profits and delivers smart security practices at the same time. The presentation does away with the misconception that security is only an expense. In fact, a well-integrated security program can protect business interests, thereby enhancing productivity and net income. Quilter covers cost analysis and secu

  14. Secure and Efficient Routable Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Edgar, Thomas W.; Hadley, Mark D.; Manz, David O.; Winn, Jennifer D.

    2010-05-01

    This document provides the methods to secure routable control system communication in the electric sector. The approach of this document yields a long-term vision for a future of secure communication, while also providing near term steps and a roadmap. The requirements for the future secure control system environment were spelled out to provide a final target. Additionally a survey and evaluation of current protocols was used to determine if any existing technology could achieve this goal. In the end a four-step path was described that brought about increasing requirement completion and culminates in the realization of the long term vision.

  15. Social security for seafarers globally.

    Science.gov (United States)

    Jensen, Olaf C; Lucero-Prisno, Don Eliseo; Haarløv, Erik; Sucre, Rimsky; Flores, Agnes; Canals, M Luisa

    2013-01-01

    The social security protection is one of the essential elements of decent work. The issue is complexand no previous epidemiological studies of the coverage among the seafarers have yet been performed. The aim was to overcome the gap of knowledge to promote the further discussion and plan the implementationof the social security for all the seafarers. The seafarers completed a short questionnaire concerning their knowledge abouttheir social security status. The significant disparities in the social security coverage were pointed out among the nationalities.Especially it is worth mentioning that more than half of the respondents believe they are economicallyuncovered for disability from an injury on board and from a work-related disease. The results confirm the ILO (Convention No. 143) statements that the significant part of theseafarers comes from the poorer countries without the substantial social security systems. The solutionssuggested are to implement the minimum requirements as recommended by the ILO 2006 Convention, tosurvey the implementation and - in the long term - to struggle for a global social equality.

  16. The chief information security officer insights, tools and survival skills

    CERN Document Server

    Kouns, Barry

    2011-01-01

    Chief Information Security Officers are bombarded with huge challenges every day, from recommending security applications to strategic thinking and business innovation. This guide describes the hard and soft skills that a successful CISO requires: not just a good knowledge of information security, but also attributes such as flexibility and communication skills.

  17. Disaster at a University: A Case Study in Information Security

    Science.gov (United States)

    Ayyagari, Ramakrishna; Tyks, Jonathan

    2012-01-01

    Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small…

  18. It-security seen from a user experience perspective

    DEFF Research Database (Denmark)

    Mathiasen, Niels Raabjerg

    The workshop will explore the possibilities of a user-centered perspective on security. With exceptions, existing research may be criticized for being highly system-centered, focusing on how one may change user behavior to deal with the requirements of security, or on how security aspects can be ......, transparency, participation and democracy. We invite participants to bring forth contributions in this direction....

  19. A layered approach to user-centered security

    DEFF Research Database (Denmark)

    Bødker, Susanne

    2008-01-01

    The workshop will explore the possibilities of a user-centered perspective on security. With exceptions, existing research may be criticized for being highly system-centered, focusing on how one may change user behavior to deal with the requirements of security, or on how security aspects can be ......, transparency, participation and democracy. We invite participants to bring forth contributions in this direction....

  20. 40 CFR 204.5-2 - National security exemptions.

    Science.gov (United States)

    2010-07-01

    ... 40 Protection of Environment 24 2010-07-01 2010-07-01 false National security exemptions. 204.5-2... PROGRAMS NOISE EMISSION STANDARDS FOR CONSTRUCTION EQUIPMENT General Provisions § 204.5-2 National security... for a national security exemption is required. (c) For purposes of section 11(d) of the Act, any...

  1. 40 CFR 205.5-2 - National security exemptions.

    Science.gov (United States)

    2010-07-01

    ... 40 Protection of Environment 24 2010-07-01 2010-07-01 false National security exemptions. 205.5-2... PROGRAMS TRANSPORTATION EQUIPMENT NOISE EMISSION CONTROLS General Provisions § 205.5-2 National security... a national security exemption is required. (c) For purposes of section 11(d) of the Act, any...

  2. 76 FR 50719 - National Security Education Board Members Meeting

    Science.gov (United States)

    2011-08-16

    ... of the Secretary National Security Education Board Members Meeting AGENCY: Under Secretary of Defense... 92-463, notice is hereby given of a forthcoming meeting of the National Security Education Board. The... requirements established by the David L. Boren National Security Education Act, Title VII of Public Law 102-183...

  3. 40 CFR 1042.635 - National security exemption.

    Science.gov (United States)

    2010-07-01

    ... 40 Protection of Environment 32 2010-07-01 2010-07-01 false National security exemption. 1042.635... Compliance Provisions § 1042.635 National security exemption. The standards and requirements of this part and... government responsible for national defense. (b) Manufacturers may request a national security exemption for...

  4. 40 CFR 92.908 - National security exemption.

    Science.gov (United States)

    2010-07-01

    ... 40 Protection of Environment 20 2010-07-01 2010-07-01 false National security exemption. 92.908... Provisions § 92.908 National security exemption. A manufacturer or remanufacturer requesting a national security exemption must state the purpose for which the exemption is required and the request must be...

  5. 48 CFR 6.302-6 - National security.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 1 2010-10-01 2010-10-01 false National security. 6.302-6... COMPETITION REQUIREMENTS Other Than Full and Open Competition 6.302-6 National security. (a) Authority. (1... for when the disclosure of the agency's needs would compromise the national security unless the agency...

  6. 48 CFR 606.302-6 - National security.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 4 2010-10-01 2010-10-01 false National security. 606.302... ACQUISITION PLANNING COMPETITION REQUIREMENTS Other Than Full and Open Competition 606.302-6 National security. (b) This subsection applies to all acquisitions involving national security information, regardless...

  7. 77 FR 9214 - National Security Education Board Members Meeting

    Science.gov (United States)

    2012-02-16

    ... of the Secretary National Security Education Board Members Meeting AGENCY: Under Secretary of Defense... to Public Law 92-463, notice is hereby given of a forthcoming meeting of the National Security... Defense concerning requirements established by the David L. Boren National Security Education Act, Title...

  8. Constructing Secure Mobile Agent Systems Using the Agent Operating System

    NARCIS (Netherlands)

    van t Noordende, G.J.; Overeinder, B.J.; Timmer, R.J.; Brazier, F.M.; Tanenbaum, A.S.

    2009-01-01

    Designing a secure and reliable mobile agent system is a difficult task. The agent operating system (AOS) is a building block that simplifies this task. AOS provides common primitives required by most mobile agent middleware systems, such as primitives for secure communication, secure and

  9. 14 CFR 1212.604 - Social security numbers.

    Science.gov (United States)

    2010-01-01

    ... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Social security numbers. 1212.604 Section... REGULATIONS Instructions for NASA Employees § 1212.604 Social security numbers. (a) It is unlawful for NASA to...' refusal to disclose their social security numbers, except where: (1) The disclosure is required by law; or...

  10. 42 CFR 435.910 - Use of social security number.

    Science.gov (United States)

    2010-10-01

    ... 42 Public Health 4 2010-10-01 2010-10-01 false Use of social security number. 435.910 Section 435... of social security number. (a) The agency must require, as a condition of eligibility, that each individual (including children) requesting Medicaid services furnish each of his or her social security...

  11. 4 CFR 83.9 - Social Security number.

    Science.gov (United States)

    2010-01-01

    ... 4 Accounts 1 2010-01-01 2010-01-01 false Social Security number. 83.9 Section 83.9 Accounts GOVERNMENT ACCOUNTABILITY OFFICE RECORDS PRIVACY PROCEDURES FOR PERSONNEL RECORDS § 83.9 Social Security number. (a) GAO may not require individuals to disclose their Social Security Number (SSN) unless...

  12. caBIG VISDA: modeling, visualization, and discovery for cluster analysis of genomic data.

    Science.gov (United States)

    Zhu, Yitan; Li, Huai; Miller, David J; Wang, Zuyi; Xuan, Jianhua; Clarke, Robert; Hoffman, Eric P; Wang, Yue

    2008-09-18

    The main limitations of most existing clustering methods used in genomic data analysis include heuristic or random algorithm initialization, the potential of finding poor local optima, the lack of cluster number detection, an inability to incorporate prior/expert knowledge, black-box and non-adaptive designs, in addition to the curse of dimensionality and the discernment of uninformative, uninteresting cluster structure associated with confounding variables. In an effort to partially address these limitations, we develop the VIsual Statistical Data Analyzer (VISDA) for cluster modeling, visualization, and discovery in genomic data. VISDA performs progressive, coarse-to-fine (divisive) hierarchical clustering and visualization, supported by hierarchical mixture modeling, supervised/unsupervised informative gene selection, supervised/unsupervised data visualization, and user/prior knowledge guidance, to discover hidden clusters within complex, high-dimensional genomic data. The hierarchical visualization and clustering scheme of VISDA uses multiple local visualization subspaces (one at each node of the hierarchy) and consequent subspace data modeling to reveal both global and local cluster structures in a "divide and conquer" scenario. Multiple projection methods, each sensitive to a distinct type of clustering tendency, are used for data visualization, which increases the likelihood that cluster structures of interest are revealed. Initialization of the full dimensional model is based on first learning models with user/prior knowledge guidance on data projected into the low-dimensional visualization spaces. Model order selection for the high dimensional data is accomplished by Bayesian theoretic criteria and user justification applied via the hierarchy of low-dimensional visualization subspaces. Based on its complementary building blocks and flexible functionality, VISDA is generally applicable for gene clustering, sample clustering, and phenotype clustering (wherein phenotype labels for samples are known), albeit with minor algorithm modifications customized to each of these tasks. VISDA achieved robust and superior clustering accuracy, compared with several benchmark clustering schemes. The model order selection scheme in VISDA was shown to be effective for high dimensional genomic data clustering. On muscular dystrophy data and muscle regeneration data, VISDA identified biologically relevant co-expressed gene clusters. VISDA also captured the pathological relationships among different phenotypes revealed at the molecular level, through phenotype clustering on muscular dystrophy data and multi-category cancer data.

  13. Water security and national water law in Mexico

    National Research Council Canada - National Science Library

    Spring, Úrsula Oswald

    2014-01-01

    This article develop analyses water security in Mexico, a country where global environmental change requires social, political and economic actors to protect natural resources and ecosystem services...

  14. Secure DTN Communications Project

    Data.gov (United States)

    National Aeronautics and Space Administration — Innoflight proposes to implement and perform an on-orbit demonstration of a Secure DTN communications suite on the SCaN Testbed aboard the ISS. Secure DTN is a...

  15. Social Security Administration

    Science.gov (United States)

    ... a my Social Security account. Newsroom Social Security's Fiscal Year (FY) 2017 Agency Financial Report (AFR) Our ... Us Accessibility FOIA Open Government Glossary Privacy Report Fraud, Waste or Abuse Site Map Other Government Websites: ...

  16. Wireshark network security

    CERN Document Server

    Verma, Piyush

    2015-01-01

    If you are network administrator or a security analyst with an interest in using Wireshark for security analysis, then this is the book for you. Basic familiarity with common network and application services terms and technologies is assumed.

  17. Security in Computer Applications

    CERN Multimedia

    CERN. Geneva

    2004-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development. The last part of the lecture covers some miscellaneous issues like the use of cryptography, rules for networking applications, and social engineering threats. This lecture was first given on Thursd...

  18. 10 CFR 76.119 - Security facility approval and safeguarding of National Security Information and Restricted Data.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 2 2010-01-01 2010-01-01 false Security facility approval and safeguarding of National Security Information and Restricted Data. 76.119 Section 76.119 Energy NUCLEAR REGULATORY COMMISSION... approval and safeguarding of National Security Information and Restricted Data. The requirements for...

  19. Security system signal supervision

    Energy Technology Data Exchange (ETDEWEB)

    Chritton, M.R. (BE, Inc., Barnwell, SC (United States)); Matter, J.C. (Sandia National Labs., Albuquerque, NM (United States))

    1991-09-01

    This purpose of this NUREG is to present technical information that should be useful to NRC licensees for understanding and applying line supervision techniques to security communication links. A review of security communication links is followed by detailed discussions of link physical protection and DC/AC static supervision and dynamic supervision techniques. Material is also presented on security for atmospheric transmission and video line supervision. A glossary of security communication line supervision terms is appended. 16 figs.

  20. Homeland Security Digital Library

    OpenAIRE

    Reneker, Maxine H.; Gassie, Lillian

    2003-01-01

    The Homeland Security Digital Library (HSDL) is the nation's premier collection of documents relating to homeland security policy, strategy and organizational management. The mission of the HSDL is to strengthen the national security of the United States by supporting local, state, territorial, tribal and federal analysis, debate, and decision-making needs and to assist academics of all disciplines in homeland defense and security-related research.

  1. Mobile platform security

    CERN Document Server

    Asokan, N; Dmitrienko, Alexandra

    2013-01-01

    Recently, mobile security has garnered considerable interest in both the research community and industry due to the popularity of smartphones. The current smartphone platforms are open systems that allow application development, also for malicious parties. To protect the mobile device, its user, and other mobile ecosystem stakeholders such as network operators, application execution is controlled by a platform security architecture. This book explores how such mobile platform security architectures work. We present a generic model for mobile platform security architectures: the model illustrat

  2. Network Security Visualization

    Science.gov (United States)

    1999-09-27

    Internet Scanner 5.2 User Guide for Windows NT”, Internet Security Systems, Inc., 1998. “SBIR Topic AF97-043 Network Security Visualization...to the Server application to import into the NSV system database data that gets queried from ISS Internet Security Scanner 5.4. Objective #5 was... Internet Security Scanner scan of a live network and imported through a Cartridge component. The data was accessed through the Server component and

  3. Hybrid Security Policies

    Directory of Open Access Journals (Sweden)

    Radu CONSTANTINESCU

    2006-01-01

    Full Text Available Policy is defined as the rules and regulations set by the organization. They are laid down by management in compliance with industry regulations, law and internal decisions. Policies are mandatory. Security policies rules how the information is protected against security vulnerabilities and they are the basis for security awareness, training and vital for security audits. Policies are focused on desired results. The means of achieving the goals are defined on controls, standards and procedures.

  4. Computer Security Models

    Science.gov (United States)

    1984-09-01

    September 1984 MTR9S31 " J. K. Millen Computer Security C. M. Cerniglia Models * 0 Ne c - ¢- C. S• ~CONTRACT SPONSOR OUSDRE/C31 & ESO/ALEE...given in Section 5, in the form of questions and answers about security modeling. A glossary of terms used in the context of computer security is...model, so we will not be able to pursue it in this report. MODEL CHARACTERISTICS Computer security models are engineering models, giving them somewhat

  5. Electronic healthcare information security

    CERN Document Server

    Dube, Kudakwashe; Shoniregun, Charles A

    2010-01-01

    The ever-increasing healthcare expenditure and pressing demand for improved quality and efficiency of patient care services are driving innovation in healthcare information management. The domain of healthcare has become a challenging testing ground for information security due to the complex nature of healthcare information and individual privacy. ""Electronic Healthcare Information Security"" explores the challenges of e-healthcare information and security policy technologies. It evaluates the effectiveness of security and privacy implementation systems for anonymization methods and techniqu

  6. Web Security Testing Cookbook

    CERN Document Server

    Hope, Paco

    2008-01-01

    Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. The recipes in the Web Security Testing Cookbook demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests. Unlike ad hoc security assessments, these recipes are repeatable, concise, and systematic-perfect for integrating into your regular test suite.

  7. Advanced Linux Security

    OpenAIRE

    Ranjit Nimbalkar

    2013-01-01

    Using mandatory access control greatly increases the secu-rity of an operating system. SELinux, which is an implemen-tation of Linux Security Modules (LSM), implements several measures to prevent unauthorized system usage. The se-curity architecture used is named Flask, and provides a clean separation of security policy and enforcement. This paper is an overview of the Flask architecture and the implementation in Linux.

  8. Effective Methodology for Security Risk Assessment of Computer Systems

    OpenAIRE

    Daniel F. García; Adrián Fernández

    2013-01-01

    Today, computer systems are more and more complex and support growing security risks. The security managers need to find effective security risk assessment methodologies that allow modeling well the increasing complexity of current computer systems but also maintaining low the complexity of the assessment procedure. This paper provides a brief analysis of common security risk assessment methodologies leading to the selection of a proper methodology to fulfill these requirements. Then, a detai...

  9. A Model Based Security Testing Method for Protocol Implementation

    Directory of Open Access Journals (Sweden)

    Yu Long Fu

    2014-01-01

    Full Text Available The security of protocol implementation is important and hard to be verified. Since the penetration testing is usually based on the experience of the security tester and the specific protocol specifications, a formal and automatic verification method is always required. In this paper, we propose an extended model of IOLTS to describe the legal roles and intruders of security protocol implementations, and then combine them together to generate the suitable test cases to verify the security of protocol implementation.

  10. Restricted access processor - An application of computer security technology

    Science.gov (United States)

    Mcmahon, E. M.

    1985-01-01

    This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

  11. BOOK-ENTRY SECURITIES AS THE SUBJECT OF THEFT

    OpenAIRE

    Groshev A. V.; Shulga A. V.

    2015-01-01

    Book-entry securities as the subject of theft. The article deals with the questions of legal assessment of crimes, targeted at embezzlement of book-entry securities. The article reports author's position concerning the expediency of creation in Russian criminal law system, the criminal liability for book-entry security taking in articles about theft and property crimes. The plot of the article requires the discussion in terms of recognizing book-entry securities the subject of theft, and crea...

  12. Securing Wireless Local Area Networks with GoC PKI

    Science.gov (United States)

    2007-10-01

    networks. 2. Scope of Work The original requirement was simply to improve Internet Security (IPsec) [2] protocol authentication with the use GoC...both key management protocols and data security protocols. The Internet Security Association and Key Management Protocol (ISAKMP) [18] provides a...34 Internet Security Association and Key Management Protocol (ISAKMP)" IETF Request For Comment 2408, November 1998 [19] D. Harkins, D. Carrel, "The

  13. Mobile communication security

    NARCIS (Netherlands)

    Broek, F.M.J. van den

    2016-01-01

    Security of the mobile network Fabian van den Broek We looked at the security of the wireless connection between mobile phone and cell towers and suggested possible improvements. The security was analysed on a design level, by looking at the protocols and encryption techniques, but also on an

  14. Lemnos interoperable security project.

    Energy Technology Data Exchange (ETDEWEB)

    Halbgewachs, Ronald D.

    2010-03-01

    With the Lemnos framework, interoperability of control security equipment is straightforward. To obtain interoperability between proprietary security appliance units, one or both vendors must now write cumbersome 'translation code.' If one party changes something, the translation code 'breaks.' The Lemnos project is developing and testing a framework that uses widely available security functions and protocols like IPsec - to form a secure communications channel - and Syslog, to exchange security log messages. Using this model, security appliances from two or more different vendors can clearly and securely exchange information, helping to better protect the total system. Simplify regulatory compliance in a complicated security environment by leveraging the Lemnos framework. As an electric utility, are you struggling to implement the NERC CIP standards and other regulations? Are you weighing the misery of multiple management interfaces against committing to a ubiquitous single-vendor solution? When vendors build their security appliances to interoperate using the Lemnos framework, it becomes practical to match best-of-breed offerings from an assortment of vendors to your specific control systems needs. The Lemnos project is developing and testing a framework that uses widely available open-source security functions and protocols like IPsec and Syslog to create a secure communications channel between appliances in order to exchange security data.

  15. Crayons and security

    Directory of Open Access Journals (Sweden)

    Sue Dwyer

    1999-04-01

    Full Text Available Until recently I have thought of security in terms of guards, radios, grilled windows and doors, close coordination with other internationalNGOs and a strong organisational security policy. This was until I attended the InterAction/OFDA security training course in London inSeptember 1998.

  16. EMI Security Architecture

    CERN Document Server

    White, J.; Schuller, B.; Qiang, W.; Groep, D.; Koeroo, O.; Salle, M.; Sustr, Z.; Kouril, D.; Millar, P.; Benedyczak, K.; Ceccanti, A.; Leinen, S.; Tschopp, V.; Fuhrmann, P.; Heyman, E.; Konstantinov, A.

    2013-01-01

    This document describes the various architectures of the three middlewares that comprise the EMI software stack. It also outlines the common efforts in the security area that allow interoperability between these middlewares. The assessment of the EMI Security presented in this document was performed internally by members of the Security Area of the EMI project.

  17. Core software security security at the source

    CERN Document Server

    Ransome, James

    2013-01-01

    First and foremost, Ransome and Misra have made an engaging book that will empower readers in both large and small software development and engineering organizations to build security into their products. This book clarifies to executives the decisions to be made on software security and then provides guidance to managers and developers on process and procedure. Readers are armed with firm solutions for the fight against cyber threats.-Dr. Dena Haritos Tsamitis. Carnegie Mellon UniversityIn the wake of cloud computing and mobile apps, the issue of software security has never been more importan

  18. Global Security Program Management Plan

    Energy Technology Data Exchange (ETDEWEB)

    Bretzke, John C. [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

    2014-03-25

    The Global Security Directorate mission is to protect against proliferant and unconventional nuclear threats –regardless of origin - and emerging new threats. This mission is accomplished as the Los Alamos National Laboratory staff completes projects for our numerous sponsors. The purpose of this Program Management Plan is to establish and clearly describe the GS program management requirements including instructions that are essential for the successful management of projects in accordance with our sponsor requirements. The detailed information provided in this document applies to all LANL staff and their subcontractors that are performing GS portfolio work. GS management is committed to a culture that ensures effective planning, execution, and achievement of measurable results in accordance with the GS mission. Outcomes of such a culture result in better communication, delegated authority, accountability, and increased emphasis on safely and securely achieving GS objectives.

  19. Parliamentary control of security information agency in terms of security culture: State and problems

    Directory of Open Access Journals (Sweden)

    Radivojević Nenad

    2013-01-01

    Full Text Available Even though security services have the same function as before, today they have different tasks and significantly more work than before. Modern security problems of the late 20th and early 21st century require states to reorganize their security services, adapting them to the new changes. The reorganization involves, among other things, giving wider powers of the security services, in order to effectively counter the growing and sophisticated security threats, which may also lead to violations of human rights and freedoms. It is therefore necessary to define the right competence, organization, authority and control of these services. In democratic countries, there are several institutions with different levels of control of security services. Parliament is certainly one of the most important institutions in that control, both in the world and in our country. Powers, finance, the use of special measures and the nature and scope of work of the Security Information Agency are certainly object of the control of the National Assembly. What seems to be the problem is achieving a balance between the need for control of security services and security services to have effective methods for combating modern security problems. This paper presents the legal framework related to the National Assembly control of the Security Intelligence Agency, as well as the practical problems associated with this type of control. We analyzed the role of security culture as one of the factors of that control. In this regard, it provides guidance for the practical work of the members of parliament who control the Security Intelligence Agency, noting in particular the importance of and the need for continuous improvement of security culture representatives.

  20. Pro Spring security

    CERN Document Server

    Scarioni, Carlo

    2013-01-01

    Security is a key element in the development of any non-trivial application. The Spring Security Framework provides a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications. Pro Spring Security will be a reference and advanced tutorial that will do the following: Guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground-up. Demonstrates the different authentication and authorization methods to secure enterprise-level applications

  1. Android security cookbook

    CERN Document Server

    Makan, Keith

    2013-01-01

    Android Security Cookbook' breaks down and enumerates the processes used to exploit and remediate Android app security vulnerabilities in the form of detailed recipes and walkthroughs.""Android Security Cookbook"" is aimed at anyone who is curious about Android app security and wants to be able to take the necessary practical measures to protect themselves; this means that Android application developers, security researchers and analysts, penetration testers, and generally any CIO, CTO, or IT managers facing the impeding onslaught of mobile devices in the business environment will benefit from

  2. Information security management handbook

    CERN Document Server

    2002-01-01

    The Information Security Management Handbook continues its tradition of consistently communicating the fundamental concepts of security needed to be a true CISSP. In response to new developments, Volume 4 supplements the previous volumes with new information covering topics such as wireless, HIPAA, the latest hacker attacks and defenses, intrusion detection, and provides expanded coverage on security management issues and applications security. Even those that don't plan on sitting for the CISSP exam will find that this handbook is a great information security reference.The changes in the tech

  3. Computer Security Systems Enable Access.

    Science.gov (United States)

    Riggen, Gary

    1989-01-01

    A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

  4. Insider Threat and Information Security Management

    Science.gov (United States)

    Coles-Kemp, Lizzie; Theoharidou, Marianthi

    The notion of insider has multiple facets. An organization needs to identify which ones to respond to. The selection, implementetion and maintenance of information security countermeasures requires a complex combination of organisational policies, functions and processes, which form Information Security Management. This chapter examines the role of current information security management practices in addressing the insider threat. Most approaches focus on frameworks for regulating insider behaviour and do not allow for the various cultural responses to the regulatory and compliance framework. Such responses are not only determined by enforcement of policies and awareness programs, but also by various psychological and organisational factors at an individual or group level. Crime theories offer techniques that focus on such cultural responses and can be used to enhance the information security management design. The chapter examines the applicability of several crime theories and concludes that they can contribute in providing additional controls and redesign of information security management processes better suited to responding to the insider threat.

  5. Formal Analysis of Graphical Security Models

    DEFF Research Database (Denmark)

    Aslanyan, Zaruhi

    , software components and human actors interacting with each other to form so-called socio-technical systems. The importance of socio-technical systems to modern societies requires verifying their security properties formally, while their inherent complexity makes manual analyses impracticable. Graphical...... formal verification of their properties. Finally, their appealing graphical notations enable to communicate security concerns in an understandable way also to non-experts, often in charge of the decision making. This dissertation argues that automated techniques can be developed on graphical security...... models to evaluate qualitative and quantitative security properties of socio-technical systems and to synthesise optimal attack and defence strategies. In support to this claim we develop analysis techniques for widely-used graphical security models such as attack trees and attack-defence trees. Our...

  6. Review your Computer Security Now and Frequently!

    CERN Multimedia

    IT Department

    2009-01-01

    The start-up of LHC is foreseen to take place in the autumn and we will be in the public spotlight again. This increases the necessity to be vigilant with respect to computer security and the defacement of an experiment’s Web page in September last year shows that we should be particularly attentive. Attackers are permanently probing CERN and so we must all do the maximum to reduce future risks. Security is a hierarchical responsibility and requires to balance the allocation of resources between making systems work and making them secure. Thus all of us, whether users, developers, system experts, administrators, or managers are responsible for securing our computing assets. These include computers, software applications, documents, accounts and passwords. There is no "silver bullet" for securing systems, which can only be achieved by a painstaking search for all possible vulnerabilities followed by their mitigation. Additional advice on particular topics can be obtained from the relevant I...

  7. The Security Email Based on Smart Card

    Science.gov (United States)

    Lina, Zhang; Jiang, Meng Hai.

    Email has become one of the most important communication tools in modern internet society, and its security is an important issue that can't be ignored. The security requirements of Email can be summarized as confidentiality, integrity, authentication and non-repudiation. Recently many researches on IBE (identify based encrypt) have been carried out to solve these security problems. However, because of IBE's fatal flaws and great advantages of PKI (Public Key Infrastructure), PKI is found to be still irreplaceable especially in the applications based on smart card. In this paper, a construction of security Email is presented, then the design of relatively cryptography algorithms and the configuration of certificates are elaborated, and finally the security for the proposed system is discussed.

  8. Social Security: Theoretical Aspects

    Directory of Open Access Journals (Sweden)

    O. I. Kashnik

    2013-01-01

    Full Text Available The paper looks at the phenomena of security and social security from the philosophical, sociological and psychological perspective. The undertaken analysis of domestic and foreign scientific materials demonstrates the need for interdisciplinary studies, including pedagogy and education, aimed at developing the guidelines for protecting the social system from destruction. The paper defines the indicators, security level indices and their assessment methods singled out from the analytical reports and security studies by the leading Russian sociological centers and international expert organizations, including the United Nations.The research is aimed at finding out the adequate models of personal and social security control systems at various social levels. The theoretical concepts can be applied by the teachers of the Bases of Life Safety course, the managers and researches developing the assessment criteria and security indices of educational environment evaluation, as well as the methods of diagnostics and expertise of educational establishments from the security standpoint. 

  9. DNS security management

    CERN Document Server

    Dooley, Michael

    2017-01-01

    An advanced Domain Name System (DNS) security resource that explores the operation of DNS, its vulnerabilities, basic security approaches, and mitigation strategies DNS Security Management offers an overall role-based security approach and discusses the various threats to the Domain Name Systems (DNS). This vital resource is filled with proven strategies for detecting and mitigating these all too frequent threats. The authors—noted experts on the topic—offer an introduction to the role of DNS and explore the operation of DNS. They cover a myriad of DNS vulnerabilities and include preventative strategies that can be implemented. Comprehensive in scope, the text shows how to secure DNS resolution with the Domain Name System Security Extensions (DNSSEC), DNS firewall, server controls, and much more. In addition, the text includes discussions on security applications facilitated by DNS, such as anti-spam, SFP, and DANE.

  10. Introduction to Hardware Security

    Directory of Open Access Journals (Sweden)

    Yier Jin

    2015-10-01

    Full Text Available Hardware security has become a hot topic recently with more and more researchers from related research domains joining this area. However, the understanding of hardware security is often mixed with cybersecurity and cryptography, especially cryptographic hardware. For the same reason, the research scope of hardware security has never been clearly defined. To help researchers who have recently joined in this area better understand the challenges and tasks within the hardware security domain and to help both academia and industry investigate countermeasures and solutions to solve hardware security problems, we will introduce the key concepts of hardware security as well as its relations to related research topics in this survey paper. Emerging hardware security topics will also be clearly depicted through which the future trend will be elaborated, making this survey paper a good reference for the continuing research efforts in this area.

  11. Information security cost management

    CERN Document Server

    Bazavan, Ioana V

    2006-01-01

    While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner.Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book demonstrates how to design the best security strategy with the resources you have available. Organized into five sections, the book-Focuses on setting the right road map so that you can be most effective in your information security implementationsDiscusses cost-effective staffing, the single biggest expense to the security organizationPresents practical ways to build and manage the documentation that details strategy, provides resources for operating annual audits, and illustrates how to advertise accomplishments to senior management effectivelyI...

  12. GEMSS: privacy and security for a medical Grid.

    Science.gov (United States)

    Middleton, S E; Herveg, J A M; Crazzolara, F; Marvin, D; Poullet, Y

    2005-01-01

    The GEMSS project is developing a secure Grid infrastructure through which six medical simulations services can be invoked. We examine the legal and security framework within which GEMSS operates. We provide a legal qualification to the operations performed upon patient data, in view of EU directive 95/46, when using medical applications on the GEMSS Grid. We identify appropriate measures to ensure security and describe the legal rationale behind our choice of security technology. Our legal analysis demonstrates there must be an identified controller (typically a hospital) of patient data. The controller must then choose a processor (in this context a Grid service provider) that provides sufficient guarantees with respect to the security of their technical and organizational data processing procedures. These guarantees must ensure a level of security appropriate to the risks, with due regard to the state of the art and the cost of their implementation. Our security solutions are based on a public key infrastructure (PKI), transport level security and end-to-end security mechanisms in line with the web service (WS Security, WS Trust and SecureConversation) security specifications. The GEMSS infrastructure ensures a degree of protection of patient data that is appropriate for the health care sector, and is in line with the European directives. We hope that GEMSS will become synonymous with high security data processing, providing a framework by which GEMSS service providers can provide the security guarantees required by hospitals with regard to the processing of patient data.

  13. Network security with openSSL cryptography for secure communications

    CERN Document Server

    Viega, John; Chandra, Pravir

    2002-01-01

    Most applications these days are at least somewhat network aware, but how do you protect those applications against common network security threats? Many developers are turning to OpenSSL, an open source version of SSL/TLS, which is the most widely used protocol for secure network communications.The OpenSSL library is seeing widespread adoption for web sites that require cryptographic functions to protect a broad range of sensitive information, such as credit card numbers and other financial transactions. The library is the only free, full-featured SSL implementation for C and C++, and it can be used programmatically or from the command line to secure most TCP-based network protocols.Network Security with OpenSSL enables developers to use this protocol much more effectively. Traditionally, getting something simple done in OpenSSL could easily take weeks. This concise book gives you the guidance you need to avoid pitfalls, while allowing you to take advantage of the library?s advanced features. And, inst...

  14. Public key infrastructure for DOE security research

    Energy Technology Data Exchange (ETDEWEB)

    Aiken, R.; Foster, I.; Johnston, W.E. [and others

    1997-06-01

    This document summarizes the Department of Energy`s Second Joint Energy Research/Defence Programs Security Research Workshop. The workshop, built on the results of the first Joint Workshop which reviewed security requirements represented in a range of mission-critical ER and DP applications, discussed commonalties and differences in ER/DP requirements and approaches, and identified an integrated common set of security research priorities. One significant conclusion of the first workshop was that progress in a broad spectrum of DOE-relevant security problems and applications could best be addressed through public-key cryptography based systems, and therefore depended upon the existence of a robust, broadly deployed public-key infrastructure. Hence, public-key infrastructure ({open_quotes}PKI{close_quotes}) was adopted as a primary focus for the second workshop. The Second Joint Workshop covered a range of DOE security research and deployment efforts, as well as summaries of the state of the art in various areas relating to public-key technologies. Key findings were that a broad range of DOE applications can benefit from security architectures and technologies built on a robust, flexible, widely deployed public-key infrastructure; that there exists a collection of specific requirements for missing or undeveloped PKI functionality, together with a preliminary assessment of how these requirements can be met; that, while commercial developments can be expected to provide many relevant security technologies, there are important capabilities that commercial developments will not address, due to the unique scale, performance, diversity, distributed nature, and sensitivity of DOE applications; that DOE should encourage and support research activities intended to increase understanding of security technology requirements, and to develop critical components not forthcoming from other sources in a timely manner.

  15. Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

    Energy Technology Data Exchange (ETDEWEB)

    Hadley, Mark D.; Clements, Samuel L.

    2009-01-01

    Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets are considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.

  16. On Secure Workflow Decentralisation on the Internet

    Directory of Open Access Journals (Sweden)

    Petteri Kaskenpalo

    2010-06-01

    Full Text Available Decentralised workflow management systems are a new research area, where most work to-date has focused on the system's overall architecture. As little attention has been given to the security aspects in such systems, we follow a security driven approach, and consider, from the perspective of available security building blocks, how security can be implemented and what new opportunities are presented when empowering the decentralised environment with modern distributed security protocols. Our research is motivated by a more general question of how to combine the positive enablers that email exchange enjoys, with the general benefits of workflow systems, and more specifically with the benefits that can be introduced in a decentralised environment. This aims to equip email users with a set of tools to manage the semantics of a message exchange, contents, participants and their roles in the exchange in an environment that provides inherent assurances of security and privacy. This work is based on a survey of contemporary distributed security protocols, and considers how these protocols could be used in implementing a distributed workflow management system with decentralised control . We review a set of these protocols, focusing on the required message sequences in reviewing the protocols, and discuss how these security protocols provide the foundations for implementing core control-flow, data, and resource patterns in a distributed workflow environment.

  17. Towards a Security Architecture for Vehicular Ad Hoc Networks

    OpenAIRE

    Plößl, Klaus; Nowey, Thomas; Mletzko, Christian

    2006-01-01

    Vehicular ad hoc networks (VANETs) have the potential to increase road safety and comfort. Especially because of the road safety functions, there is a strong demand for security in VANETs. After defining three application categories the paper outlines main security and privacy requirements in VANETs. Next, a security architecture for VANETs (SAV) is proposed that strives to satisfy the requirements. To find mechanisms applicable in the architecture a survey of existing mechanisms is given.

  18. Building the Multi-agent Based Adaptive Security System

    Directory of Open Access Journals (Sweden)

    Sergey Andreevich Petrov

    2013-06-01

    Full Text Available This article is concerned with security of information system. Multi-agent based adaptive security system is offered. Advantages of the system and its potential architecture are presented. The author describes requirements for agents’ functionality and possible variants of agents’ operability. The suggested approach is intended to use for building adaptive security system in accordance with network structure, required safety level and available compute resources.

  19. Security concepts in clinical applications using DICOM

    Science.gov (United States)

    Thiel, Andreas; Bernarding, Johannes; Hohmann, Johachim; Cosic, Domagoi; Tolxdorff, Thomas

    1998-07-01

    Local area networks in hospitals with connection to the Internet enable remote access to medical data and the deployment of distributed medical services. The use of standardized protocols like DICOM as required by the heterogeneous hard- and software infrastructure aggravates the problem that intruders can potentially gain access to sensitive data. Different levels of data protection are therefore required depending on the utilization of secured or publicly accessible networks, the use of standardized communication, and the differing national data security regulations. To investigate different speed-optimized data security concepts, we constructed exemplary scenarios with distributed telemedical services utilizing DICOM-conform software systems. The hospital networks are separated from the Internet by firewalls. Communication between the DICOM applications was made possible by integrating a security level between the DICOM upper layer protocol and the TCP/IP interface, while encrypting the whole datastream using the Secure Socket Layer Protocol (SSL). A DICOM-conform encryption of selected parts of the DICOM messages and files was developed, that encodes only patient-relevant data. Additionally a security proposal of the DICOM working group on security was implemented and analyzed. Data were encrypted by using either symmetric (public and private key) or symmetric (secret key) methods. This sped up the overall data transfer rate and allowed the DICOM-conform, off-line data storage.

  20. ZigBee-2007 Security Essentials

    DEFF Research Database (Denmark)

    Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

    2008-01-01

    ZigBee is a fairly new but promising standard for wireless networks due to its low resource requirements. As in other wireless network standards, security is an important issue and each new version of the ZigBee Specification enhances the level of the ZigBee security. In this paper, we present...... the security essentials of the latest ZigBee Specification, ZigBee-2007. We explain the key concepts, protocols, and computations. In addition, we formulate the protocols using standard protocol narrations. Finally, we identify the key challenges to be considered for consolidating ZigBee....

  1. Portfolio analysis of layered security measures.

    Science.gov (United States)

    Chatterjee, Samrat; Hora, Stephen C; Rosoff, Heather

    2015-03-01

    Layered defenses are necessary for protecting the public from terrorist attacks. Designing a system of such defensive measures requires consideration of the interaction of these countermeasures. In this article, we present an analysis of a layered security system within the lower Manhattan area. It shows how portfolios of security measures can be evaluated through portfolio decision analysis. Consideration is given to the total benefits and costs of the system. Portfolio diagrams are created that help communicate alternatives among stakeholders who have differing views on the tradeoffs between security and economic activity. © 2014 Society for Risk Analysis.

  2. Security, privacy and trust in cloud systems

    CERN Document Server

    Nepal, Surya

    2013-01-01

    The book compiles technologies for enhancing and provisioning security, privacy and trust in cloud systems based on Quality of Service requirements. It is a timely contribution to a field that is gaining considerable research interest, momentum, and provides a comprehensive coverage of technologies related to cloud security, privacy and trust. In particular, the book includes - Cloud security fundamentals and related technologies to-date, with a comprehensive coverage of evolution, current landscape, and future roadmap. - A smooth organization with introductory, advanced and specialist content

  3. Information security policy development for compliance

    CERN Document Server

    Williams, Barry L

    2013-01-01

    Although compliance standards can be helpful guides to writing comprehensive security policies, many of the standards state the same requirements in slightly different ways. Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0 provides a simplified way to write policies that meet the major regulatory requirements, without having to manually look up each and every control. Explaining how to write policy statements that address multiple compliance standards and regulatory requirements, the book will he

  4. Safe and Secure Services Based on NGN

    Science.gov (United States)

    Fukazawa, Tomoo; Nisase, Takemi; Kawashima, Masahisa; Hariu, Takeo; Oshima, Yoshihito

    Next Generation Network (NGN), which has been undergoing standardization as it has developed, is expected to create new services that converge the fixed and mobile networks. This paper introduces the basic requirements for NGN in terms of security and explains the standardization activities, in particular, the requirements for the security function described in Y.2701 discussed in ITU-T SG-13. In addition to the basic NGN security function, requirements for NGN authentication are also described from three aspects: security, deployability, and service. As examples of authentication implementation, three profiles-namely, fixed, nomadic, and mobile-are defined in this paper. That is, the “fixed profile” is typically for fixed-line subscribers, the “nomadic profile” basically utilizes WiFi access points, and the “mobile profile” provides ideal NGN mobility for mobile subscribers. All three of these profiles satisfy the requirements from security aspects. The three profiles are compared from the viewpoint of requirements for deployability and service. After showing that none of the three profiles can fulfill all of the requirements, we propose that multiple profiles should be used by NGN providers. As service and application examples, two promising NGN applications are proposed. The first is a strong authentication mechanism that makes Web applications more safe and secure even against password theft. It is based on NGN ID federation function. The second provides an easy peer-to-peer broadband virtual private network service aimed at safe and secure communication for personal/SOHO (small office, home office) users, based on NGN SIP (session initiation protocol) session control.

  5. 49 CFR 1548.7 - Approval, amendment, annual renewal, and withdrawal of approval of the security program.

    Science.gov (United States)

    2010-10-01

    ... SECURITY CIVIL AVIATION SECURITY INDIRECT AIR CARRIER SECURITY § 1548.7 Approval, amendment, annual renewal... an emergency requiring immediate action, with respect to aviation security that makes procedures in... withdrawal of approval of the security program. 1548.7 Section 1548.7 Transportation Other Regulations...

  6. On the Sharing of Cyber Security Information

    OpenAIRE

    Luiijf, Eric; Klaver, Marieke

    2015-01-01

    Part 1: THEMES AND ISSUES; International audience; The sharing of cyber security information between organizations, both public and private, and across sectors and borders is required to increase situational awareness, reduce vulnerabilities, manage risk and enhance cyber resilience. However, the notion of information sharing often is a broad and multi-faceted concept. This chapter describes an analytic framework for sharing cyber security information. A decomposition of the information shari...

  7. Food security, food safety and climate changes

    OpenAIRE

    Vrabcheva, Teri

    2017-01-01

    Access to sufficient safe food is a basic requirement for human health. Ensuring food safety and security in a highly globalized world presents increasingly difficult, and often under-appreciated challenges, for governments, commercial organizations and individuals alike. Food security is undoubtedly amongst the most pressing of challenges confronting the world in the twenty-first century. The FAO definition (1996) highlights the importance of ensuring that all people have access to safe, ...

  8. Open security issues in German healthcare telematics

    OpenAIRE

    Sunyaev, Ali;Leimeister, Jan Marco;Schweiger, Andreas;Krcmar, Helmut

    2014-01-01

    Developments in German healthcare telematics aim at connecting existing information systems of various service providers and health insurers via a common network. Such a linking of different systems and infrastructure elements creates a complex situation that has to deal with high priority requirements for data security, data safety, and data integrity as it concerns sensitive data such as personal medical information or administrative operational data. This paper provides a security analysis...

  9. Security Engine Management of Router based on Security Policy

    OpenAIRE

    Su Hyung Jo; Ki Young Kim; Sang Ho Lee

    2007-01-01

    Security management has changed from the management of security equipments and useful interface to manager. It analyzes the whole security conditions of network and preserves the network services from attacks. Secure router technology has security functions, such as intrusion detection, IPsec(IP Security) and access control, are applied to legacy router for secure networking. It controls an unauthorized router access and detects an illegal network intrusion. This paper re...

  10. While Working Around Security

    DEFF Research Database (Denmark)

    Mathiasen, Niels Raabjerg

    Users of technology encounter various IT security mechanisms in their everyday lives. If these mechanisms fail to support everyday activities, they either get in the way, or the users find a way to work around them. Even though users manage to carry out everyday activities by using substandard...... IT security mechanisms or via workarounds, it will influence their experience of security. If researchers and designers only focus on IT security artifacts and fail to take the user experience into account, incorrect processes or workarounds will occur. Accordingly, to get users to follow the correct process...... may seem to be a criterion of success, even though it may yield a less appropriate experience of security. This dissertation deals with an improved understanding of IT security sensitive IT artifacts and presents three design methods, and a framework for addressing the complexities and contingencies...

  11. While working around security

    DEFF Research Database (Denmark)

    Mathiasen, Niels Raabjerg; Bødker, Susanne; Petersen, Marianne Graves

    This paper describes our work at two levels. First of all the paper discusses how users of IT deal with issues of IT security in their everyday life. Secondly, we discuss how the kind of understanding of IT security that comes out of careful analyses of use confronts the ways in which usable...... IT security is established in the literature. Recent literature has called for better conceptual models as a starting point for improving IT security. In contrast to such models we propose to dress up designers by helping them better understand the work that goes into everyday security. The result...... is a methodological toolbox that helps address and design for usable and useful IT security. We deploy examples of analyses and design, carried out by ourselves and by others to fine-tune our design perspective; in particular we use examples from three current research projects....

  12. Hybrid-secure MPC 

    DEFF Research Database (Denmark)

    Lucas, Christoph; Raub, Dominik; Maurer, Ueli

    2010-01-01

    in the universal composability (UC) framework (based on a network of secure channels, a broadcast channel, and a common reference string). It achieves the bound on the trade-off between robustness and privacy shown by Ishai et al. [CRYPTO'06] and Katz [STOC'07], the bound on fairness shown by Cleve [STOC'86...... of the adversary, without being aware of the actual adversarial setting. Thus, hybrid-secure MPC protocols allow for graceful degradation of security. We present a hybrid-secure MPC protocol that provides an optimal trade-off between IT robustness and computational privacy: For any robustness parameter ρ ... obtain one MPC protocol that is simultaneously IT secure with robustness for up to t ≤ ρ actively corrupted parties, IT secure with fairness (no robustness) for up to t

  13. Materialism and food security.

    Science.gov (United States)

    Allen, M W; Wilson, M

    2005-12-01

    The present studies examined if materialists have an elevated concern about food availability, presumably stemming from a general survival security motivation. Study 1 found that materialists set a greater life goal of food security, and reported more food insecurity during their childhood. Materialists reported less present-day food insecurity. Study 2 revealed that materialists stored/hoarded more food at home, and that obese persons endorsed materialism more than low/normal weight persons. Study 3 found that experimentally decreasing participants' feelings of survival security (via a mortality salience manipulation) led to greater endorsement of materialism, food security as goal, and using food for emotional comfort. The results imply that materialists overcame the food insecurity of their childhood by making food security a top life goal, but that materialists' current concerns about food security may not wholly stem from genuine threats to their food supply.

  14. PRIVATE SECURITY IN SPORT

    Directory of Open Access Journals (Sweden)

    Dragan Vukasović

    2011-09-01

    Full Text Available Given the importance of sport for international integration, affirmation, a sense of belonging and other values of general interest, in order to maintain and open new prospects of development, it is necessary to form the private security system along with state security system, with a view to creating conditions for development sports athletes to achieve better results both in domestic and international competitions. Private security is only one element of an integrated security system which, with its efficient organization with the use of adequate means and measures should provide answers to new challenges, risks and threats. Private security in line with the new understanding of the concept of security has an important role in providing athletes.

  15. Cybersecurity as a Politikum: Implications of Security Discourses for Infrastructures

    NARCIS (Netherlands)

    Fichtner, Laura; Pieters, Wolter; Texeira, Andre

    In the cybersecurity community it is common to think of security as a design feature for systems and infrastructures that may be dicult to balance with other requirements. What is less studied is how security requirements come about, for which reasons, and what their influence is on the actions the

  16. European Cyber Security Policy

    OpenAIRE

    Bendiek, Annegret

    2012-01-01

    The gradually developing European cyber security policy tries to establish minimum standards in all EU member states with regard to prevention, resilience and international cooperation. It aims to foster national security without compromising democratic principles or unduly limiting individual liberties. However, it is hard to find a balance between these goals, and the EU’s measures thus inevitably raise questions about the democratic implications of European cyber security policy. Are the i...

  17. Information Security Training & Awareness

    OpenAIRE

    Hogervorst, Monique

    2009-01-01

    Information security standards, best practices and literature all identify the need for Training & Awareness, the theory is clear. The surveys studied show that in the real world the situation is different: the focus of businesses is still on technical information security controls aimed at the external attacker. And although threats and vulnerabilities point out that personnel security becomes more important, the attitude of managers and employees does not reflect tha...

  18. Addressing Software Security

    Science.gov (United States)

    Bailey, Brandon

    2015-01-01

    Historically security within organizations was thought of as an IT function (web sites/servers, email, workstation patching, etc.) Threat landscape has evolved (Script Kiddies, Hackers, Advanced Persistent Threat (APT), Nation States, etc.) Attack surface has expanded -Networks interconnected!! Some security posture factors Network Layer (Routers, Firewalls, etc.) Computer Network Defense (IPS/IDS, Sensors, Continuous Monitoring, etc.) Industrial Control Systems (ICS) Software Security (COTS, FOSS, Custom, etc.)

  19. Design for Security Workshop

    Science.gov (United States)

    2014-09-30

    Apps  Content providers  DRM for movies, songs, etc.  Finance companies  Account data, passwords  IOT  home automation , health, etc... devices and systems  Tools for secure interplay between hardware and software  Design environment for modeling and simulating hardware attacks and...and email  Improperly secured devices – no PIN lock  User intervention – jailbreaking, unlocking  Mobile has become the enterprise security

  20. Enhancing mobile learning security

    OpenAIRE

    Shonola, Shaibu Adekunle; Joy, Mike

    2016-01-01

    Mobile devices have been playing vital roles in modern day education delivery as students can access or download learning materials on their smartphones and tablets, they can also install educational apps and study anytime, anywhere. The need to provide adequate security for portable devices being used for learning cannot be underestimated. In this paper, we present a mobile security enhancement app, designed and developed for Android smart mobile devices in order to promote security awarenes...

  1. Intercorporate Security Event Correlation

    Directory of Open Access Journals (Sweden)

    D. O. Kovalev

    2010-03-01

    Full Text Available Security controls are prone to false positives and false negatives which can lead to unwanted reputation losses for the bank. The reputational database within the security operations center (SOC and intercorporate correlation of security events are offered as a solution to increase attack detection fidelity. The theses introduce the definition and structure of the reputation, architectures of reputational exchange and the place of intercorporate correlation in overall SOC correlation analysis.

  2. Rome Laboratory Computer Security

    Science.gov (United States)

    1993-10-11

    34) 11101993 Report Type N/A Dates Covered (from... to) ("DD MON YYYY") Title and Subtitle Rome Laboratory Computer Security Contract or Grant Number...Rome Laboratory Computer Security 5. FUNDING NUMBERS 6. AUTHOR(S) Joseph Giordano 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) 8. PERFORMING...UNCLASSIFIED 20. LIMITATION OF ABSTRACT None COMPUTER SECURITY OBJECTIVE: TO DEVELOP & DEMONSTRATE THE TOOLS & TECHNOLOGY NECESSARY TO REALIZE TRUSTED C31

  3. Computer Security Assistance Program

    Science.gov (United States)

    1997-09-01

    Information COMPUTER SECURITY ASSISTANCE PROGRAM OPR: HQ AFCA/SYS (CMSgt Hogan) Certified by: HQ USAF/SCXX (Lt Col Francis X. McGovern) Pages: 5...Distribution: F This instruction implements Air Force Policy Directive (AFPD) 33-2, Information Protection, establishes the Air Force Computer Security Assistance...Force single point of contact for reporting and handling computer security incidents and vulnerabilities including AFCERT advisories and Defense

  4. Automated security management

    CERN Document Server

    Al-Shaer, Ehab; Xie, Geoffrey

    2013-01-01

    In this contributed volume, leading international researchers explore configuration modeling and checking, vulnerability and risk assessment, configuration analysis, and diagnostics and discovery. The authors equip readers to understand automated security management systems and techniques that increase overall network assurability and usability. These constantly changing networks defend against cyber attacks by integrating hundreds of security devices such as firewalls, IPSec gateways, IDS/IPS, authentication servers, authorization/RBAC servers, and crypto systems. Automated Security Managemen

  5. Outsourcing information security

    CERN Document Server

    Axelrod, Warren

    2004-01-01

    This comprehensive and timely resource examines security risks related to IT outsourcing, clearly showing you how to recognize, evaluate, minimize, and manage these risks. Unique in its scope, this single volume offers you complete coverage of the whole range of IT security services and fully treats the IT security concerns of outsourcing. The book helps you deepen your knowledge of the tangible and intangible costs and benefits associated with outsourcing IT and IS functions.

  6. Exploring Information Security Issues in Public Sector Inter-organizational Collaboration

    OpenAIRE

    Veenstra, Anne; Ramilli, Marco

    2011-01-01

    Part 4: Architecture, Security and Interoperability; International audience; Joining up service delivery of multiple organizations often requires public organizations to exchange citizens’ information. To ensure their privacy and realize information security, controlling data access is paramount. However, limited research was found on issues that emerge when realizing data access control in inter-organizational collaboration. Security is typically achieved by implementing security patterns, w...

  7. 10 CFR 1008.22 - Use and collection of social security numbers.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 4 2010-01-01 2010-01-01 false Use and collection of social security numbers. 1008.22... security numbers. (a) The System Manager of each system of records which utilizes social security numbers... individuals may not be required to furnish social security numbers without statutory authorization, and that...

  8. 20 CFR 225.13 - Social Security Earnings Dual Benefit PIA.

    Science.gov (United States)

    2010-04-01

    ... 20 Employees' Benefits 1 2010-04-01 2010-04-01 false Social Security Earnings Dual Benefit PIA... Spouse Annuities § 225.13 Social Security Earnings Dual Benefit PIA. (a) General. The Social Security... certain eligibility requirements as described in part 216 of this chapter. The Social Security Dual...

  9. Report: Improvements Needed in Key EPA Information System Security Practices

    Science.gov (United States)

    Report #10-P-0146, June 15, 2010. Williams Adley found that EPA program offices lacked evidence that they planned and executed tests of information system security controls as required by federal requirements.

  10. Linux Security Cookbook

    CERN Document Server

    Barrett, Daniel J; Byrnes, Robert G

    2003-01-01

    Computer security is an ongoing process, a relentless contest between system administrators and intruders. A good administrator needs to stay one step ahead of any adversaries, which often involves a continuing process of education. If you're grounded in the basics of security, however, you won't necessarily want a complete treatise on the subject each time you pick up a book. Sometimes you want to get straight to the point. That's exactly what the new Linux Security Cookbook does. Rather than provide a total security solution for Linux computers, the authors present a series of easy-to-fol

  11. National Cyber Security Policy

    Indian Academy of Sciences (India)

    National Cyber Security Policy. Salient Features: Caters to whole spectrum of ICT users and Providers including home users; small, medium & large organisations, Government and Academia. Strategies: ...

  12. National Security Whistleblowers

    National Research Council Canada - National Science Library

    Fisher, Louis

    2005-01-01

    .... Domestic and national security information is provided through agency reports and direct communications from department heads, but lawmakers also receive information directly from employees within the agencies...

  13. Lecture 1: General Security

    CERN Multimedia

    CERN. Geneva

    2013-01-01

    The CERN Computer Security Team is mandated to coordinate all aspects of CERN’s computer security --- office computing security, computer centre security, GRID computing security and control system security --- whilst taking into account CERN’s operational needs. This presentation will cover a series of security incidents which happened at CERN over the last five years, and discuss the lessons-learned in order to avoid similar things from happening again (there is enough blunder out there so there is need to make the same mistake twice). In the second part, I will outline how computer security --- prevention, protection, detection and response --- is generated at CERN, what the main objectives of the CERN computer security team are, and which policies, procedures and tools have been put in place. Stefan Lüders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Being initially developer of a common safety system used in all four experiments at the Large Hadr...

  14. Chemical Security Analysis Center

    Data.gov (United States)

    Federal Laboratory Consortium — In 2006, by Presidential Directive, DHS established the Chemical Security Analysis Center (CSAC) to identify and assess chemical threats and vulnerabilities in the...

  15. Beginning ASPNET Security

    CERN Document Server

    Dorrans, Barry

    2010-01-01

    Beginning ASP.NET 3.5 Security is geared for novice to intermediate ASP.NET programmers who wish to protect and defend their web sites against attack and exploitation. Beginning with a discussion of why we need security and the things that may occur when it is ignored and an overview of how ASP.NET works, readers are taken through the common steps in developing a web site, the security problems each area exposes and how these can be exploited. Visual Studio Security MVP Barry Dorrans teaches readers how they can defend their applications using the standard .NET framework, industry patterns and

  16. Microsoft Windows Security Essentials

    CERN Document Server

    Gibson, Darril

    2011-01-01

    Windows security concepts and technologies for IT beginners IT security can be a complex topic, especially for those new to the field of IT. This full-color book, with a focus on the Microsoft Technology Associate (MTA) program, offers a clear and easy-to-understand approach to Windows security risks and attacks for newcomers to the world of IT. By paring down to just the essentials, beginners gain a solid foundation of security concepts upon which more advanced topics and technologies can be built. This straightforward guide begins each chapter by laying out a list of topics to be discussed,

  17. Governing for Enterprise Security

    National Research Council Canada - National Science Library

    Allen, Julia

    2005-01-01

    ... business. If an organization's management -- including boards of directors, senior executives, and all managers -- does not establish and reinforce the business need for effective enterprise security...

  18. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2003-01-01

    Since 1993, the Information Security Management Handbook has served not only as an everyday reference for information security practitioners but also as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination. Now completely revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a complete understanding of all the items in it. This is a ...must have... book, both for preparing for the CISSP exam and as a c

  19. Peace, Security, Globalisation & Cultural Diplomacy

    Directory of Open Access Journals (Sweden)

    Ashok Natarajan

    2017-06-01

    Full Text Available This article argues for a positive, comprehensive conception of peace that goes beyond the mere absence of war and a more integrated conception of human security that encompasses a wider range of issues than threats of physical violence. Education is one of humanity’s most effective social institutions for redirecting the violent physical energies of destruction into higher avenues of civilization and culture as an instrument of conscious social evolution. Organization is knowledge of higher accomplishment. Organization has the power to vastly accelerate and multiply the potentials of education for the promotion of peace and security. Peace and Security have a mutually reinforcing effect on each other in the sense that peace results in security while security results in peace. Physical violence eventually led to the development of the knowledge needed for the avoidance of violence by means of diplomacy, trade and cultural exchanges, marking the beginning of the transition from the physical to the mental level of evolution. Trade requires travel, transport, human interaction, exchange, trust with respect to products, and reliable mechanisms for the exchange of a stable currency that can only be effectively founded on an enduring peace that generates confidence among the traders. Isolated communities evolve a communal consciousness as they mature into organized social units founded on shared customs and culture, which later develop into a common legal framework. What began as diplomacy so many centuries ago has now evolved into a near universal recognition of fundamental human rights and the rule of law. The evolution of diplomacy in previous centuries is the foundation for the remarkable betterment of human life witnessed in recent times. The world is in the process of evolving a unifying global culture founded on universal values and recognition of the rich contributions of different cultures to humanity’s progress. As physical force once

  20. Smart security and securing data through watermarking

    Science.gov (United States)

    Singh, Ritesh; Kumar, Lalit; Banik, Debraj; Sundar, S.

    2017-11-01

    The growth of image processing in embedded system has provided the boon of enhancing the security in various sectors. This lead to the developing of various protective strategies, which will be needed by private or public sectors for cyber security purposes. So, we have developed a method which uses digital water marking and locking mechanism for the protection of any closed premises. This paper describes a contemporary system based on user name, user id, password and encryption technique which can be placed in banks, protected offices to beef the security up. The burglary can be abated substantially by using a proactive safety structure. In this proposed framework, we are using water-marking in spatial domain to encode and decode the image and PIR(Passive Infrared Sensor) sensor to detect the existence of person in any close area.

  1. A Novel Model for Security Evaluation for Compliance

    DEFF Research Database (Denmark)

    Hald, Sara Ligaard; Pedersen, Jens Myrup; Prasad, Neeli R.

    2011-01-01

    With the increasing focus on security in information systems, it is becoming necessary to be able to describe and compare security attributes for different technologies. Existing are well-described and comprehensive, but expensive and resource demanding to apply. The Security Evaluation...... for Compliance (SEC) model offers a lightweight alternative for use by decision makers to get a quick overview of the security attributes of different technologies for easy comparison and requirement compliance evaluation. The scientific contribution is this new approach to security modelling as well...

  2. Security-Enhanced Fast Mobile IPv6 Handover

    Science.gov (United States)

    Park, Chang-Seop

    Motivated by the fact that the existing FMIPv6 security scheme has several weaknesses in terms of security and efficiency, we propose a security-enhanced fast mobile IPv6 in this letter. Based on the concept of a secret key-based CGA (Cryptographically Generated Address), we show how to establish a new security association between the MN and AR (Access Router) whenever a handover occurs. We also show that the proposed scheme is robust against several types of security attacks feasible with the existing scheme. Our scheme is more efficient in that it requires fewer public key operations.

  3. Information security governance simplified from the boardroom to the keyboard

    CERN Document Server

    Fitzgerald, Todd

    2011-01-01

    Security practitioners must be able to build cost-effective security programs while also complying with government regulations. Information Security Governance Simplified: From the Boardroom to the Keyboard lays out these regulations in simple terms and explains how to use control frameworks to build an air-tight information security (IS) program and governance structure. Defining the leadership skills required by IS officers, the book examines the pros and cons of different reporting structures and highlights the various control frameworks available. It details the functions of the security d

  4. Utilize common criteria methodology for secure ubiquitous healthcare environment.

    Science.gov (United States)

    Yu, Yao-Chang; Hou, Ting-Wei

    2012-06-01

    RFID technology is widely used in healthcare environments to ensure patient safety. Therefore, the testing of RFID tags, such as performance tests and security evaluations, is necessary to ensure inter-operational functional compatibility with standards. A survey of the literature shows that while standards that are around RFID performance tests have been addressed, but the same is not true for security evaluations. Therefore, in this paper, we introduce the Common Criteria security evaluation methodology, also known as ISO/IEC 15408, for the security evaluation of RFID tags and propose a framework as a minimal requirement for RFID tags to improve security assurance.

  5. Norms, standards, models and recommendations for information security management

    Directory of Open Access Journals (Sweden)

    Karol Kreft

    2010-12-01

    Full Text Available Information is the factor which can decide about the potential and market value of a company. An increase in the value of intellectual capital of an information-driven company requires development of an effective security management system. More and more often companies develop information security management systems (ISMS based on already verified models. In the article, the main problems with management of information security were discussed. Security models were described, as well as the risk analysis in information security management.

  6. Data security in Intelligent Transport Systems

    Directory of Open Access Journals (Sweden)

    Tomas Zelinka

    2012-10-01

    Full Text Available Intelligent Transport Services expect availability of the secure seamless communications solutions typically covering widely spread areas. Different ITS solutions require different portfolio of telecommunications service quality. These parameters have to correspond with ITS service performance parameters required by specific service. Even though quite extensive range of public wireless data services with reasonable coverage are provided, most of them are provided with no guaranteed quality and security. ITS requirements can be in most parameters easier reached if multi-path communications systems are applied core solution is combined with both public as well as private ones where and when it is needed. Such solution requires implementation of relevant flexible system architecture supported by the efficient decision processes. This paper is concentrated the telecommunications security issues relevant to the ITS wide area networking. Expected level of security varies in dependence on relevant ITS service requirements. Data volumes transferred both in private data vehicle on board networks as well as between vehicles and infrastructure (C2I or other vehicles (C2C progressively grow. Such trend upsurges the fatal problems appearance probability in case security of the wide area networks is not relevantly treated. That is reason why relevant communications security treatment becomes crucial part of the ITS solution. Besides of available "off shelf" security tools we present solution based on non-public universal identifier with dynamical extension (time and position dependency as an autonomous variables and data selection according to actor role or category. Presented results were obtained within projects e-Ident1, DOTEK2 and SRATVU3.

  7. Help for the Developers of Control System Cyber Security Standards

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2008-05-01

    A Catalog of Control Systems Security: Recommendations for Standards Developers (Catalog), aimed at assisting organizations to facilitate the development and implementation of control system cyber security standards, has been developed. This catalog contains requirements that can help protect control systems from cyber attacks and can be applied to the Critical Infrastructures and Key Resources of the United States and other nations. The requirements contained in the catalog are a compilation of practices or various industry bodies used to increase the security of control systems from both physical and cyber attacks. They should be viewed as a collection of recommendations to be considered and judiciously employed, as appropriate, when reviewing and developing cyber security standards for control systems. The recommendations in the Catalog are intended to be broad enough to provide any industry using control systems the flexibility needed to develop sound cyber security standards specific to their individual security requirements.

  8. Land ecological security evaluation of Guangzhou, China.

    Science.gov (United States)

    Xu, Linyu; Yin, Hao; Li, Zhaoxue; Li, Shun

    2014-10-15

    As the land ecosystem provides the necessary basic material resources for human development, land ecological security (LES) plays an increasingly important role in sustainable development. Given the degradation of land ecological security under rapid urbanization and the urgent LES requirements of urban populations, a comprehensive evaluation method, named Double Land Ecological Security (DLES), has been introduced with the city of Guangzhou, China, as a case study, which evaluates the LES in regional and unit scales for reasonable and specific urban planning. In the evaluation process with this method, we have combined the material security with the spiritual security that is inevitably associated with LES. Some new coefficients of land-security supply/demand distribution and technology contribution for LES evaluation have also been introduced for different spatial scales, including the regional and the unit scales. The results for Guangzhou indicated that, temporally, the LES supply indices were 0.77, 0.84 and 0.77 in 2000, 2006 and 2009 respectively, while LES demand indices for the city increased in 2000, 2006 and 2009 from 0.57 to 0.95, which made the LES level decreased slowly in this period. Spatially, at the regional scale, the urban land ecological security (ULES) level decreased from 0.2 (marginal security) to -0.18 (marginal insecurity) as a whole; in unit scale, areas in the north and in parts of the east were relatively secure and the security area was shrinking with time, but the central and southern areas turned to be marginal insecurity, especially in 2006 and 2009. This study proposes that DLES evaluation should be conducted for targeted and efficient urban planning and management, which can reflect the LES level of study area in general and in detail.

  9. Land Ecological Security Evaluation of Guangzhou, China

    Directory of Open Access Journals (Sweden)

    Linyu Xu

    2014-10-01

    Full Text Available As the land ecosystem provides the necessary basic material resources for human development, land ecological security (LES plays an increasingly important role in sustainable development. Given the degradation of land ecological security under rapid urbanization and the urgent LES requirements of urban populations, a comprehensive evaluation method, named Double Land Ecological Security (DLES, has been introduced with the city of Guangzhou, China, as a case study, which evaluates the LES in regional and unit scales for reasonable and specific urban planning. In the evaluation process with this method, we have combined the material security with the spiritual security that is inevitably associated with LES. Some new coefficients of land-security supply/demand distribution and technology contribution for LES evaluation have also been introduced for different spatial scales, including the regional and the unit scales. The results for Guangzhou indicated that, temporally, the LES supply indices were 0.77, 0.84 and 0.77 in 2000, 2006 and 2009 respectively, while LES demand indices for the city increased in 2000, 2006 and 2009 from 0.57 to 0.95, which made the LES level decreased slowly in this period. Spatially, at the regional scale, the urban land ecological security (ULES level decreased from 0.2 (marginal security to −0.18 (marginal insecurity as a whole; in unit scale, areas in the north and in parts of the east were relatively secure and the security area was shrinking with time, but the central and southern areas turned to be marginal insecurity, especially in 2006 and 2009. This study proposes that DLES evaluation should be conducted for targeted and efficient urban planning and management, which can reflect the LES level of study area in general and in detail.

  10. Center for computer security: Computer Security Group conference. Summary

    Energy Technology Data Exchange (ETDEWEB)

    None

    1982-06-01

    Topics covered include: computer security management; detection and prevention of computer misuse; certification and accreditation; protection of computer security, perspective from a program office; risk analysis; secure accreditation systems; data base security; implementing R and D; key notarization system; DOD computer security center; the Sandia experience; inspector general's report; and backup and contingency planning. (GHT)

  11. INFORMATION SECURITY IN MOBILE MODULAR MEASURING SYSTEMS

    Directory of Open Access Journals (Sweden)

    A. N. Tkhishev

    2017-01-01

    Full Text Available A special aspect of aircraft test is carrying out both flight evaluation and ground operation evaluation in a structure of flying aids and special tools equipment. The specific of flight and sea tests involve metering in offshore zone, which excludes the possibility of fixed geodetically related measuring tools. In this regard, the specific role is acquired by shipbased measurement systems, in particular the mobile modular measuring systems. Information processed in the mobile modular measurement systems is a critical resource having a high level of confidentiality. When carrying out their functions, it should be implemented a proper information control of the mobile modular measurement systems to ensure their protection from the risk of data leakage, modification or loss, i.e. to ensure a certain level of information security. Due to the specific of their application it is difficult to solve the problems of information security in such complexes. The intruder model, the threat model, the security requirements generated for fixed informatization objects are not applicable to mobile systems. It was concluded that the advanced mobile modular measuring systems designed for flight experiments monitoring and control should be created due to necessary information protection measures and means. The article contains a diagram of security requirements formation, starting with the data envelopment analysis and ending with the practical implementation. The information security probabilistic model applied to mobile modular measurement systems is developed. The list of current security threats based on the environment and specific of the mobile measurement system functioning is examined. The probabilistic model of the information security evaluation is given. The problems of vulnerabilities transformation of designed information system into the security targets with the subsequent formation of the functional and trust requirements list are examined.

  12. Security engineering: Phisical security measures for high-risk personnel

    Directory of Open Access Journals (Sweden)

    Jelena S. Cice

    2013-06-01

    Full Text Available The design of physical security measures is a specialized technical area that does not fall in the normal skill record and resume of commanders, architects, engineers, and project managers. This document provides guidance to those parties tasked with implementing existing and emerging physical protection system requirements: -    Creation of a single-source reference for the design and construction of physical security measures for high-risk personnel (HRP. -    Promulgation of multi-service standard recommendations and considerations. -    Potential increase of productivity of HRP and reduced temporary housing costs through clarification of considerations, guidance on planning, and provision of design solutions. -    Reduction of facility project costs. -    Better performance of modernized facilities, in terms of force protection, than original facilities. Throughout this process you must ensure: confidentiality, appropriate Public Relations, sustainability, compliance with all industrial guidelines and legal and regulatory requirement, constant review and revision to accommodate new circumstances or threats. Introduction Physical security is an extremely broad topic. It encompasses access control devices such as smart cards, air filtration and fireproofing. It is also heavily reliant on infrastructure. This means that many of the ideal physical security measures may not be economically or physically feasible for existing sites. Many businesses do not have the option of building their own facility from the ground up; thus physical security often must be integrated into an existing structure. This limits the overall set of security measures that can be installed. There is an aspect of physical security that is often overlooked; the humans that interact with it. Humans commit crime for a number of reasons. The document focuses on two building types: the HRP office and the HRP residence. HRP are personnel who are likely to be

  13. Securing XML Documents

    Directory of Open Access Journals (Sweden)

    Charles Shoniregun

    2004-11-01

    Full Text Available XML (extensible markup language is becoming the current standard for establishing interoperability on the Web. XML data are self-descriptive and syntax-extensible; this makes it very suitable for representation and exchange of semi-structured data, and allows users to define new elements for their specific applications. As a result, the number of documents incorporating this standard is continuously increasing over the Web. The processing of XML documents may require a traversal of all document structure and therefore, the cost could be very high. A strong demand for a means of efficient and effective XML processing has posed a new challenge for the database world. This paper discusses a fast and efficient indexing technique for XML documents, and introduces the XML graph numbering scheme. It can be used for indexing and securing graph structure of XML documents. This technique provides an efficient method to speed up XML data processing. Furthermore, the paper explores the classification of existing methods impact of query processing, and indexing.

  14. Network Security Is Manageable

    Science.gov (United States)

    Roberts, Gary

    2006-01-01

    An effective systems librarian must understand security vulnerabilities and be proactive in preventing problems. Specifics of future attacks or security challenges cannot possibly be anticipated, but this paper suggests some simple measures that can be taken to make attacks less likely to occur: program the operating system to get automatic…

  15. Securing Personal Network Clusters

    NARCIS (Netherlands)

    Jehangir, A.; Heemstra de Groot, S.M.

    2007-01-01

    A Personal Network is a self-organizing, secure and private network of a user’s devices notwithstanding their geographic location. It aims to utilize pervasive computing to provide users with new and improved services. In this paper we propose a model for securing Personal Network clusters. Clusters

  16. VMware view security essentials

    CERN Document Server

    Langenhan, Daniel

    2013-01-01

    A practical and fast-paced guide that gives you all the information you need to secure your virtual environment.This book is a ""how-to"" for the novice, a ""reference guide"" for the advanced user, and a ""go to"" for the experienced user in all the aspects of VMware View desktop virtualization security.

  17. Reconciling privacy and security

    NARCIS (Netherlands)

    Lieshout, M.J. van; Friedewald, M.; Wright, D.; Gutwirth, S.

    2013-01-01

    This paper considers the relationship between privacy and security and, in particular, the traditional "trade-off" paradigm. The issue is this: how, in a democracy, can one reconcile the trend towards increasing security (for example, as manifested by increasing surveillance) with the fundamental

  18. Information security management principles

    CERN Document Server

    Taylor, Andy; Finch, Amanda; Sutton, David; Taylor, Andy

    2013-01-01

    In today's technology-driven environment, there is an ever-increasing demand for information delivery. A compromise has to be struck between security and availability. This book is a pragmatic guide to information assurance for both business professionals and technical experts. This second edition includes the security of cloud-based resources.

  19. CIOs Uncensored: Security Smarts.

    Energy Technology Data Exchange (ETDEWEB)

    Johnson, Gerald R.

    2008-02-25

    This commentary for the CIOs Uncensored section of InformationWeek will discuss PNNL’s “defense in depth” approach to cyber security. It will cover external and internal safeguards, as well as the all-important role of employees in the cyber security equation. For employees are your greatest vulnerability – and your last line of defense.

  20. Women and social security

    NARCIS (Netherlands)

    Westerveld, M.; Pennings, F.; Vonk, G.

    2015-01-01

    Does ‘the’ social security take sufficient account of women? Are its protection schemes sufficiently aimed at safeguarding women’s interests? These are the questions I was invited to answer for this handbook on social security law. At the same time I was asked to adopt an unorthodox approach, one

  1. Formalizing physical security procedures

    NARCIS (Netherlands)

    Meadows, C.; Pavlovic, Dusko

    Although the problems of physical security emerged more than 10,000 years before the problems of computer security, no formal methods have been developed for them, and the solutions have been evolving slowly, mostly through social procedures. But as the traffic on physical and social networks is now

  2. Hydrological extremes and security

    Directory of Open Access Journals (Sweden)

    Z. W. Kundzewicz

    2015-04-01

    Full Text Available Economic losses caused by hydrological extremes – floods and droughts – have been on the rise. Hydrological extremes jeopardize human security and impact on societal livelihood and welfare. Security can be generally understood as freedom from threat and the ability of societies to maintain their independent identity and their functional integrity against forces of change. Several dimensions of security are reviewed in the context of hydrological extremes. The traditional interpretation of security, focused on the state military capabilities, has been replaced by a wider understanding, including economic, societal and environmental aspects that get increasing attention. Floods and droughts pose a burden and serious challenges to the state that is responsible for sustaining economic development, and societal and environmental security. The latter can be regarded as the maintenance of ecosystem services, on which a society depends. An important part of it is water security, which can be defined as the availability of an adequate quantity and quality of water for health, livelihoods, ecosystems and production, coupled with an acceptable level of water-related risks to people, environments and economies. Security concerns arise because, over large areas, hydrological extremes − floods and droughts − are becoming more frequent and more severe. In terms of dealing with water-related risks, climate change can increase uncertainties, which makes the state’s task to deliver security more difficult and more expensive. However, changes in population size and development, and level of protection, drive exposure to hydrological hazards.

  3. Energy systems security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Energy Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to electricity transmission grids and their protection, risk assessment of energy systems, analysis of interdependent energy networks. Methods to manage electricity transmission disturbances so as to avoid blackouts are discussed, and self-healing energy system and a nano-enabled power source are presented.

  4. Comprehensive test ban treaty international monitoring system security threats and proposed security attributes

    Energy Technology Data Exchange (ETDEWEB)

    Draelos, T.J.; Craft, R.L.

    1996-03-01

    To monitor compliance with a Comprehensive Test Ban Treaty (CTBT), a sensing network, referred to as the International Monitoring System (IMS), is being deployed. Success of the IMS depends on both its ability to preform its function and the international community`s confidence in the system. To ensure these goals, steps must be taken to secure the system against attacks that would undermine it; however, it is not clear that consensus exists with respect to the security requirements that should be levied on the IMS design. In addition, CTBT has not clearly articulated what threats it wishes to address. This paper proposes four system-level threats that should drive IMS design considerations, identifies potential threat agents, and collects into one place the security requirements that have been suggested by various elements of the IMS community. For each such requirement, issues associated with the requirement are identified and rationale for the requirement is discussed.

  5. International Nuclear Security

    Energy Technology Data Exchange (ETDEWEB)

    Doyle, James E. [Los Alamos National Laboratory

    2012-08-14

    This presentation discusses: (1) Definitions of international nuclear security; (2) What degree of security do we have now; (3) Limitations of a nuclear security strategy focused on national lock-downs of fissile materials and weapons; (4) What do current trends say about the future; and (5) How can nuclear security be strengthened? Nuclear security can be strengthened by: (1) More accurate baseline inventories; (2) Better physical protection, control and accounting; (3) Effective personnel reliability programs; (4) Minimize weapons-usable materials and consolidate to fewer locations; (5) Consider local threat environment when siting facilities; (6) Implement pledges made in the NSS process; and (7) More robust interdiction, emergency response and special operations capabilities. International cooperation is desirable, but not always possible.

  6. Wireless physical layer security

    Science.gov (United States)

    Poor, H. Vincent; Schaefer, Rafael F.

    2017-01-01

    Security in wireless networks has traditionally been considered to be an issue to be addressed separately from the physical radio transmission aspects of wireless systems. However, with the emergence of new networking architectures that are not amenable to traditional methods of secure communication such as data encryption, there has been an increase in interest in the potential of the physical properties of the radio channel itself to provide communications security. Information theory provides a natural framework for the study of this issue, and there has been considerable recent research devoted to using this framework to develop a greater understanding of the fundamental ability of the so-called physical layer to provide security in wireless networks. Moreover, this approach is also suggestive in many cases of coding techniques that can approach fundamental limits in practice and of techniques for other security tasks such as authentication. This paper provides an overview of these developments.

  7. Network systems security analysis

    Science.gov (United States)

    Yilmaz, Ä.°smail

    2015-05-01

    Network Systems Security Analysis has utmost importance in today's world. Many companies, like banks which give priority to data management, test their own data security systems with "Penetration Tests" by time to time. In this context, companies must also test their own network/server systems and take precautions, as the data security draws attention. Based on this idea, the study cyber-attacks are researched throughoutly and Penetration Test technics are examined. With these information on, classification is made for the cyber-attacks and later network systems' security is tested systematically. After the testing period, all data is reported and filed for future reference. Consequently, it is found out that human beings are the weakest circle of the chain and simple mistakes may unintentionally cause huge problems. Thus, it is clear that some precautions must be taken to avoid such threats like updating the security software.

  8. Wireless physical layer security.

    Science.gov (United States)

    Poor, H Vincent; Schaefer, Rafael F

    2017-01-03

    Security in wireless networks has traditionally been considered to be an issue to be addressed separately from the physical radio transmission aspects of wireless systems. However, with the emergence of new networking architectures that are not amenable to traditional methods of secure communication such as data encryption, there has been an increase in interest in the potential of the physical properties of the radio channel itself to provide communications security. Information theory provides a natural framework for the study of this issue, and there has been considerable recent research devoted to using this framework to develop a greater understanding of the fundamental ability of the so-called physical layer to provide security in wireless networks. Moreover, this approach is also suggestive in many cases of coding techniques that can approach fundamental limits in practice and of techniques for other security tasks such as authentication. This paper provides an overview of these developments.

  9. Indirection and computer security.

    Energy Technology Data Exchange (ETDEWEB)

    Berg, Michael J.

    2011-09-01

    The discipline of computer science is built on indirection. David Wheeler famously said, 'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. We propose that every computer security vulnerability is yet another problem created by the indirections in system designs and that focusing on the indirections involved is a better way to design, evaluate, and compare security solutions. We are not proposing that indirection be avoided when solving problems, but that understanding the relationships between indirections and vulnerabilities is key to securing computer systems. Using this perspective, we analyze common vulnerabilities that plague our computer systems, consider the effectiveness of currently available security solutions, and propose several new security solutions.

  10. Energy security in Yemen

    Energy Technology Data Exchange (ETDEWEB)

    Torosyan, Emil

    2009-09-15

    Yemen, situated in the Arab world, has considerable energy resources. However, its history of repeated revolts, civil wars and terrorism and also the presence of the Wahabi movement and al Qaeda in the country constitute security issues for the energy industry and its infrastructure. The aim of this paper is to assess the impact level on the security of the energy sector in Yemen and the effect that the threats to that sector could have on global energy security. Analyses of the political environment, the security threats and the measures taken to respond to these threats have been carried out. Results showed that Yemen's resources are depleting and that the government is having trouble containing the escalation of conflicts; this situation could lead to Yemen's political collapse which could have an important impact on global energy security.

  11. Energy security: between markets and sovereign politics

    Directory of Open Access Journals (Sweden)

    Dudau Radu

    2016-09-01

    Full Text Available Energy security is a constant presence in the energy-related political discourse all over the world. States strive to secure steady inflows of needed energy supplies, as well as the price affordability of those supplies. However, what are deemed to be the best means to meet such goals depends on one’s theoretical vantage point. On the one hand, economically-minded theorists maintain that energy security is only a matter of market rules and interactions. Thus, they call upon energy markets to deliver both steady supplies and competitive prices. On the other hand, politically-minded scholars emphasize the political and hard-power nature of international energy trades, especially in a global context market by the emergence of state-centered, authoritarian regimes that use large national energy companies as foreign policy instruments. These two positions delineate competing approaches to how energy security risks ought to be managed. The former approaches energy security risks by means similar to portfolio management, requiring diversification of investments in order to insulate them from market shocks. The latter approaches energy security as a matter of foreign policy, by which states envisage interest coordination and favorable alignments within countervailing alliances against the agent of energy security risk. The present paper goes beyond the uncontentious point that these two dimensions are complementary. It argues that, depending on the international context, a more market-driven or a more-politically driven behavior may be adequate.

  12. Human factors in network security

    OpenAIRE

    Jones, Francis B.

    1991-01-01

    Human factors, such as ethics and education, are important factors in network information security. This thesis determines which human factors have significant influence on network security. Those factors are examined in relation to current security devices and procedures. Methods are introduced to evaluate security effectiveness by incorporating the appropriate human factors into network security controls

  13. Center for Homeland Defense and Security Homeland Security Affairs Journal

    OpenAIRE

    2015-01-01

    Homeland Security Affairs is the peer-reviewed online journal of the Center for Homeland Defense and Security (CHDS). The journal provides a forum to propose and debate strategies, policies and organizational arrangements to strengthen U.S. homeland security.

  14. Security Policy Scheme for an Efficient Security Architecture in Software-Defined Networking

    Directory of Open Access Journals (Sweden)

    Woosik Lee

    2017-06-01

    Full Text Available In order to build an efficient security architecture, previous studies have attempted to understand complex system architectures and message flows to detect various attack packets. However, the existing hardware-based single security architecture cannot efficiently handle a complex system structure. To solve this problem, we propose a software-defined networking (SDN policy-based scheme for an efficient security architecture. The proposed scheme considers four policy functions: separating, chaining, merging, and reordering. If SDN network functions virtualization (NFV system managers use these policy functions to deploy a security architecture, they only submit some of the requirement documents to the SDN policy-based architecture. After that, the entire security network can be easily built. This paper presents information about the design of a new policy functions model, and it discusses the performance of this model using theoretical analysis.

  15. Study of Security Attributes of Smart Grid Systems- Current Cyber Security Issues

    Energy Technology Data Exchange (ETDEWEB)

    Wayne F. Boyer; Scott A. McBride

    2009-04-01

    This document provides information for a report to congress on Smart Grid security as required by Section 1309 of Title XIII of the Energy Independence and Security Act of 2007. The security of any future Smart Grid is dependent on successfully addressing the cyber security issues associated with the nation’s current power grid. Smart Grid will utilize numerous legacy systems and technologies that are currently installed. Therefore, known vulnerabilities in these legacy systems must be remediated and associated risks mitigated in order to increase the security and success of the Smart Grid. The implementation of Smart Grid will include the deployment of many new technologies and multiple communication infrastructures. This report describes the main technologies that support Smart Grid and summarizes the status of implementation into the existing U.S. electrical infrastructure.

  16. Generating WS-SecurityPolicy documents via security model transformation

    DEFF Research Database (Denmark)

    Jensen, Meiko

    2009-01-01

    When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriate...... security model definition and transformation approach, targeting the WS-SecurityPolicy and WS-BPEL specifications, in order to enable a Web-Service-based secure business process development....

  17. Security and privacy for implantable medical devices

    CERN Document Server

    Carrara, Sandro

    2014-01-01

     This book presents a systematic approach to analyzing the challenging engineering problems posed by the need for security and privacy in implantable medical devices (IMD).  It describes in detail new issues termed as lightweight security, due to the associated constraints on metrics such as available power, energy, computing ability, area, execution time, and memory requirements. Coverage includes vulnerabilities and defense across multiple levels, with basic abstractions of cryptographic services and primitives such as public key cryptography, block ciphers and digital signatures. Experts from engineering introduce to some IMD systems that have  recently been proposed and developed. Experts from Computer Security and Cryptography present new research, which shows vulnerabilities in existing IMDs and proposes solutions. Experts from Privacy Technology and Policy will discuss the societal, legal and ethical challenges surrounding IMD security as well as technological solutions that build on the latest in C...

  18. Improving industrial process control systems security

    CERN Document Server

    Epting, U; CERN. Geneva. TS Department

    2004-01-01

    System providers are today creating process control systems based on remote connectivity using internet technology, effectively exposing these systems to the same threats as corporate computers. It is becoming increasingly difficult and costly to patch/maintain the technical infrastructure monitoring and control systems to remove these vulnerabilities. A strategy including risk assessment, security policy issues, service level agreements between the IT department and the controls engineering groups must be defined. In addition an increased awareness of IT security in the controls system engineering domain is needed. As consequence of these new factors the control system architectures have to take into account security requirements, that often have an impact on both operational aspects as well as on the project and maintenance cost. Manufacturers of industrial control system equipment do however also propose progressively security related solutions that can be used for our active projects. The paper discusses ...

  19. Security intelligence a practitioner's guide to solving enterprise security challenges

    CERN Document Server

    Li, Qing

    2015-01-01

    Identify, deploy, and secure your enterprise Security Intelligence, A Practitioner's Guide to Solving Enterprise Security Challenges is a handbook for security in modern times, against modern adversaries. As leaders in the design and creation of security products that are deployed globally across a range of industries and market sectors, authors Qing Li and Gregory Clark deliver unparalleled insight into the development of comprehensive and focused enterprise security solutions. They walk you through the process of translating your security goals into specific security technology domains, fo

  20. Developing a secured social networking site using information security awareness techniques

    Directory of Open Access Journals (Sweden)

    Julius O. Okesola

    2014-03-01

    Full Text Available Background: Ever since social network sites (SNS became a global phenomenon in almost every industry, security has become a major concern to many SNS stakeholders. Several security techniques have been invented towards addressing SNS security, but information security awareness (ISA remains a critical point. Whilst very few users have used social circles and applications because of a lack of users’ awareness, the majority have found it difficult to determine the basis of categorising friends in a meaningful way for privacy and security policies settings. This has confirmed that technical control is just part of the security solutions and not necessarily a total solution. Changing human behaviour on SNSs is essential; hence the need for a privately enhanced ISA SNS.Objective: This article presented sOcialistOnline – a newly developed SNS, duly secured and platform independent with various ISA techniques fully implemented.Method: Following a detailed literature review of the related works, the SNS was developed on the basis of Object Oriented Programming (OOP approach, using PhP as the coding language with the MySQL database engine at the back end.Result: This study addressed the SNS requirements of privacy, security and services, and attributed them as the basis of architectural design for sOcialistOnline. SNS users are more aware of potential risk and the possible consequences of unsecured behaviours.Conclusion: ISA is focussed on the users who are often the greatest security risk on SNSs, regardless of technical securities implemented. Therefore SNSs are required to incorporate effective ISA into their platform and ensure users are motivated to embrace it.