WorldWideScience

Sample records for cacore common security

  1. The caCORE Software Development Kit: Streamlining construction of interoperable biomedical information services

    Directory of Open Access Journals (Sweden)

    Warzel Denise

    2006-01-01

    Full Text Available Abstract Background Robust, programmatically accessible biomedical information services that syntactically and semantically interoperate with other resources are challenging to construct. Such systems require the adoption of common information models, data representations and terminology standards as well as documented application programming interfaces (APIs. The National Cancer Institute (NCI developed the cancer common ontologic representation environment (caCORE to provide the infrastructure necessary to achieve interoperability across the systems it develops or sponsors. The caCORE Software Development Kit (SDK was designed to provide developers both within and outside the NCI with the tools needed to construct such interoperable software systems. Results The caCORE SDK requires a Unified Modeling Language (UML tool to begin the development workflow with the construction of a domain information model in the form of a UML Class Diagram. Models are annotated with concepts and definitions from a description logic terminology source using the Semantic Connector component. The annotated model is registered in the Cancer Data Standards Repository (caDSR using the UML Loader component. System software is automatically generated using the Codegen component, which produces middleware that runs on an application server. The caCORE SDK was initially tested and validated using a seven-class UML model, and has been used to generate the caCORE production system, which includes models with dozens of classes. The deployed system supports access through object-oriented APIs with consistent syntax for retrieval of any type of data object across all classes in the original UML model. The caCORE SDK is currently being used by several development teams, including by participants in the cancer biomedical informatics grid (caBIG program, to create compatible data services. caBIG compatibility standards are based upon caCORE resources, and thus the caCORE SDK has

  2. Security and Feminism: Common Denominator, Zonaro Feminism and Gender Security

    OpenAIRE

    Roxana APALAGHIE

    2015-01-01

    Issue and purpose, in this paper, the feminist paradigm brought together the two concepts of security and feminism, to sketch the common denominator of both, representing a direction of actions for security, gender equality, extension of the rights and the role of women, integration of women`s perspectives and experiences in the decision-making process. The article is mainly intended to define two new concepts, gender security and zonaro feminism, where gender security is an expression that g...

  3. A common language for computer security incidents

    Energy Technology Data Exchange (ETDEWEB)

    John D. Howard; Thomas A Longstaff

    1998-10-01

    Much of the computer security information regularly gathered and disseminated by individuals and organizations cannot currently be combined or compared because a common language has yet to emerge in the field of computer security. A common language consists of terms and taxonomies (principles of classification) which enable the gathering, exchange and comparison of information. This paper presents the results of a project to develop such a common language for computer security incidents. This project results from cooperation between the Security and Networking Research Group at the Sandia National Laboratories, Livermore, CA, and the CERT{reg_sign} Coordination Center at Carnegie Mellon University, Pittsburgh, PA. This Common Language Project was not an effort to develop a comprehensive dictionary of terms used in the field of computer security. Instead, the authors developed a minimum set of high-level terms, along with a structure indicating their relationship (a taxonomy), which can be used to classify and understand computer security incident information. They hope these high-level terms and their structure will gain wide acceptance, be useful, and most importantly, enable the exchange and comparison of computer security incident information. They anticipate, however, that individuals and organizations will continue to use their own terms, which may be more specific both in meaning and use. They designed the common language to enable these lower-level terms to be classified within the common language structure.

  4. Security and Feminism: Common Denominator, Zonaro Feminism and Gender Security

    Directory of Open Access Journals (Sweden)

    Roxana APALAGHIE

    2015-05-01

    Full Text Available Issue and purpose, in this paper, the feminist paradigm brought together the two concepts of security and feminism, to sketch the common denominator of both, representing a direction of actions for security, gender equality, extension of the rights and the role of women, integration of women`s perspectives and experiences in the decision-making process. The article is mainly intended to define two new concepts, gender security and zonaro feminism, where gender security is an expression that gives priority to the feminist perspectives and integrates them into political decision-making process, and zonaro feminism is a feminist trend focused to improve the political status of women, to revive the election human architecture through an insertion of women in the political sphere and in the specific units of the state apparatus, on merits criteria.

  5. Using Common Sense to Effectively Integrate Security Technologies within a School's Security Strategy

    Energy Technology Data Exchange (ETDEWEB)

    Gree, M.W.

    1998-11-03

    Security technologies are not the answer to all school security problems. However, they can be an excellent tool for school administrators and security personnel when incorporated into a total security strategy involving personnel, procedures, and facility layout. Unfortunately, very few of the tougher security problems in schools have solutions that are affordable, effective, and acceptable. Like any other type of facility, a school's security staff must understand the strengths and limitations of the security measures they are csecurity practices, which will rarely increase new building costs if included in the initial planning.

  6. Common Capabilities for Trust and Security in Service Oriented Infrastructures

    Science.gov (United States)

    Brossard, David; Colombo, Maurizio

    In order to achieve agility of the enterprise and shorter concept-to-market timescales for new services, IT and communication providers and their customers increasingly use technologies and concepts which come together under the banner of the Service Oriented Infrastructure (SOI) approach. In this paper we focus on the challenges relating to SOI security. The solutions presented cover the following areas: i) identity federation, ii) distributed usage & access management, and iii) context-aware secure messaging, routing & transformation. We use a scenario from the collaborative engineering space to illustrate the challenges and the solutions.

  7. ENERGY IN THE CONTEXT OF THE PRESENT CHALLENGES TO THE EUROPEAN COMMON SECURITY AND DEFENCE POLICY

    Directory of Open Access Journals (Sweden)

    Gabriel ANDRUSEAC

    2014-10-01

    Full Text Available The Common Security and Defence Policy is a part of the European Union’s Common Foreign and Security Policy (CFSP and establishes the policy framework for the institutional structures and military instruments which have to deal with the security challenges in Europe’s geopolitical neighborhood. The article aims to identify and analyze the role of energy as one of the present challenges to the European Common Security and Defence Policy in the context of the recent events in the world economy.

  8. Maritime security and the common interests of India and China

    Institute of Scientific and Technical Information of China (English)

    ZHOU Zhonghai

    2006-01-01

    The world has changed dramatically over the years,and being two of the world's largest and most populous developing countries,India and China should remain in close touch on issues concerning developing nations.Today's challenges to maritime security increasingly comprise more non-traditional threats,such as terrorist acts against shipping,trafficking in weapons of mass destruction,piracy and armed robbery at sea,illicit transportation in narcotic drugs,psychotropic substances and nuclear substances,and smuggling of people and arms.It is therefore important to intensify cooperation at all levels to address threats to maritime security and safety in a comprehensive manner through bilateral and multilateral instruments and mechanisms aimed at monitoring,preventing and responding to such threats.

  9. ROMANIA AND THE EU'S COMMON FOREIGN AND SECURITY POLICY

    Directory of Open Access Journals (Sweden)

    Daniel Călin

    2003-03-01

    Full Text Available Within this article, the author tries to sum up the most salient steps undertaken by Romania on the way to the EU, with respect to an area of particular importance for the Union, i.e. CFSP. After a presentation on its actions in CFSP area, one reviews in short the stances adopted by Romania vis-à-vis the new child of EU policies, i.e. ESDP, as well as towards the Romanian involvement / participation in military crisis management. In the end, the European security policy and the enlargement of both the EU and NATO are assessed in the light of the coming IGC and against the background of the 9/11 events.

  10. Common object request broker architecture (CORBA)-based security services for the virtual radiology environment.

    Science.gov (United States)

    Martinez, R; Cole, C; Rozenblit, J; Cook, J F; Chacko, A K

    2000-05-01

    The US Army Great Plains Regional Medical Command (GPRMC) has a requirement to conform to Department of Defense (DoD) and Army security policies for the Virtual Radiology Environment (VRE) Project. Within the DoD, security policy is defined as the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Security policy in the DoD is described by the Trusted Computer System Evaluation Criteria (TCSEC), Army Regulation (AR) 380-19, Defense Information Infrastructure Common Operating Environment (DII COE), Military Health Services System Automated Information Systems Security Policy Manual, and National Computer Security Center-TG-005, "Trusted Network Interpretation." These documents were used to develop a security policy that defines information protection requirements that are made with respect to those laws, rules, and practices that are required to protect the information stored and processed in the VRE Project. The goal of the security policy is to provide for a C2-level of information protection while also satisfying the functional needs of the GPRMC's user community. This report summarizes the security policy for the VRE and defines the CORBA security services that satisfy the policy. In the VRE, the information to be protected is embedded into three major information components: (1) Patient information consists of Digital Imaging and Communications in Medicine (DICOM)-formatted fields. The patient information resides in the digital imaging network picture archiving and communication system (DIN-PACS) networks in the database archive systems and includes (a) patient demographics; (b) patient images from x-ray, computed tomography (CT), magnetic resonance imaging (MRI), and ultrasound (US); and (c) prior patient images and related patient history. (2) Meta-Manager information to be protected consists of several data objects. This information is distributed to the Meta-Manager nodes and

  11. Common object request broker architecture (CORBA)-based security services for the virtual radiology environment.

    Science.gov (United States)

    Martinez, R; Cole, C; Rozenblit, J; Cook, J F; Chacko, A K

    2000-05-01

    The US Army Great Plains Regional Medical Command (GPRMC) has a requirement to conform to Department of Defense (DoD) and Army security policies for the Virtual Radiology Environment (VRE) Project. Within the DoD, security policy is defined as the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Security policy in the DoD is described by the Trusted Computer System Evaluation Criteria (TCSEC), Army Regulation (AR) 380-19, Defense Information Infrastructure Common Operating Environment (DII COE), Military Health Services System Automated Information Systems Security Policy Manual, and National Computer Security Center-TG-005, "Trusted Network Interpretation." These documents were used to develop a security policy that defines information protection requirements that are made with respect to those laws, rules, and practices that are required to protect the information stored and processed in the VRE Project. The goal of the security policy is to provide for a C2-level of information protection while also satisfying the functional needs of the GPRMC's user community. This report summarizes the security policy for the VRE and defines the CORBA security services that satisfy the policy. In the VRE, the information to be protected is embedded into three major information components: (1) Patient information consists of Digital Imaging and Communications in Medicine (DICOM)-formatted fields. The patient information resides in the digital imaging network picture archiving and communication system (DIN-PACS) networks in the database archive systems and includes (a) patient demographics; (b) patient images from x-ray, computed tomography (CT), magnetic resonance imaging (MRI), and ultrasound (US); and (c) prior patient images and related patient history. (2) Meta-Manager information to be protected consists of several data objects. This information is distributed to the Meta-Manager nodes and

  12. Common criteria related security design patterns for intelligent sensors--knowledge engineering-based implementation.

    Science.gov (United States)

    Bialas, Andrzej

    2011-01-01

    Intelligent sensors experience security problems very similar to those inherent to other kinds of IT products or systems. The assurance for these products or systems creation methodologies, like Common Criteria (ISO/IEC 15408) can be used to improve the robustness of the sensor systems in high risk environments. The paper presents the background and results of the previous research on patterns-based security specifications and introduces a new ontological approach. The elaborated ontology and knowledge base were validated on the IT security development process dealing with the sensor example. The contribution of the paper concerns the application of the knowledge engineering methodology to the previously developed Common Criteria compliant and pattern-based method for intelligent sensor security development. The issue presented in the paper has a broader significance in terms that it can solve information security problems in many application domains.

  13. The Common Body of Knowledge: A Framework to Promote Relevant Information Security Research

    Directory of Open Access Journals (Sweden)

    Kenneth J. Knapp

    2007-03-01

    Full Text Available This study proposes using an established common body of knowledge (CBK as one means of organizing information security literature.  Consistent with calls for more relevant information systems (IS research, this industry-developed framework can motivate future research towards topics that are important to the security practitioner.  In this review, forty-eight articles from ten IS journals from 1995 to 2004 are selected and cross-referenced to the ten domains of the information security CBK.  Further, we distinguish articles as empirical research, frameworks, or tutorials.  Generally, this study identified a need for additional empirical research in every CBK domain including topics related to legal aspects of information security.  Specifically, this study identified a need for additional IS security research relating to applications development, physical security, operations security, and business continuity.  The CBK framework is inherently practitioner oriented and using it will promote relevancy by steering IS research towards topics important to practitioners.  This is important considering the frequent calls by prominent information systems scholars for more relevant research.  Few research frameworks have emerged from the literature that specifically classify the diversity of security threats and range of problems that businesses today face.  With the recent surge of interest in security, the need for a comprehensive framework that also promotes relevant research can be of great value.

  14. Safeguards and Security by Design (SSBD) for Small Modular Reactors (SMRs) through a Common Global Approach

    Energy Technology Data Exchange (ETDEWEB)

    Badwan, Faris M. [Los Alamos National Lab. (LANL), Los Alamos, NM (United States); Demuth, Scott Francis [Los Alamos National Lab. (LANL), Los Alamos, NM (United States); Miller, Michael Conrad [Los Alamos National Lab. (LANL), Los Alamos, NM (United States); Pshakin, Gennady [Obninsk Institute of Physics and Power Engineering (Russian Federation)

    2015-02-23

    Small Modular Reactors (SMR) with power levels significantly less than the currently standard 1000 to 1600-MWe reactors have been proposed as a potential game changer for future nuclear power. SMRs may offer a simpler, more standardized, and safer modular design by using factory built and easily transportable components. Additionally, SMRs may be more easily built and operated in isolated locations, and may require smaller initial capital investment and shorter construction times. Because many SMRs designs are still conceptual and consequently not yet fixed, designers have a unique opportunity to incorporate updated design basis threats, emergency preparedness requirements, and then fully integrate safety, physical security, and safeguards/material control and accounting (MC&A) designs. Integrating safety, physical security, and safeguards is often referred to as integrating the 3Ss, and early consideration of safeguards and security in the design is often referred to as safeguards and security by design (SSBD). This paper describes U.S./Russian collaborative efforts toward developing an internationally accepted common approach for implementing SSBD/3Ss for SMRs based upon domestic requirements, and international guidance and requirements. These collaborative efforts originated with the Nuclear Energy and Nuclear Security working group established under the U.S.-Russia Bilateral Presidential Commission during the 2009 Presidential Summit. Initial efforts have focused on review of U.S. and Russian domestic requirements for Security and MC&A, IAEA guidance for security and MC&A, and IAEA requirements for international safeguards. Additionally, example SMR design features that can enhance proliferation resistance and physical security have been collected from past work and reported here. The development of a U.S./Russian common approach for SSBD/3Ss should aid the designer of SMRs located anywhere in the world. More specifically, the application of this approach may

  15. Crowdsourcing cyber security: a property rights view of exclusion and theft on the information commons

    Directory of Open Access Journals (Sweden)

    Gary Shiffman

    2013-02-01

    Full Text Available Individuals increasingly rely upon the internet for basic economic interaction. Current cyber security mechanisms are unable to stop adversaries and hackers from gaining access to sensitive information stored on government, business, and public computers. Experts propose implementing attribution and audit frameworks in cyberspace to deter, prevent, and prosecute cyber criminals and attackers. However, this method faces significant policy and resource constraints. Social science research, specifically in law and economics, concerning common-pool resources suggests an organic approach to cyber security may yield an appropriate solution. This cyber commons method involves treating the internet as a commons and encouraging individuals and institutions to voluntarily implement innovative and adaptive monitoring mechanisms. Such mechanisms are already in use and in many cases have proven more effective than attribution mechanisms in resisting and tracing the source of cyber attacks.

  16. H v Council: Another Court breakthrough in the Common Foreign and Security Policy

    DEFF Research Database (Denmark)

    Butler, Graham

    2016-01-01

    ’ at the Treaty of Lisbon, the pillar’s shadow still lives on. Lasting evidence of CFSP as a separate but integrated sphere of law allow for it to be titled ‘CFSP law’, with judgments of the Court arising from interinstitutional and direct action litigation, permitting its legal development. The two judgments......This summer alone, the Court of Justice (‘the Court’) has issued two important decisions that will further shape the legal dimension of the Common Foreign and Security Policy (CFSP). Despite this largely intergovernmental sphere of law (the former Second Pillar) being merged into the unified ‘EU...

  17. Common object request broker architecture (CORBA)-based security services for the Virtual Radiology Environment

    OpenAIRE

    Martinez, Ralph; Cole, Colin; Rozenblit, Jerzy; Cook, Jay F.; Chacko, Anna K.

    2000-01-01

    The US Army Great Plains Regional Medical Command (GPRMC) has a requirement to conform to Department of Defense (DoD) and Army security policies for the Virtual Radiology Environment (VRE) Project. Within the DoD, security policy is defined as the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Security policy in the DoD is described by the Trusted Computer System Evaluation Criteria (TCSEC), Army Regulation (AR) 38...

  18. The Deadlock that never Happened: the Impact of Enlargement on the Common Foreign and Security Policy Council Working Groups

    OpenAIRE

    JUNCOS, Ana E; Karolina Pomorska

    2007-01-01

    Contrary to some previous assumptions, the enlargement did not halt the Common Foreign and Security Policy (CFSP) decision-making process in a substantial way. Rather it changed the dynamics within the working environment, preserving the importance of consensus-building practices in the Council working groups. The aim of this article is twofold. First, it tracks the changes that the recent enlargement caused in the working practices of the Council working groups. It also attempts to assess th...

  19. Intelligence-led risk management for homeland security: a collaborative approach for a common goal

    OpenAIRE

    Jackson, David P.

    2011-01-01

    CHDS State/Local The concept of risk management provides the foundation of the homeland security enterprise. The United States of America faces numerous complex risks ranging from a series of natural hazards, pandemic disease, technological hazards, transnational criminal enterprises and acts of terrorism perpetrated by intelligent adversaries. The management of these risks requires a strategic collaborative effort from the intelligence and risk analysis communities and many stakeholders a...

  20. Data fusion in cyber security: first order entity extraction from common cyber data

    Science.gov (United States)

    Giacobe, Nicklaus A.

    2012-06-01

    The Joint Directors of Labs Data Fusion Process Model (JDL Model) provides a framework for how to handle sensor data to develop higher levels of inference in a complex environment. Beginning from a call to leverage data fusion techniques in intrusion detection, there have been a number of advances in the use of data fusion algorithms in this subdomain of cyber security. While it is tempting to jump directly to situation-level or threat-level refinement (levels 2 and 3) for more exciting inferences, a proper fusion process starts with lower levels of fusion in order to provide a basis for the higher fusion levels. The process begins with first order entity extraction, or the identification of important entities represented in the sensor data stream. Current cyber security operational tools and their associated data are explored for potential exploitation, identifying the first order entities that exist in the data and the properties of these entities that are described by the data. Cyber events that are represented in the data stream are added to the first order entities as their properties. This work explores typical cyber security data and the inferences that can be made at the lower fusion levels (0 and 1) with simple metrics. Depending on the types of events that are expected by the analyst, these relatively simple metrics can provide insight on their own, or could be used in fusion algorithms as a basis for higher levels of inference.

  1. Common Criteria Protection Profile "Multiple Independent Levels of Security: Operating System" [V2.03

    OpenAIRE

    Furgel, Igor; Saftig, Viola

    2016-01-01

    This Protection Profile ‘Multiple Independent Levels of Security: Operating System (MILS PP: Operating System)’ is issued by the EURO-MILS Consortium. This PP addresses only Operating System as part of a MILS final integrated system. This PP is intended to be part of a set of MILS PPs that should comprise, in the future, also other PPs regarding MILS architecture, like a PP addressing both underlying Hardware Platform and Operating System together and a PP for the entire integ...

  2. Ensuring Security of Supply of Natural Gas in the European Union’s Common Energy Policy

    Directory of Open Access Journals (Sweden)

    Andrei Teofil Postolachi

    2013-08-01

    Full Text Available The problematic of energy policy is nowadays widely disputed in the European Union community. In a global context characterized by highly and raising dependency of the economic activity on the energetic resources, the European authorities had launched a strategy in this sector which regards the problems of access to secure and affordable energy products. The aim of this paper is linked to the natural gas field of the European energetic concerns, and it assumes the high dependency of internal consumption on imports, more than half of the natural gas that is used in the 27 states comes from abroad. Ensuring a higher level of security in the supply is one of the goals that European Union wants to achieve on medium and long term. In these circumstances, actual measurements take into account different type of actions: stabilize relations with existing partner gas exporters (Russia, Algeria, Norway; diversification of transport routes coming from these countries, especially in the idea of trying to avoid transit countries (mainly Ukraine and Belarus; and finally opening discussions and investing in alternative routes which should transport the gas from new suppliers placed in the Caspian Sea or Central Asia region.

  3. Data Safe Havens and Trust: Toward a Common Understanding of Trusted Research Platforms for Governing Secure and Ethical Health Research.

    Science.gov (United States)

    Lea, Nathan Christopher; Nicholls, Jacqueline; Dobbs, Christine; Sethi, Nayha; Cunningham, James; Ainsworth, John; Heaven, Martin; Peacock, Trevor; Peacock, Anthony; Jones, Kerina; Laurie, Graeme; Kalra, Dipak

    2016-06-21

    In parallel with the advances in big data-driven clinical research, the data safe haven concept has evolved over the last decade. It has led to the development of a framework to support the secure handling of health care information used for clinical research that balances compliance with legal and regulatory controls and ethical requirements while engaging with the public as a partner in its governance. We describe the evolution of 4 separately developed clinical research platforms into services throughout the United Kingdom-wide Farr Institute and their common deployment features in practice. The Farr Institute is a case study from which we propose a common definition of data safe havens as trusted platforms for clinical academic research. We use this common definition to discuss the challenges and dilemmas faced by the clinical academic research community, to help promote a consistent understanding of them and how they might best be handled in practice. We conclude by questioning whether the common definition represents a safe and trustworthy model for conducting clinical research that can stand the test of time and ongoing technical advances while paying heed to evolving public and professional concerns.

  4. Data Safe Havens and Trust: Toward a Common Understanding of Trusted Research Platforms for Governing Secure and Ethical Health Research.

    Science.gov (United States)

    Lea, Nathan Christopher; Nicholls, Jacqueline; Dobbs, Christine; Sethi, Nayha; Cunningham, James; Ainsworth, John; Heaven, Martin; Peacock, Trevor; Peacock, Anthony; Jones, Kerina; Laurie, Graeme; Kalra, Dipak

    2016-01-01

    In parallel with the advances in big data-driven clinical research, the data safe haven concept has evolved over the last decade. It has led to the development of a framework to support the secure handling of health care information used for clinical research that balances compliance with legal and regulatory controls and ethical requirements while engaging with the public as a partner in its governance. We describe the evolution of 4 separately developed clinical research platforms into services throughout the United Kingdom-wide Farr Institute and their common deployment features in practice. The Farr Institute is a case study from which we propose a common definition of data safe havens as trusted platforms for clinical academic research. We use this common definition to discuss the challenges and dilemmas faced by the clinical academic research community, to help promote a consistent understanding of them and how they might best be handled in practice. We conclude by questioning whether the common definition represents a safe and trustworthy model for conducting clinical research that can stand the test of time and ongoing technical advances while paying heed to evolving public and professional concerns. PMID:27329087

  5. Security

    Science.gov (United States)

    Technology & Learning, 2008

    2008-01-01

    Anytime, anywhere, learning provides opportunities to create digital learning environments for new teaching styles and personalized learning. As part of making sure the program is effective, the safety and security of students and assets are essential--and mandated by law. The Children's Internet Protection Act (CIPA) addresses Internet content…

  6. Asylum migration and the construction of the European Common Foreign and Security Policy: evidence from the Greek case

    Directory of Open Access Journals (Sweden)

    Silvia Lucía Forero Castañeda

    2015-12-01

    Full Text Available This article examines how the recent evolution of asylum migration has affected the construction of the European Common Foreign and Security Policy (EU-CFSP, taking the Greek case during the 2001-2012 period as a starting point. With this in mind, the normative progress of the EU-CFSP facing the reception of asylum seekers in Greece is analyzed, under the scope of what Barry Buzan and Ole Waever would call Securitization Process. Both legal and political frameworks on asylum migration in Greece and in the European Union are approached, in the context of the evolution of the EU-CFSP in three main areas: Neighborhood Policy, Development and Cooperation Policy, and Human Rights Protection. The conclusión points toward the partial influence of asylum migration in the configuration of the UE-CFSP during the studied period.

  7. Asia Needs Common Security

    Institute of Scientific and Technical Information of China (English)

    Hussain; Muhammad; Ershad

    2014-01-01

    <正>Mr.Chairman,Distinguished Guests,Excellencies,Friends,Ladies and gentlemen,International day of peace is commemorated every year,but this year it bears special implications and significance for the continent of Asia,especially in the context of the historic remarks His Excellency Xi Jinping the honorable President of the People’s Republic of China made at the Shanghai Expo

  8. Overall National Security Concept:the Common Security of a Variety of Actors%总体国家安全观:多种行为体的共同安全

    Institute of Scientific and Technical Information of China (English)

    何文姬

    2015-01-01

    总体国家安全观是在统筹国际国内两个视域、兼顾传统安全与非传统安全的背景下提出,它不仅是一个关于安全的概念,更是一种理念,表达了安全事实所可能达到的最好状态,饱含了不同行为体对安全的生存与发展环境的期待与追求,是人们对于建立安全共同体所持的一种理想.总体国家安全观正确把握了国家安全形势的新特点新趋势,是一个包含着多种行为体的共同安全.它在更宽广的时空领域内考虑到了国际关系与内政的联系、国际与社会的关系以及整体利益与个体利益之间的协调,除了民族国家这一主导性的安全主体以外囊括了个人、团体及全球等单位,实现了国家安全与个人安全、群体安全和全球安全紧密结合.%The overall national security concept is put forward under the background of overall international and domestic two horizons, taking into account the traditional security and non-traditional security. It is not only a security concept, but also a kind of concept, even a kind of ideal. Which expressing the best possible state of safety, the expectation and the pursuit of the security of the different actors in the environment of survival and development. It is an ideal that people have to establish a safe community. The overall national security concept correctly grasp the new characteristics and new trend of the national security situation, is a common security of many kinds of behavior. It takes into account the connection between international relations and internal affairs, the relationship between the international and the internal affairs, the coordination of the overall interests and the individual interests. In addition to the national security, the main of the national security and the global and other units, it is a combination of national security and personal safety, group security and global security.

  9. Clausewitz and the theory of military strategy in Europe : reflections upon a paradigm of military strategy within the European Common Security and Defense Policy (ESDP)

    OpenAIRE

    Hartmann, Uwe.

    2001-01-01

    The purpose of the study is to reveal characteristics of the strategic cultures in Britain, France, and Germany as the major member states of the European Union (EU), Assuming that national differences can be detected, the study proceeds in assessing whether there is an opportunity to reconcile them, or even to establish a European paradigm of strategic thinking as a core element of the Common Security and Defense Policy of the EU, Based on the interpretation of Clausewitz's theory of war and...

  10. 78 FR 52553 - Privacy Act of 1974; Department of Homeland Security/ALL-035 Common Entity Index Prototype System...

    Science.gov (United States)

    2013-08-23

    ... this work and contributes to DHS's readiness and effectiveness in carrying out its national security... 30, 2012, 77 FR 44642); (2) U.S. Immigration and Customs Enforcement (ICE)'s Student and Exchange... DHS/ICE-001--Student and Exchange Visitor Information System SORN (January 5, 2010, 75 FR 412); and...

  11. Design of Cyberwar Laboratory Exercises to Implement Common Security Attacks against IEEE 802.11 Wireless Networks

    Directory of Open Access Journals (Sweden)

    Mina Malekzadeh

    2010-01-01

    Full Text Available In wireless network communications, radio waves travel through free space; hence, the information reaches any receiving point with appropriate radio receivers. This aspect makes the wireless networks vulnerable to various types of attacks. A true understanding of these attacks provides better ability to defend the network against the attacks, thus eliminating potential threats from the wireless systems. This work presents a series of cyberwar laboratory exercises that are designed for IEEE 802.11 wireless networks security courses. The exercises expose different aspects of violations in security such as confidentiality, privacy, availability, and integrity. The types of attacks include traffic analysis, rogue access point, MAC filtering, replay, man-in-the-middle, and denial of service attacks. For each exercise, the materials are presented as open-source tools along with descriptions of the respective methods, procedures, and penetration techniques.

  12. DIRECT secure messaging as a common transport layer for reporting structured and unstructured lab results to outpatient providers.

    Science.gov (United States)

    Sujansky, Walter; Wilson, Tom

    2015-04-01

    This report describes a grant-funded project to explore the use of DIRECT secure messaging for the electronic delivery of laboratory test results to outpatient physicians and electronic health record systems. The project seeks to leverage the inherent attributes of DIRECT secure messaging and electronic provider directories to overcome certain barriers to the delivery of lab test results in the outpatient setting. The described system enables laboratories that generate test results as HL7 messages to deliver these results as structured or unstructured documents attached to DIRECT secure messages. The system automatically analyzes generated HL7 messages and consults an electronic provider directory to determine the appropriate DIRECT address and delivery format for each indicated recipient. The system also enables lab results delivered to providers as structured attachments to be consumed by HL7 interface engines and incorporated into electronic health record systems. Lab results delivered as unstructured attachments may be printed or incorporated into patient records as PDF files. The system receives and logs acknowledgement messages to document the status of each transmitted lab result, and a graphical interface allows searching and review of this logged information. The described system is a fully implemented prototype that has been tested in a laboratory setting. Although this approach is promising, further work is required to pilot test the system in production settings with clinical laboratories and outpatient provider organizations. PMID:25766489

  13. The Relevance and Influence of Small States in NATO and the EU Common Foreign and Security Policy

    Directory of Open Access Journals (Sweden)

    Urbelis Vaidotas

    2015-12-01

    Full Text Available Small states are important and visible players in international politics. Their power is limited, and their economy and military capability may not match those of their larger neighbours, but small states enjoy certain advantages that increase their abilities to influence international politics. This article tries to show and explain how small states can act and exploit their advantages in a wider international arena. The main aim is to show ways and methods for small states to act and pursue their policy goals. This article analyses the behaviour of small states inside two major European security actors: NATO and the EU. Several examples will be presented in detail, namely, air policing in the Baltic states and the Lithuanian Presidency in the European Council. These examples clearly show the achievements and failures of small states in international politics.

  14. Reading the Common Foreign and Security Policy of the European Union in terms of the issue of Terrorism : An analysis on the evolution of the CFSP of the EU under the issue of Terrorism

    OpenAIRE

    Kalkan, Övgu

    2005-01-01

    In the post Cold-War era, world politics was transforming itself through its emerging complex issues such as terrorism and influential and interdependent actors such as the European Union. In this new era, the European Union was developing its Common Foreign and Security Policy pillar both to present a coherent and unified EU policy and to prove its political potent in order to become an influential actor on world politics. On the other side, security environment was also transforming its con...

  15. NATO New Strategy & EU Common Foreign Security Policy%北约新战略与欧盟共同外交与安全政策

    Institute of Scientific and Technical Information of China (English)

    刘胜湘

    2001-01-01

    冷战结束以后,欧洲面临着严峻的安全挑战。原苏联东欧地区因剧变而引发了民族矛盾、宗教冲突、领土争端等。北约因传统对手的消失面临解散的危险,而欧盟独立处事的能力极其有限。在这种背景之下,美国为了继续利用北约维护其在欧洲的领导地位,借口稳定欧洲,极力倡导北约新战略。法、德、英等欧洲主要国家以“欧洲事务的欧洲化”为口号试图推出欧盟共同外交与安全政策,推动独立防务力量的发展。美国与法、德、英之间因争夺欧洲事务的主导权,提出了关于欧洲安全结构的不同设想。美国、北约因不可逆转的欧洲化趋势,无可奈何地支持欧盟发展欧洲特性,建立欧洲支柱。欧盟因难以在短期内摆脱对美国的依赖,接受在北约的框架内实施欧盟共同外交与安全政策。%With the end of the cold war, Europe was confronted with grim challenges of security. The nation contradictions, the religion conflicts and the border disputes came into being because of the disappearance of the former USSR and the East Europe, and EU was short of the capacity to act independently. Under the background above, the US glamorously advocated the New Strategy of NATO in order to keep her leadership about the European affairs, and France, Germany and the Great Britain tried initiating the Common Foreign and Security Policy of EU. The US, France, Germany and the Great Britain put forward different European security frames for the sake of playing the dominant role of the European affairs. Under the leadership of the US, NATO had to support the development of European Security and Defense Identity, and the UN accepted the viewpoint that the development of the ESDI must be limited within NATO at the same time.

  16. Privatising Security

    OpenAIRE

    Irina Mindova-Docheva

    2016-01-01

    The article proposes an analysis of the different approaches towards employing the international legal framework in the regulation and oversight of private military and security companies’ operation in armed conflicts and in peace time security systems. It proposes a partnership-based approach for public and private actors aiming at creating and sharing common values under the principles of solidarity, protection of human rights and rule of law. A focus of further research shou...

  17. Wireshark network security

    CERN Document Server

    Verma, Piyush

    2015-01-01

    If you are network administrator or a security analyst with an interest in using Wireshark for security analysis, then this is the book for you. Basic familiarity with common network and application services terms and technologies is assumed.

  18. Some consequences for the Union’s common foreign and security policy of the EU-enlargement with the former Soviet bloc countries

    NARCIS (Netherlands)

    L. Marácz

    2008-01-01

    In this era of multilateralism with strong monolithic, global political actors such as the US, Russia and China the European Union (EU) should coordinate its foreign and security policy, if it wants to play a role in the global political arena. In recent treaties however, the Union has not succeeded

  19. Security guide for subcontractors

    International Nuclear Information System (INIS)

    The objectives of security in the Department of Energy (DOE) contractor/subcontractor program are: (1) to ensure the protection of information which, if related, would endanger the common defense and security of the nation; and (2) to safeguard the plants and installations of the DOE and its contractors in order that research and production programs will not be interrupted. To achieve these objectives, security responsibilities have been divided into three interdependent categories: personnel security, physical security, and security education and quality audits. This guide presents instructions for implementing a security program at a contractor/subcontractor site

  20. Lecture 2: Software Security

    CERN Document Server

    CERN. Geneva

    2013-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development, testing and deployment. Sebastian Lopienski is CERN’s deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and ...

  1. Web Security Testing Cookbook

    CERN Document Server

    Hope, Paco

    2008-01-01

    Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. The recipes in the Web Security Testing Cookbook demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests. Unlike ad hoc security assessments, these recipes are repeatable, concise, and systematic-perfect for integrating into your regular test suite.

  2. Early Disposal Technology of Common Road Security Problems%道路常见警情先期处置技术研究

    Institute of Scientific and Technical Information of China (English)

    何树林

    2012-01-01

    随着我国经济建设的高速发展,在道路交通安全问题日趋复杂的同时,道路治安问题也日趋严重,处理道路各类警情已成为交警的一项重要任务。本文对道路警情先期处置的准备工作、应遵循的原则和常见警情的先期处置技术进行了研究、探讨,目的是为公安机关道路交通管理部门及其交警提供帮助。%With the rapid development of China's economic construction, road traffic safety issues become increasingly complex, at the same time, roads security problems are becoming increasingly serious, and solving road problems has already become an important task of (raffle police. This article discusses the preparation work, the principle followed and the technology of early disposal of road problems, which aims to provide help for traffic administration organizations and traffic police

  3. Alternative security

    International Nuclear Information System (INIS)

    This book contains the following chapters: The Military and Alternative Security: New Missions for Stable Conventional Security; Technology and Alternative Security: A Cherished Myth Expires; Law and Alternative Security: Toward a Just World Peace; Politics and Alternative Security: Toward a More Democratic, Therefore More Peaceful, World; Economics and Alternative Security: Toward a Peacekeeping International Economy; Psychology and Alternative Security: Needs, Perceptions, and Misperceptions; Religion and Alternative Security: A Prophetic Vision; and Toward Post-Nuclear Global Security: An Overview

  4. Security in Computer Applications

    CERN Document Server

    CERN. Geneva

    2004-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development. The last part of the lecture covers some miscellaneous issues like the use of cryptography, rules for networking applications, and social engineering threats. This lecture was first given on Thursd...

  5. Security of Dependable Systems

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Security and dependability are crucial for designing trustworthy systems. The approach “security as an add-on” is not satisfactory, yet the integration of security in the development process is still an open problem. Especially, a common framework for specifying dependability and security is very...... much needed. There are many pressing challenges however; here, we address some of them. Firstly, security for dependable systems is a broad concept and traditional view of security, e.g., in terms of confidentiality, integrity and availability, does not suffice. Secondly, a clear definition of security...... in the dependability context is not agreed upon. Thirdly, security attacks cannot be modeled as a stochastic process, because the adversary’s strategy is often carefully planned. In this chapter, we explore these challenges and provide some directions toward their solutions....

  6. Intelligent Sensors Security

    Directory of Open Access Journals (Sweden)

    Andrzej Bialas

    2010-01-01

    Full Text Available The paper is focused on the security issues of sensors provided with processors and software and used for high-risk applications. Common IT related threats may cause serious consequences for sensor system users. To improve their robustness, sensor systems should be developed in a restricted way that would provide them with assurance. One assurance creation methodology is Common Criteria (ISO/IEC 15408 used for IT products and systems. The paper begins with a primer on the Common Criteria, and then a general security model of the intelligent sensor as an IT product is discussed. The paper presents how the security problem of the intelligent sensor is defined and solved. The contribution of the paper is to provide Common Criteria (CC related security design patterns and to improve the effectiveness of the sensor development process.

  7. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2003-01-01

    Since 1993, the Information Security Management Handbook has served not only as an everyday reference for information security practitioners but also as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination. Now completely revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a complete understanding of all the items in it. This is a ...must have... book, both for preparing for the CISSP exam and as a c

  8. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2004-01-01

    For more than a decade, the Information Security Management Handbook has served as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination and as a reference for information security practitioners. Now thoroughly revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a comprehensive understanding of all the items in it. This is a valuable book, both for preparing for the CISSP exam and as a complete, up-to

  9. Beginning ASPNET Security

    CERN Document Server

    Dorrans, Barry

    2010-01-01

    Beginning ASP.NET 3.5 Security is geared for novice to intermediate ASP.NET programmers who wish to protect and defend their web sites against attack and exploitation. Beginning with a discussion of why we need security and the things that may occur when it is ignored and an overview of how ASP.NET works, readers are taken through the common steps in developing a web site, the security problems each area exposes and how these can be exploited. Visual Studio Security MVP Barry Dorrans teaches readers how they can defend their applications using the standard .NET framework, industry patterns and

  10. Study on Service Model Selection of Securities Information Companies Based on Common Weight DEA Model%基于公共权重DEA模型的证券信息公司服务模式选择研究

    Institute of Scientific and Technical Information of China (English)

    胡翠华; 夏琼; 王小玲

    2012-01-01

    证券信息公司是知识密集型现代服务企业,以往研究从定性分析的角度注意到证券信息服务的多种模式选择问题,但尚未结合科学的定量分析工具对证券信息服务模式进行评价.本文选取证券信息公司典型的19种信息服务模式作为决策单元,建立评价指标体系,对5家有代表性的证券信息公司进行数据采集,采用公共权重DEA模型进行实证分析,得出这19种服务模式的选择顺序.研究表明,互联网络广告服务、电子邮件邮寄资讯、产品包装服务模式和移动证券信息服务是证券信息公司的主营服务模式;提供投资资讯是主要的内容精加工服务模式;咨询服务模式是主营服务模式发展的有力推手;内容粗加工服务模式是最劣选择.针对这一研究结果,文章最后给出了证券信息公司服务模式选择的建议.%Securities information companies (SICs) belongs to knowledge -intensive business services industry. The related works seldom cover the service model selection of SICs from the quantitative analysis aspects. Based on common weigh data envelopment analysis approach and data process, this paper analyzed nineteen securities information service models from five typical SICs and got their ranks which offered the preliminary selection sequence of service model of SICs. The results showed that internet advertisement service, email - push information service, service package and mobile securities information service were the main service models of SICs. Investment consulting information was the important content deeply processed service model. Consulting service model benefited the development of main service model. The simply - processed service model was the worst option. Finally, the gave some suggestions for SICs' selection on service model.

  11. EU Security Strategy

    Institute of Scientific and Technical Information of China (English)

    Hong Jianjun

    2007-01-01

    The European Security and Defence Policy (ESDP) comprises an important part of the EU's Common Foreign and Security Policy (CFSP). The aim of ESDP is to strengthen the EU's external ability to act through the development of civilian and military capabilities for international conflict prevention and crisis management. In December 2003, the EU adopted its first European Security Strategy (ESS). Ever since then, the implementation of the ESS has been regarded as one of the biggest challenges for the EU in CFSP/ESDP matters. Although much progress has been made in its independent security and defence-building process, EU still faces serious problems and difficulties in this policy area. This paper tries to examine these recent developments, assess their impacts in regional-global security, and analyze existing problems and future trends. Finally, the author also examines EU-China engagements in recent years and explores possibilities for their future cooperation in the area of international security.

  12. Enterprise Mac Security Mac OS X Snow Leopard Security

    CERN Document Server

    Edge, Stephen Charles; Hunter, Beau; Sullivan, Gene; LeBlanc, Dee-Ann

    2010-01-01

    A common misconception in the Mac community is that Mac's operating system is more secure than others. While this might be true in certain cases, security on the Mac is still a crucial issue. When sharing is enabled or remote control applications are installed, Mac OS X faces a variety of security threats. Enterprise Mac Security: Mac OS X Snow Leopard is a definitive, expert-driven update of the popular, slash-dotted first edition and was written in part as a companion to the SANS Institute course for Mac OS X. It contains detailed Mac OS X security information, and walkthroughs on securing s

  13. Secure Scrum: Development of Secure Software with Scrum

    OpenAIRE

    Pohl, Christoph; Hof, Hans-Joachim

    2015-01-01

    Nowadays, the use of agile software development methods like Scrum is common in industry and academia. Considering the current attacking landscape, it is clear that developing secure software should be a main concern in all software development projects. In traditional software projects, security issues require detailed planning in an initial planning phase, typically resulting in a detailed security analysis (e.g., threat and risk analysis), a security architecture, and instructions for secu...

  14. Computer Security: Security operations at CERN (4/4)

    CERN Document Server

    CERN. Geneva

    2012-01-01

    Stefan Lueders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Being initially developer of a common safety system used in all four experiments at the Large Hadron Collider, he gathered expertise in cyber-security issues of control systems. Consequently in 2004, he took over responsibilities in securing CERN's accelerator and infrastructure control systems against cyber-threats. Subsequently, he joined the CERN Computer Security Incident Response Team and is today heading this team as CERN's Computer Security Officer with the mandate to coordinate all aspects of CERN's computer security --- office computing security, computer centre security, GRID computing security and control system security --- whilst taking into account CERN's operational needs. Dr. Lueders has presented on these topics at many different occasions to international bodies, governments, and companies, and published several articles. With the prevalence of modern information technologies and...

  15. Cyber security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

  16. Financial security

    NARCIS (Netherlands)

    M. de Goede

    2010-01-01

    1. Introduction J. Peter Burgess Part 1: New Security Concepts 2. Civilizational Security Brett Bowden 3. Risk Oliver Kessler 4. Small Arms Keith Krause 5. Critical Human Security Taylor Owen 6. Critical Geopolitics Simon Dalby Part 2: New Security Subjects 7. Biopolitics Michael Dillon 8. Gendered

  17. LTE security

    CERN Document Server

    Forsberg, Dan; Moeller, Wolf-Dietrich

    2010-01-01

    Addressing the security solutions for LTE, a cellular technology from Third Generation Partnership Project (3GPP), this book shows how LTE security substantially extends GSM and 3G security. It also encompasses the architectural aspects, known as SAE, to give a comprehensive resource on the topic. Although the security for SAE/LTE evolved from the security for GSM and 3G, due to different architectural and business requirements of fourth generation systems the SAE/LTE security architecture is substantially different from its predecessors. This book presents in detail the security mechanisms em

  18. Common Cold

    Science.gov (United States)

    ... coughing - everyone knows the symptoms of the common cold. It is probably the most common illness. In ... people in the United States suffer 1 billion colds. You can get a cold by touching your ...

  19. Beyond grid security

    International Nuclear Information System (INIS)

    While many fields relevant to Grid security are already covered by existing working groups, their remit rarely goes beyond the scope of the Grid infrastructure itself. However, security issues pertaining to the internal set-up of compute centres have at least as much impact on Grid security. Thus, this talk will present briefly the EU ISSeG project (Integrated Site Security for Grids). In contrast to groups such as OSCT (Operational Security Coordination Team) and JSPG (Joint Security Policy Group), the purpose of ISSeG is to provide a holistic approach to security for Grid computer centres, from strategic considerations to an implementation plan and its deployment. The generalised methodology of Integrated Site Security (ISS) is based on the knowledge gained during its implementation at several sites as well as through security audits, and this will be briefly discussed. Several examples of ISS implementation tasks at the Forschungszentrum Karlsruhe will be presented, including segregation of the network for administration and maintenance and the implementation of Application Gateways. Furthermore, the web-based ISSeG training material will be introduced. This aims to offer ISS implementation guidance to other Grid installations in order to help avoid common pitfalls

  20. Security Expertise

    DEFF Research Database (Denmark)

    This volume brings together scholars from different fields to explore the power, consequences and everyday practices of security expertise. Expertise mediates between different forms of knowledge: scientific and technological, legal, economic and political knowledge. This book offers the first...... systematic study of security expertise and opens up a productive dialogue between science and technology studies and security studies to investigate the character and consequences of this expertise. In security theory, the study of expertise is crucial to understanding whose knowledge informs security making...... and to reflect on the impact and responsibility of security analysis. In science and technology studies, the study of security politics adds a challenging new case to the agenda of research on expertise and policy. The contributors investigate cases such as academic security studies, security think tanks...

  1. Indirection and computer security.

    Energy Technology Data Exchange (ETDEWEB)

    Berg, Michael J.

    2011-09-01

    The discipline of computer science is built on indirection. David Wheeler famously said, 'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. We propose that every computer security vulnerability is yet another problem created by the indirections in system designs and that focusing on the indirections involved is a better way to design, evaluate, and compare security solutions. We are not proposing that indirection be avoided when solving problems, but that understanding the relationships between indirections and vulnerabilities is key to securing computer systems. Using this perspective, we analyze common vulnerabilities that plague our computer systems, consider the effectiveness of currently available security solutions, and propose several new security solutions.

  2. 12 CFR 561.44 - Security.

    Science.gov (United States)

    2010-01-01

    ... 12 Banks and Banking 5 2010-01-01 2010-01-01 false Security. 561.44 Section 561.44 Banks and... SAVINGS ASSOCIATIONS § 561.44 Security. The term security means any non-withdrawable account, note, stock... commonly known as a security, or any certificate of interest or participation in, temporary or...

  3. Data Security in Biomedicine

    OpenAIRE

    Horňáková, Anna

    2011-01-01

    This thesis analyzes current state of use of biometrics in computer security. It provides an overview of the most commonly used anatomical-physiological and behavioral biometric identification methods. The result of the work will be a new set of methods, which allows reliable identification of the user in the most comfortable way. These new principles of data security will be used to enhance the protection of specialized health record. This will contribute to expansion of generally conceived ...

  4. Information risk and security modeling

    Science.gov (United States)

    Zivic, Predrag

    2005-03-01

    This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

  5. Information Security Standards

    Directory of Open Access Journals (Sweden)

    Dan Constantin Tofan

    2011-09-01

    Full Text Available The use of standards is unanimously accepted and gives the possibility of comparing a personal security system with a given frame of reference adopted at an international level. A good example is the ISO 9000 set of standards regarding the quality management system, which is a common reference regardless of the industry in which a certain company activates. Just like quality control standards for other industrial processes such as manufacturing and customer service, information security standards demonstrate in a methodical and certifiable manner that an organization conforms to industry best practices and procedures. This article offers a review of the world’s most used information security standards.

  6. Linux Server Security

    CERN Document Server

    Bauer, Michael D

    2005-01-01

    Linux consistently appears high up in the list of popular Internet servers, whether it's for the Web, anonymous FTP, or general services such as DNS and delivering mail. But security is the foremost concern of anyone providing such a service. Any server experiences casual probe attempts dozens of time a day, and serious break-in attempts with some frequency as well. This highly regarded book, originally titled Building Secure Servers with Linux, combines practical advice with a firm knowledge of the technical tools needed to ensure security. The book focuses on the most common use of Linux--

  7. Node security

    CERN Document Server

    Barnes, Dominic

    2013-01-01

    A practical and fast-paced guide that will give you all the information you need to secure your Node applications.If you are a developer who wishes to secure your Node applications, whether you are already using Node Security in production, or are considering using it for your next project, then this book will enable you to ensure security of your applications. An understanding of JavaScript is a prerequisite, and some experience with Node is recommended, though not required.

  8. Watermarking security

    CERN Document Server

    Bas, Patrick; Cayre, François; Doërr, Gwenaël; Mathon, Benjamin

    2016-01-01

    This book explains how to measure the security of a watermarking scheme, how to design secure schemes but also how to attack popular watermarking schemes. This book gathers the most recent achievements in the field of watermarking security by considering both parts of this cat and mouse game. This book is useful to industrial practitioners who would like to increase the security of their watermarking applications and for academics to quickly master this fascinating domain.

  9. Being Secure

    Institute of Scientific and Technical Information of China (English)

    2006-01-01

    As the world wrestles with challenges from nontraditional security threats, a new concept of security management is emerging Security has traditionally been seen as the means of defending a territory, primarily through the use of military power. However, as the world evolves through the process of globalization, so too does the concept of security. It now incorporates military, political, economic, societal and environmental issues, as well as the many links that bind them. Yet for most people in the wor...

  10. Security Locks

    Science.gov (United States)

    Hart, Kevin

    2010-01-01

    According to a 2008 "Year in Review" report by Educational Security Incidents, an online repository that collects data on higher education security issues, the total number of security incidents reported at universities and colleges worldwide rose to 173 in 2008, a 24.5 percent increase over 2007. The number of institutions affected--perhaps the…

  11. Instituting Commoning

    Directory of Open Access Journals (Sweden)

    . STEALTH.unlimited

    2015-06-01

    Full Text Available Starting from the origins of the notion of management, this paper explores how commons governance is constituted by the earlier influential research of Elinor Ostrom, and pursues this with reference to scholars such as Saki Bailey, who emphasises that the choice of regulatory frame is ultimately a political one. We then argue that commons have to be ‘instituted’ in an open manner in order to remain accessible. This demands a set of scripts, rules or agreements that keep the process of commoning in place, and, simultaneously, keep commoning in a constant process of reproduction. We examine this tension and look at the shift in understanding about what ‘institutions of the commons’ have entailed in practice over the course of the last century and a half. Finally, we return to the political dimension to touch upon the question of whether, with the disappearance of the welfare state, a coherent concept of society can emerge from the current upsurge of commons initiatives.

  12. Common Courses for Common Purposes:

    DEFF Research Database (Denmark)

    Schaub Jr, Gary John

    2014-01-01

    (PME)? I suggest three alternative paths that increased cooperation in PME at the level of the command and staff course could take: a Nordic Defence College, standardized national command and staff courses, and a core curriculum of common courses for common purposes. I conclude with a discussion of how...... the Nordic countries can facilitate cooperation between their military education systems to produce more knowledgeable professional officers....

  13. Perspectives on Energy Security

    International Nuclear Information System (INIS)

    A common notion of 'Energy Security' is that it includes access to energy resources without risking the the survival of the state. 'Security of supply' is most often the concept emphasized in the political discourse on energy security and it includes both production as well as secure and safe delivery of energy to the end consumers. Another aspect of energy security is the need for reducing energy consumption by improving energy efficiency. In this report, eight chapters covering these and other perspectives on energy security are presented. Six of the chapters deal with the supply perspective. Included topics cover power politics and geopolitical perspectives regarding large infrastructure projects and the ambitions of the EU in this regard. Further, methods and approaches for conducting risk analyses of electricity supply systems as well as for improving the security of digital control systems are discussed. As climate change will affect the supply and distribution of energy, one chapter presents an overview of this topic. The consumption perspective is discussed against the backdrop of research about household consumption practices and the role of climate change for future consumption levels. Finally, the role of armed forces as a large energy users is touched upon, as well as how so-called 'future studies' have dealt with energy as a topic

  14. Creative Commons

    DEFF Research Database (Denmark)

    Jensen, Lone

    2006-01-01

    En Creative Commons licens giver en forfatter mulighed for at udbyde sit værk i en alternativ licensløsning, som befinder sig på forskellige trin på en skala mellem yderpunkterne "All rights reserved" og "No rights reserved". Derved opnås licensen "Some rights reserved"......En Creative Commons licens giver en forfatter mulighed for at udbyde sit værk i en alternativ licensløsning, som befinder sig på forskellige trin på en skala mellem yderpunkterne "All rights reserved" og "No rights reserved". Derved opnås licensen "Some rights reserved"...

  15. Science commons

    CERN Document Server

    CERN. Geneva

    2007-01-01

    SCP: Creative Commons licensing for open access publishing, Open Access Law journal-author agreements for converting journals to open access, and the Scholar's Copyright Addendum Engine for retaining rights to self-archive in meaningful formats and locations for future re-use. More than 250 science and technology journals already publish under Creative Commons licensing while 35 law journals utilize the Open Access Law agreements. The Addendum Engine is a new tool created in partnership with SPARC and U.S. universities. View John Wilbanks's biography

  16. Secure refinements of communication channels

    OpenAIRE

    Cheval, Vincent; Cortier, Véronique; Le Morvan, Eric

    2015-01-01

    International audience It is a common practice to design a protocol (say Q) assuming some secure channels. Then the secure channels are implemented using any standard protocol, e.g. TLS. In this paper, we study when such a practice is indeed secure. We provide a characterization of both confidential and authenticated channels. As an application, we study several protocols of the literature including TLS and BAC protocols. Thanks to our result, we can consider a larger number of sessions wh...

  17. Grid Security

    CERN Document Server

    CERN. Geneva

    2004-01-01

    The aim of Grid computing is to enable the easy and open sharing of resources between large and highly distributed communities of scientists and institutes across many independent administrative domains. Convincing site security officers and computer centre managers to allow this to happen in view of today's ever-increasing Internet security problems is a major challenge. Convincing users and application developers to take security seriously is equally difficult. This paper will describe the main Grid security issues, both in terms of technology and policy, that have been tackled over recent years in LCG and related Grid projects. Achievements to date will be described and opportunities for future improvements will be addressed.

  18. Securing Hadoop

    CERN Document Server

    Narayanan, Sudheesh

    2013-01-01

    This book is a step-by-step tutorial filled with practical examples which will focus mainly on the key security tools and implementation techniques of Hadoop security.This book is great for Hadoop practitioners (solution architects, Hadoop administrators, developers, and Hadoop project managers) who are looking to get a good grounding in what Kerberos is all about and who wish to learn how to implement end-to-end Hadoop security within an enterprise setup. It's assumed that you will have some basic understanding of Hadoop as well as be familiar with some basic security concepts.

  19. Common Conduct

    OpenAIRE

    Summers, Francis; Minkin, Louise

    2013-01-01

    Performance at 'Who is the common intellectual,' Copy Press event, Conway Hall (other speakers included Mario Fusco, Jaki Irvine, Anne Tallentire, Sharon Morris). This performance comprised a reading with video (made in collaboration with Louisa Minkin). The piece utilises the visual language of internet memes (as encountered both in vernacular iconography - the vomiting panda - and in the practice of the body - the soldier dancing to 'Call Me Maybe') and use of poetic language along with...

  20. Cloud Security A Comprehensive Guide to Secure Cloud Computing

    CERN Document Server

    Krutz, Ronald L

    2010-01-01

    Well-known security experts decipher the most challenging aspect of cloud computing-security. Cloud computing allows for both large and small organizations to have the opportunity to use Internet-based services so that they can reduce start-up costs, lower capital expenditures, use services on a pay-as-you-use basis, access applications only as needed, and quickly reduce or increase capacities. However, these benefits are accompanied by a myriad of security issues, and this valuable book tackles the most common security challenges that cloud computing faces. The authors offer you years of unpa

  1. Social Security.

    Science.gov (United States)

    Social and Labour Bulletin, 1983

    1983-01-01

    This group of articles discusses a variety of studies related to social security and retirement benefits. These studies are related to both developing and developed nations and are also concerned with studying work conditions and government role in administering a democratic social security system. (SSH)

  2. Privacy and security in teleradiology

    International Nuclear Information System (INIS)

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.

  3. Privacy and security in teleradiology.

    Science.gov (United States)

    Ruotsalainen, Pekka

    2010-01-01

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper. PMID:19914020

  4. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2006-01-01

    Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Application Program Security. Cryptography. Computer, System, and Security Architecture. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigation and Ethics. Physical Security.

  5. Strategic information security

    CERN Document Server

    Wylder, John

    2003-01-01

    Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

  6. Security Bingo

    CERN Multimedia

    Computer Security Team

    2011-01-01

    Want to check your security awareness and win one of three marvellous books on computer security? Just print out this page, mark which of the 25 good practices below you already follow, and send the sheet back to us by 31 October 2011 at either Computer.Security@cern.ch or P.O. Box G19710.   Winners[1] must show that they fulfil at least five good practices in a continuous vertical, horizontal or diagonal row. For details on CERN Computer Security, please consult http://cern.ch/security. I personally…   …am concerned about computer security. …run my computer with an anti-virus software and up-to-date signature files. …lock my computer screen whenever I leave my office. …have chosen a reasonably complex password. …have restricted access to all my files and data. …am aware of the security risks and threats to CERN’s computing facilities. &hell...

  7. Secure PVM

    Energy Technology Data Exchange (ETDEWEB)

    Dunigan, T.H.; Venugopal, N.

    1996-09-01

    This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user`s PVM application, or, optionally, security can be provided on a message-by message basis. Diffe-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.

  8. Junos Security

    CERN Document Server

    Cameron, Rob; Giecco, Patricio; Eberhard, Timothy; Quinn, James

    2010-01-01

    Junos® Security is the complete and authorized introduction to the new Juniper Networks SRX hardware series. This book not only provides a practical, hands-on field guide to deploying, configuring, and operating SRX, it also serves as a reference to help you prepare for any of the Junos Security Certification examinations offered by Juniper Networks. Network administrators and security professionals will learn how to use SRX Junos services gateways to address an array of enterprise data network requirements -- including IP routing, intrusion detection, attack mitigation, unified threat manag

  9. Network Security

    CERN Document Server

    Huang, Scott; Du, Ding-Zhu

    2010-01-01

    This book provides a reference tool for the increasing number of the scientists whose research is related to sensor network security. The book is organized into several sections, each including some chapters exploring a specific topic. Network security is attracting great attention and there are many research topics waiting to be studied. In this book, the topics covered include network design and modeling, network management, data management, security and applications. The aim, intent, and motivation of this book is to provide a reference tool for the increasing number of scientists whose res

  10. Computer security

    CERN Document Server

    Gollmann, Dieter

    2011-01-01

    A completely up-to-date resource on computer security Assuming no previous experience in the field of computer security, this must-have book walks you through the many essential aspects of this vast topic, from the newest advances in software and technology to the most recent information on Web applications security. This new edition includes sections on Windows NT, CORBA, and Java and discusses cross-site scripting and JavaScript hacking as well as SQL injection. Serving as a helpful introduction, this self-study guide is a wonderful starting point for examining the variety of competing sec

  11. 10 CFR 780.8 - Security.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 4 2010-01-01 2010-01-01 false Security. 780.8 Section 780.8 Energy DEPARTMENT OF ENERGY PATENT COMPENSATION BOARD REGULATIONS General Provisions § 780.8 Security. In any proceeding under this... the Act to assure compliance with Department security regulations and the common defense....

  12. Collective Security

    DEFF Research Database (Denmark)

    Galster, Kjeld

    Collective Security: National Egotism (Abstract) In Danish pre-World War I defence debate the notion of collective security is missing. During the early years of the 19th century, the political work is influenced by a pervasive feeling of rising tension and danger on the continent of Europe...... World War I it is not surprising that a salient feature of the defence debate is aversion against armed conflict. The Wilsonian agenda of a new system of collective security featuring prominently in the peace talks as well as in European debate generally does indeed have ramifications in Danish...... be implemented, the sooner the better. In order to accelerate peaceful development, and because their armed forces were seen rather as harmful than conducive to security, pacifist politicians believed that small states should set an example and disarm to a level just adequate for monitoring the borders so...

  13. European Security

    DEFF Research Database (Denmark)

    Møller, Bjørn

    Theoretical chapters on "Security", "Organisations" and "Regions," Historical Chapters on "Europe and Its Distinguishing Features" and on "The United Nations," "NATO," "The CSCE/OSCE and the Council of Europe" and "The European Union"......Theoretical chapters on "Security", "Organisations" and "Regions," Historical Chapters on "Europe and Its Distinguishing Features" and on "The United Nations," "NATO," "The CSCE/OSCE and the Council of Europe" and "The European Union"...

  14. Energy Security

    Institute of Scientific and Technical Information of China (English)

    2006-01-01

    With an increasing number of countries becoming industrialized, energy, the so-called blood of modern economies, is becoming increasingly important Energy security has become an important factor that directly influences world economic stability and international relations. In an article posted on People's Daily Online, Liu Jianfei, professor at the International Strategic Research Center of the Party School of the Central Committee of the Communist Party of China, shares his opinions on energy security.

  15. Secure portal.

    Energy Technology Data Exchange (ETDEWEB)

    Nelson, Cynthia Lee

    2007-09-01

    There is a need in security systems to rapidly and accurately grant access of authorized personnel to a secure facility while denying access to unauthorized personnel. In many cases this role is filled by security personnel, which can be very costly. Systems that can perform this role autonomously without sacrificing accuracy or speed of throughput are very appealing. To address the issue of autonomous facility access through the use of technology, the idea of a ''secure portal'' is introduced. A secure portal is a defined zone where state-of-the-art technology can be implemented to grant secure area access or to allow special privileges for an individual. Biometric technologies are of interest because they are generally more difficult to defeat than technologies such as badge swipe and keypad entry. The biometric technologies selected for this concept were facial and gait recognition. They were chosen since they require less user cooperation than other biometrics such as fingerprint, iris, and hand geometry and because they have the most potential for flexibility in deployment. The secure portal concept could be implemented within the boundaries of an entry area to a facility. As a person is approaching a badge and/or PIN portal, face and gait information can be gathered and processed. The biometric information could be fused for verification against the information that is gathered from the badge. This paper discusses a facial recognition technology that was developed for the purposes of providing high verification probabilities with low false alarm rates, which would be required of an autonomous entry control system. In particular, a 3-D facial recognition approach using Fisher Linear Discriminant Analysis is described. Gait recognition technology, based on Hidden Markov Models has been explored, but those results are not included in this paper. Fusion approaches for combining the results of the biometrics would be the next step in realizing

  16. Security an introduction

    CERN Document Server

    Purpura, Philip P

    2011-01-01

    Section I The History and Profession of SecurityDefinition, Role, and History of Security Security Defined The Contexts of Security The Roles of Security The History of Security Security in an Environment of Threats, Terrorism, and All-Hazards Threats and Hazards Terrorism National Strategies The Profession and Business of Security The Business of Security Professionalism and Security Associations Ethics Regulation of the Security Industry Security Training Higher Education Careers Section II Protecting People and AssetsSecurity Methodology Methodology Defined Security Business Proposals Secur

  17. Ethics and European security

    Energy Technology Data Exchange (ETDEWEB)

    Paskins, B.

    1986-01-01

    The alliance between the United States and her NATO partners has been strained severely in the last few years. American perceptions of European disloyalty and European impressions of American assertiveness and lack of judgment have played a large part in generating tensions between the allies and emphasising the new peace movements. This book is an attempt to develop a broader understanding of the problem of European security based on Christian ethics. There are disagreements and differences of emphasis among the contributors but they have in common the view that an exclusive preoccupation with the military dimension is damagingly one-sided. Instead the contributors argue that moral and theological concerns are a vital part of the politics and mechanics of European security and must be incorporated in any effort to devise new policies for security in Europe and the West.

  18. FOOD SECURITY

    Directory of Open Access Journals (Sweden)

    Dorina Ardelean

    2013-12-01

    Full Text Available The assurance of food security at the individual level doesn’t implicitly provide for the one at family level as the concepts of hunger, malnutrition and food insecurity are the steps of the same process of access restricted to a sufficient supply of food. In order to achieve food security at the individual level the following is necessary: ensuring food availability (production, reserve stocks; redistribution of food availability within the country or out through international exchanges; effective access of the population to purchase food consumer goods, by ensuring its effective demand as required. Food security of families (FFS is required for assuring individual food security (IFS, but it is not sufficient because the food available may be unevenly distributed between family members. National food security (NFS corresponds to the possibilities that different countries have to ensure both FFS and IFS without sacrificing other important objectives. Under the name of GAS is defined the global food security which represents permanent access for the entire population of the globe to the necessary food for a healthy and active life.

  19. Impact of Climate and Land Use Changes on Water and Food Security in Jordan: Implications for Transcending “The Tragedy of the Commonsâ€

    OpenAIRE

    Saeb Khresat; Mohammad R. Hamdan; Marwan Suifan; Ayman Suleiman; Mohammad Salahat; Jawad Taleb Al-Bakri; Tarek Kandakji

    2013-01-01

    This study investigates the impact of climate change and land use change on water resources and food security in Jordan. The country is dominated by arid climate with limited arable land and water resources, where the per capita share of water is less than 145 m 3 /year. The study focused on crop production and water resources under trends of anticipated climate change and population growth in the country. Remote sensing data were used to determine land use/cover changes and rates of urbaniza...

  20. Requirements of a Better Secure Program Coding

    Directory of Open Access Journals (Sweden)

    Marius POPA

    2012-01-01

    Full Text Available Secure program coding refers to how manage the risks determined by the security breaches because of the program source code. The papers reviews the best practices must be doing during the software development life cycle for secure software assurance, the methods and techniques used for a secure coding assurance, the most known and common vulnerabilities determined by a bad coding process and how the security risks are managed and mitigated. As a tool of the better secure program coding, the code review process is presented, together with objective measures for code review assurance and estimation of the effort for the code improvement.

  1. Quantitative security risk assessment of enterprise networks

    CERN Document Server

    Ou, Xinming

    2011-01-01

    Protection of enterprise networks from malicious intrusions is critical to the economy and security of our nation. This article gives an overview of the techniques and challenges for security risk analysis of enterprise networks. A standard model for security analysis will enable us to answer questions such as ""are we more secure than yesterday"" or ""how does the security of one network configuration compare with another one"". In this article, we will present a methodology for quantitative security risk analysis that is based on the model of attack graphs and the Common Vulnerability Scorin

  2. SSA FITARA Common Baseline Implementation Plan

    Data.gov (United States)

    Social Security Administration — This document describes the agency's plan to implement the Federal Information Technology Acquisition Reform Act (FITARA) Common Baseline per OMB memorandum M-15-14.

  3. Measuring the foundation of Homeland Security

    OpenAIRE

    Matthew, David A.

    2007-01-01

    CHDS State/Local This thesis provides a self-assessment tool to compel discussion concerning Homeland Security teamwork. Building on the research of others who have focused on collaboration and teamwork as essential for Homeland Security, it is proclaimed that teamwork is the foundation on which Homeland Security capabilities must be built. The purpose of this thesis is to define the components of teamwork amongst the local multidiscipline organizations with a common Homeland Security ...

  4. Data security.

    Science.gov (United States)

    2016-09-01

    A government-commissioned review of data security across health and care has led to the proposal of new standards for security and options for a consent/opt-out model. Standards include that all staff complete appropriate annual data security training and pass a mandatory test provided through the revised Information Governance Toolkit, that personal confidential data is only accessible to staff who need it for their current role, and that access is removed as soon as it is no longer required. The consent/opt-out model is outlined under 8 statements, and includes certain circumstances where it will not apply, for example, where there is an overriding public interest, or mandatory legal requirement.

  5. Data security.

    Science.gov (United States)

    2016-09-01

    A government-commissioned review of data security across health and care has led to the proposal of new standards for security and options for a consent/opt-out model. Standards include that all staff complete appropriate annual data security training and pass a mandatory test provided through the revised Information Governance Toolkit, that personal confidential data is only accessible to staff who need it for their current role, and that access is removed as soon as it is no longer required. The consent/opt-out model is outlined under 8 statements, and includes certain circumstances where it will not apply, for example, where there is an overriding public interest, or mandatory legal requirement. PMID:27581899

  6. Building the common

    DEFF Research Database (Denmark)

    Agustin, Oscar Garcia

    categories of immigrants) under the more general legal immigrant. The economic discourse defined the immigrant in terms of adequacy to the European labour market through metaphors and new categories (immigration profiles, circular migration, brain waste – opposite brain drain). The new EU narrative...... on migration as positive for economy (and demography) and its realistic acceptation (the immigration flows will not decrease) is partly based on its reduction to an economic (as legal) or security (as illegal) issue that can be managed with appropriate means....... document, A Common Immigration Policy for Europe: Principles, actions and tools (2008) as a part of Hague Programme (2004) on actions against terrorism, organised crime and migration and asylum management and influenced by the renewed Lisbon Strategy (2005-2010) for growth and jobs. My aim is to explore...

  7. Information Security

    NARCIS (Netherlands)

    Hartel, Pieter; Suryana Herman, Nanna; Leukfeldt, E.R.; Stol, W.Ph.

    2012-01-01

    Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is

  8. Arctic Security

    DEFF Research Database (Denmark)

    Wang, Nils

    2013-01-01

    of the general security situation and to identify both the explicit and the implicit agendas of the primary state actors. The region contains all the ingredients for confrontation and conflict but the economical potential for all the parties concerned creates a general interest in dialogue and cooperation...

  9. Energy security

    International Nuclear Information System (INIS)

    In the case of Cuba, energy security goes beyond the typical security framework of energy supply to encompass the economic blockade which affects Cuba's access to some markets for its traditional products and obstructs international credit options. Recent problems concerning security of national energy supply include: - Shortages of foreign exchange necessary for the purchase of fuel and spare parts, for new investments and for the implementation of programmes supporting the rational use of energy. - High dependence on imported energy, including oil and petroleum products. -Use of domestic crude oil, with energy performance slightly below that of the imported fuels it replaces, especially fuel oil. The main negative aspect is the high sulphur content, which has adverse operational and environmental effects. - Interruptions in energy services resulting from hurricanes and tropical storms, and from breakdowns and accidents related to the transport of fuels, especially coastal transport. The strategies employed to improve Cuba's energy security situation are based on: - Increased economic competitiveness; - Fuel conservation and rational use of energy; - Efficient exploration and use of oil and natural gas; - Development of renewable energy sources; - Legal and institutional support of activities in the energy sector; - Active involvement in the international arena focused on regional integration efforts and international forums related to technological, energy and environmental issues, and on strengthening bilateral alliances aimed at creating the necessary environment for trade, technological transfer and foreign investment for guaranteeing national energy supply

  10. Control E-commerce security

    OpenAIRE

    Wu, Yucheng

    2010-01-01

    Electronic commerce has been very popular in the recent years. However, security is one of the barriers, which affects the development of E-commerce. How should merchants of E-commerce solve this problem and maintain a secure environment for their customers? How do customers protect their confidential data when they are shopping on-line? This thesis discusses various common attacks, and presents the protection solutions according to those attacks. Because attacks may take place on the custome...

  11. Sino-EU Security Relations

    Institute of Scientific and Technical Information of China (English)

    Xia Liping

    2010-01-01

    @@ There are two levels of security relations between China and the EU.The first level is that of China and the EU as a whole.The second level is that between China and member states of the EU respectively.Because the Common Foreign and Security Policy of the EU is still in an initial phase,defense relations between China and the EU have mainly been at the second level.

  12. Security Systems Consideration: A Total Security Approach

    Science.gov (United States)

    Margariti, S. V.; Meletiou, G.; Stergiou, E.; Vasiliadis, D. C.; Rizos, G. E.

    2007-12-01

    The "safety" problem for protection systems is to determine in a given situation whether a subject can acquire a particular right to an object. Security and audit operation face the process of securing the application on computing and network environment; however, storage security has been somewhat overlooked due to other security solutions. This paper identifies issues for data security, threats and attacks, summarizes security concepts and relationships, and also describes storage security strategies. It concludes with recommended storage security plan for a total security solution.

  13. Opinions about Component Energetic Security

    OpenAIRE

    Elena GOLUMBEANU (GEORGESCU)

    2012-01-01

    Collective security (international) represent the morphological expression of individual security components. According to the Report presented at the United Nations Development Programme, collective security (international) as well as national security, is the expression of seven synergistic dimensions as follows: economic security, food security, environmental security, personal security, community security, political security and individual security. As part of economic security, energy an...

  14. A security architecture for health information networks.

    Science.gov (United States)

    Kailar, Rajashekar; Muralidhar, Vinod

    2007-10-11

    Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today's healthcare enterprise. Recent work on 'nationwide health information network' architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately.

  15. Zen and the art of information security

    CERN Document Server

    Winkler, Ira

    2007-01-01

    While security is generally perceived to be a complicated and expensive process, Zen and the Art of Information Security makes security understandable to the average person in a completely non-technical, concise, and entertaining format. Through the use of analogies and just plain common sense, readers see through the hype and become comfortable taking very simple actions to secure themselves. Even highly technical people have misperceptions about security concerns and will also benefit from Ira Winkler's experiences making security understandable to the business world. Mr. Winkler is one of the most popular and highly rated speakers in the field of security, and lectures to tens of thousands of people a year. Zen and the Art of Information Security is based on one of his most well received international presentations.

  16. Unconditionally Secure Quantum Signatures

    Directory of Open Access Journals (Sweden)

    Ryan Amiri

    2015-08-01

    Full Text Available Signature schemes, proposed in 1976 by Diffie and Hellman, have become ubiquitous across modern communications. They allow for the exchange of messages from one sender to multiple recipients, with the guarantees that messages cannot be forged or tampered with and that messages also can be forwarded from one recipient to another without compromising their validity. Signatures are different from, but no less important than encryption, which ensures the privacy of a message. Commonly used signature protocols—signatures based on the Rivest–Adleman–Shamir (RSA algorithm, the digital signature algorithm (DSA, and the elliptic curve digital signature algorithm (ECDSA—are only computationally secure, similar to public key encryption methods. In fact, since these rely on the difficulty of finding discrete logarithms or factoring large primes, it is known that they will become completely insecure with the emergence of quantum computers. We may therefore see a shift towards signature protocols that will remain secure even in a post-quantum world. Ideally, such schemes would provide unconditional or information-theoretic security. In this paper, we aim to provide an accessible and comprehensive review of existing unconditionally securesecure signature schemes for signing classical messages, with a focus on unconditionally secure quantum signature schemes.

  17. Computer Security: the security marathon

    CERN Multimedia

    Computer Security Team

    2014-01-01

    If you believe that “security” is a sprint, that a quick hack is invulnerable, that quick bug fixing is sufficient, that plugging security measures on top of existing structures is good, that once you are secure your life will be easy... then let me convince you otherwise.   An excellent example of this is when the summer students join us at CERN. As the summer period is short, software projects must be accomplished quickly, like a sprint. Rush, rush! But often, this sprint ends with aching muscles. Regularly, these summer students approach us to have their project or web server made visible to the Internet. Regularly, quick security reviews of those web servers diagnose severe underperformance with regards to security: the web applications are flawed or use insecure protocols; the employed software tools, databases or web frameworks are sub-optimal and not adequately chosen for that project; the operating system is non-standard and has never been brought up-to-date; and ...

  18. Information Security and Integrity Systems

    Science.gov (United States)

    1990-01-01

    Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

  19. Nuclear security

    International Nuclear Information System (INIS)

    This paper reports that despite an Executive Order limiting the authority to make original classification decisions to government officials, DOE has delegated this authority to a number of contractor employees. Although the number of original classification decisions made by these contractors is small, this neither negates nor diminishes the significance of the improper delegation of authority. If misclassification were to occur, particularly at the Top Secret level, U.S. national security interests could potentially be seriously affected and threatened. DOE's argument that the delegation of such authority is a long-standing policy and done on a selective basis does not legitimize the practice and does not relieve DOE of its responsibility to meet the requirements of the Executive Order. DOE needs to independently assess all original classification determinations made by contractors; otherwise, it cannot be sure that U.S. national security interests have been or are being adequately protected

  20. Password Security

    OpenAIRE

    Danuvasin Charoen

    2014-01-01

    This study investigates users’ behavior in password utilization. Good password practices are critical to the security of any information system. End users often use weak passwords that are short, simple, and based on personal and meaningful information that can be easily guessed. A survey was conducted among executive MBA students who hold managerial positions. The results of the survey indicate that users practice insecure behaviors in the utilization of passwords. The results support the li...

  1. Watermarking security

    OpenAIRE

    Furon, Teddy

    2016-01-01

    International audience This chapter deals with applications where watermarking is a security primitive included in a larger system protecting the value of multimedia content. In this context, there might exist dishonest users, in the sequel so-called attackers, willing to read/overwrite hidden messages or simply to remove the watermark signal.The goal of this section is to play the role of the attacker. We analyze means to deduce information about the watermarking technique that will later...

  2. Security system

    Science.gov (United States)

    Baumann, Mark J.; Kuca, Michal; Aragon, Mona L.

    2016-02-02

    A security system includes a structure having a structural surface. The structure is sized to contain an asset therein and configured to provide a forceful breaching delay. The structure has an opening formed therein to permit predetermined access to the asset contained within the structure. The structure includes intrusion detection features within or associated with the structure that are activated in response to at least a partial breach of the structure.

  3. Security studies

    International Nuclear Information System (INIS)

    Full text: Security studies constitute one of the major tools for evaluating the provisions implemented at facilities to protect and control Nuclear Material against unauthorized removal. Operators use security studies to demonstrate that they are complying with objectives set by the Competent Authority to counter internal or external acts aimed at unauthorized removal of NM. The paper presents the context of security studies carried out in France. The philosophy of these studies is based on a postulated unauthorized removal of NM and the study of the behavior of the systems implemented to control and protect NM in a facility. The potential unauthorized removal of NM usually may take place in two stages. The first stage involves the sequence leading to handling of the NM. It occurs inside the physical barriers of a facility and may include action involving the documents corresponding to Material Control and Accounting systems. At this stage it is possible to limit the risk of unauthorized removal of NM by means of detection capabilities of the MC and A systems. The second stage is more specific to theft and involves removing the NM out of the physical barriers of a facility in which they are being held, notably by affecting the Physical Protection System. Operators have to study, from a quantity and time lapse point of view, the ability of the installed systems to detect unauthorized removal, as well as the possibility of tampering with the systems to mask unlawful operations. Operators have also to analyze the sequences during which NM are accessed, removed from their containment and further removed from the facility in which they are stored. At each stage in the process, the probability of detection and the time taken to carry out the above actions have to be estimated. Of course, these two types of studies complement each other. Security studies have begun, in France, for more than fifteen years. Up to now more than fifty security studies are available in the

  4. Designing a Secure Point-of-Sale System

    DEFF Research Database (Denmark)

    Sharp, Robin; Pedersen, Allan; Hedegaard, Anders

    2006-01-01

    This paper describes some experiences with using the ''Common Criteria for Information Security Evaluation'' as the basis for a design methodology when designing secure systems. As an example, the design process for a Point-of-Sale (POS) system is described.......This paper describes some experiences with using the ''Common Criteria for Information Security Evaluation'' as the basis for a design methodology when designing secure systems. As an example, the design process for a Point-of-Sale (POS) system is described....

  5. Open information security management maturity model (O-ISM3)

    CERN Document Server

    2011-01-01

    The O-ISM3 standard focuses on the common processes of information security. It is technology-neutral, very practical and considers the business aspect in depth. This means that practitioners can use O-ISM3 with a wide variety of protection techniques used in the marketplace. In addition it supports common frameworks such as ISO 9000, ISO 27000, COBIT and ITIL. Covers: risk management, security controls, security management and how to translate business drivers into security objectives and targets

  6. Designing Dependable Service Oriented Web Services Security Architectures Solutions

    OpenAIRE

    M.Upendra Kumar; Dr.D.Sravan Kumar

    2010-01-01

    System Security Architecture from a software engineering viewpoint imposes that strong security must be a guiding principle of the entire software development process. It describes a way to weave security into systems architecture, and it identifies common patterns of implementation found in most security products. The security and software engineering communities must find ways to develop software correctly in a timely and cost-effective fashion. There’s no substitute for working software se...

  7. A Learning-Based Approach to Reactive Security

    OpenAIRE

    Barth, Adam; Rubinstein, Benjamin I. P.; Sundararajan, Mukund; Mitchell, John C.; Song, Dawn; Bartlett, Peter L.

    2009-01-01

    Despite the conventional wisdom that proactive security is superior to reactive security, we show that reactive security can be competitive with proactive security as long as the reactive defender learns from past attacks instead of myopically overreacting to the last attack. Our game-theoretic model follows common practice in the security literature by making worst-case assumptions about the attacker: we grant the attacker complete knowledge of the defender's strategy and do not require the ...

  8. Human Security

    OpenAIRE

    Mary Kaldor

    2012-01-01

    The essay poses the question whether the so-called Arab spring offers the potential to complete the 1989 revolutions. It first discusses what was hoped to be achieved in 1989, and it then argues that the post-1989 arrangements failed to prevent new security challenges from emerging. The Islamist threat came to play the role that the Communist threat had played to the West or the Western threat had played to the East. The essay then turns to the question on what needs to happen if current even...

  9. Network security

    CERN Document Server

    Perez, André

    2014-01-01

    This book introduces the security mechanisms deployed in Ethernet, Wireless-Fidelity (Wi-Fi), Internet Protocol (IP) and MultiProtocol Label Switching (MPLS) networks. These mechanisms are grouped throughout the book according to the following four functions: data protection, access control, network isolation, and data monitoring. Data protection is supplied by data confidentiality and integrity control services. Access control is provided by a third-party authentication service. Network isolation is supplied by the Virtual Private Network (VPN) service. Data monitoring consists of applying

  10. Asia’s New Security and China

    Institute of Scientific and Technical Information of China (English)

    Xia; Liping

    2014-01-01

    <正>Since the end of the cold war,China puts forward a series of new national security ideas with Chinese characteristics such as the"new security concept"and the goal of"building a harmonious world".In May 2014 at the Fourth Summit of Conference on Interaction and Confidence Building Measures in Asia(CICA Summit)held in Shanghai,Chinese President Xi Jinping explicitly put forward the Asian new security concept featured by"common,

  11. Design and security of small wireless network

    OpenAIRE

    Cikánek, Svatopluk

    2014-01-01

    This thesis deals with design and security of small wireless network. Main goal of the thesis is home network design and choice of optimal solution of wireless security. The thesis has four parts. The first part describes computer networks and network components in theory. Next part deals with network design, choosing of network components and setting of them. It also describes some functionalities of alternative firmware DD-WRT. The third part presents common wireless security and network an...

  12. Cyber Security Audit and Attack Detection Toolkit

    Energy Technology Data Exchange (ETDEWEB)

    Peterson, Dale

    2012-05-31

    This goal of this project was to develop cyber security audit and attack detection tools for industrial control systems (ICS). Digital Bond developed and released a tool named Bandolier that audits ICS components commonly used in the energy sector against an optimal security configuration. The Portaledge Project developed a capability for the PI Historian, the most widely used Historian in the energy sector, to aggregate security events and detect cyber attacks.

  13. Security Protocol Design: A Case Study Using Key Distribution Protocols

    Directory of Open Access Journals (Sweden)

    Reiner Dojen

    2009-10-01

    Full Text Available Nowadays security protocols are a key component in providing security services for fixed and mobile networks. These services include data confidentiality, radio link encryption, message integrity, mobile subscriber authentication, electronic payment, certified e-mail, contract signing and nonrepudiation. This paper is concerned with design of effective security protocols. Security protocols are introduced and some common attacks against security protocols are discussed. The vulnerabilities that lead to theattacks are analyzed and guidelines for effective security protocol design are proposed. The presented guidelines are applied to the Andrew Secure RPC protocol and its adapted versions. It is demonstrated that compliance with the guidelines successfully avoidsfreshness and parallel session attacks.

  14. PayPal Transactions Security

    OpenAIRE

    Razvan Toader

    2014-01-01

    Recent threads to prominent organizations and companies have greatly increased the need for information security. Many measures have been designed and developed to guard against threats from outsider attacks. Technologies are actively implemented to prohibit such attacks that could actively prohibit rogue connections. In this paper, common vulnerabilities for PayPal transactions identified as well as solutions for defending against them.

  15. Advance Achieved for Global Secure Quantum Communication

    Institute of Scientific and Technical Information of China (English)

    2005-01-01

    @@ In today's Information Age, the protection of information is of .critical importance for national security, business firms, and private individuals. The common long-distance communication technology is poor in keeping privacy as it is vulnerable to eavesdropping. Quantum cryptography, a new approach to communication based on certain phenomena of quantum physics, is considered the absolute secure method in this regard.

  16. The SADC as a Security Community

    DEFF Research Database (Denmark)

    Mandrup, Thomas

    2008-01-01

    conflict in the DRC and the political crisis in Swaziland and Zimbabwe indicate that SADC is not going to transform itself into a security community, but will remain an association. This article scrutinises the security cooperation and integration in SADC and asks whether the apparent lack of common values...

  17. The executive MBA in information security

    CERN Document Server

    Trinckes, John J

    2009-01-01

    Supplying a complete overview of the concepts executives need to know, this book provides the tools needed to ensure your organization has an effective information security management program in place. It also includes a ready-to use security framework for developing workable programs and supplies proven tips for avoiding common pitfalls.

  18. Information security fundamentals

    CERN Document Server

    Peltier, Thomas R

    2013-01-01

    Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise's effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.The book examines the elements of computer security, employee roles and r

  19. SECURITY CHALLENGESASA FACTOR AFFECTINGTHE SECURITY OFMANET: ATTACKS, AND SECURITY SOLUTIONS

    OpenAIRE

    Dr.Nabeel Zanoon; Dr.Nashat Albdour; Dr.Hatem S. A. Hamatta; RashaMoh'd Al-Tarawneh

    2015-01-01

    The Ad Hoc mobile network (MANET) is a wireless network with properties which may constitute challenges and weaknesses before the security progress in MANET network. It causes weakness in security, which leads to increased attacks on MANET. In this paper the challenges and attacks likely to threaten MANET will be investigated. As a corollary, security solutions will be discussed, the relationship between them will be concluded and architectural security solutions in MANET will beproposed.

  20. SECURITY CHALLENGESASA FACTOR AFFECTINGTHE SECURITY OFMANET: ATTACKS, AND SECURITY SOLUTIONS

    Directory of Open Access Journals (Sweden)

    Dr.Nabeel Zanoon

    2015-06-01

    Full Text Available The Ad Hoc mobile network (MANET is a wireless network with properties which may constitute challenges and weaknesses before the security progress in MANET network. It causes weakness in security, which leads to increased attacks on MANET. In this paper the challenges and attacks likely to threaten MANET will be investigated. As a corollary, security solutions will be discussed, the relationship between them will be concluded and architectural security solutions in MANET will beproposed.

  1. Computer Security: the security marathon, part 2

    CERN Multimedia

    Computer Security Team

    2014-01-01

    Do you recall our latest article on the “Security Marathon” (see here) and why it’s wrong to believe that computer security is a sprint, that a quick hack is invulnerable, that quick bug-fixing is sufficient, that plugging security measures on top of existing structures is a good idea, that once you are secure, your life is cosy?   In fact, security is a marathon for us too. Again and again, we have felt comfortable with the security situation at CERN, with dedicated protections deployed on individual hosts, with the security measures deployed by individual service managers, with the attentiveness and vigilance of our users, and with the responsiveness of the Management. Again and again, however, we subsequently detect or receive reports that this is wrong, that protections are incomplete, that security measures are incomplete, that security awareness has dropped. Thus, unfortunately, we often have to go back to square one and address similar issues over and over...

  2. Securing mobile code.

    Energy Technology Data Exchange (ETDEWEB)

    Link, Hamilton E.; Schroeppel, Richard Crabtree; Neumann, William Douglas; Campbell, Philip LaRoche; Beaver, Cheryl Lynn; Pierson, Lyndon George; Anderson, William Erik

    2004-10-01

    If software is designed so that the software can issue functions that will move that software from one computing platform to another, then the software is said to be 'mobile'. There are two general areas of security problems associated with mobile code. The 'secure host' problem involves protecting the host from malicious mobile code. The 'secure mobile code' problem, on the other hand, involves protecting the code from malicious hosts. This report focuses on the latter problem. We have found three distinct camps of opinions regarding how to secure mobile code. There are those who believe special distributed hardware is necessary, those who believe special distributed software is necessary, and those who believe neither is necessary. We examine all three camps, with a focus on the third. In the distributed software camp we examine some commonly proposed techniques including Java, D'Agents and Flask. For the specialized hardware camp, we propose a cryptographic technique for 'tamper-proofing' code over a large portion of the software/hardware life cycle by careful modification of current architectures. This method culminates by decrypting/authenticating each instruction within a physically protected CPU, thereby protecting against subversion by malicious code. Our main focus is on the camp that believes that neither specialized software nor hardware is necessary. We concentrate on methods of code obfuscation to render an entire program or a data segment on which a program depends incomprehensible. The hope is to prevent or at least slow down reverse engineering efforts and to prevent goal-oriented attacks on the software and execution. The field of obfuscation is still in a state of development with the central problem being the lack of a basis for evaluating the protection schemes. We give a brief introduction to some of the main ideas in the field, followed by an in depth analysis of a technique called &apos

  3. Security Administrator Street Smarts A Real World Guide to CompTIA Security+ Skills

    CERN Document Server

    Miller, David R

    2011-01-01

    A step-by-step guide to the tasks involved in security administration If you aspire to a career in security administration, one of your greatest challenges will be gaining hands-on experience. This book takes you through the most common security admin tasks step by step, showing you the way around many of the roadblocks you can expect on the job. It offers a variety of scenarios in each phase of the security administrator's job, giving you the confidence of first-hand experience. In addition, this is an ideal complement to the brand-new, bestselling CompTIA Security+ Study Guide, 5th Edition o

  4. Information Systems Security Audit

    OpenAIRE

    Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

    2007-01-01

    The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  5. Security for grids

    Energy Technology Data Exchange (ETDEWEB)

    Humphrey, Marty; Thompson, Mary R.; Jackson, Keith R.

    2005-08-14

    Securing a Grid environment presents a distinctive set of challenges. This paper groups the activities that need to be secured into four categories: naming and authentication; secure communication; trust, policy, and authorization; and enforcement of access control. It examines the current state of the art in securing these processes and introduces new technologies that promise to meet the security requirements of Grids more completely.

  6. Information Systems Security Audit

    Directory of Open Access Journals (Sweden)

    Gheorghe Popescu

    2007-12-01

    Full Text Available The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  7. Information security management handbook, v.7

    CERN Document Server

    O'Hanley, Richard

    2013-01-01

    Updated annually, the Information Security Management Handbook, Sixth Edition, Volume 7 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations. Reporting on the latest developments in information security and recent changes to the (ISC)2(R) CISSP Common Body of Knowledge (CBK(R)), this volume features 27 new chapters on topics

  8. Software To Secure Distributed Propulsion Simulations

    Science.gov (United States)

    Blaser, Tammy M.

    2003-01-01

    Distributed-object computing systems are presented with many security threats, including network eavesdropping, message tampering, and communications middleware masquerading. NASA Glenn Research Center, and its industry partners, has taken an active role in mitigating the security threats associated with developing and operating their proprietary aerospace propulsion simulations. In particular, they are developing a collaborative Common Object Request Broker Architecture (CORBA) Security (CORBASec) test bed to secure their distributed aerospace propulsion simulations. Glenn has been working with its aerospace propulsion industry partners to deploy the Numerical Propulsion System Simulation (NPSS) object-based technology. NPSS is a program focused on reducing the cost and time in developing aerospace propulsion engines

  9. Analysis on mechanism of land resource security

    Institute of Scientific and Technical Information of China (English)

    2008-01-01

    This paper probes into the relationship among individual benefits, benefits of the country, common benefits of all humans in land use and land resource security. The following balanced land use model is proposed: the harmonious and interactive relationship between man and nature, two main bodies of land ecological system, constitutes the mechanism of land resources security. The feedback relationship between man and nature is the basis for the land resources security and the core is the relationship among people established for the benefit equilibrium in land use. The conflicts, in land use stem from the rarity of land resource and the solution to those conflicts in harmony helps land resource security.

  10. Building Secure Networked Systems with Code Attestation

    Science.gov (United States)

    Perrig, Adrian

    Attestation is a promising approach for building secure systems. The recent development of a Trusted Platform Module (TPM) by the Trusted Computing Group (TCG) that is starting to be deployed in common laptop and desktop platforms is fueling research in attestation mechanisms. In this talk, we will present approaches on how to build secure systems with advanced TPM architectures. In particular, we have designed an approach for fine-grained attestation that enables the design of efficient secure distributed systems, and other network protocols.We demonstrate this approach by designing a secure routing protocol.

  11. Motorola Secure Software Development Model

    Directory of Open Access Journals (Sweden)

    Francis Mahendran

    2008-08-01

    Full Text Available In today's world, the key to meeting the demand for improved security is to implement repeatable processes that reliably deliver measurably improved security. While many organizations have announced efforts to institutionalize a secure software development process, there is little or no industry acceptance for a common process improvement framework for secure software development. Motorola has taken the initiative to develop such a framework, and plans to share this with the Software Engineering Institute for possible inclusion into its Capability Maturity Model Integration (CMMI®. This paper will go into the details of how Motorola is addressing this issue. The model that is being developed is designed as an extension of the existing CMMI structure. The assumption is that the audience will have a basic understanding of the SEI CMM® / CMMI® process framework. The paper will not describe implementation details of a security process model or improvement framework, but will address WHAT security practices are required for a company with many organizations operating at different maturity levels. It is left to the implementing organization to answer the HOW, WHEN, WHO and WHERE aspects. The paper will discuss how the model is being implemented in the Motorola Software Group.

  12. Conducting an information security audit

    Directory of Open Access Journals (Sweden)

    Prof. Ph.D . Gheorghe Popescu

    2008-05-01

    Full Text Available The rapid and dramatic advances in information technology (IT in recent years have withoutquestion generated tremendous benefits. At the same time, information technology has created significant,nunprecedented risks to government and to entities operations. So, computer security has become muchmore important as all levels of government and entities utilize information systems security measures toavoid data tampering, fraud, disruptions in critical operations, and inappropriate disclosure of sensitiveinformation. Obviously, uses of computer security become essential in minimizing the risk of malicious attacksfrom individuals and groups, considering that there are many current computer systems with onlylimited security precautions in place.As we already know financial audits are the most common examinations that a business manager en-counters.This is a familiar area for most executives: they know that financial auditors are going to examine the financial records and how those records are used. They may even be familiar with physical securityaudits. However, they are unlikely to be acquainted with information security audits; that is an audit ofhow the confidentiality, availability and integrity of an organization’s information are assured. Any way,if not, they should be, especially that an information security audit is one of the best ways to determine thesecurity of an organization’s information without incurring the cost and other associated damages of a securityincident.

  13. Transforming Homeland Security [video

    OpenAIRE

    McIntyre, David; Center for Homeland Defense and Security Naval Postgraduate School

    2011-01-01

    A pioneer in homeland security, and homeland security education, David McIntyre discusses the complexities in transforming homeland security from a national program in its inception, to also include state and local agencies and other public and private parties.

  14. Social Security Administration

    Science.gov (United States)

    ... Languages Sign in / up The United States Social Security Administration Cost-Of-Living Adjustment (COLA) Information about ... replacement Medicare card Change of Address my Social Security Check out your Social Security Statement , change your ...

  15. Transportation Security Administration

    Science.gov (United States)

    ... content Official website of the Department of Homeland Security Transportation Security Administration A - Z Index What Can I Bring? Search form Apples Main menu Administrator Travel Security Screening Special Procedures TSA Pre✓® Passenger Support Travel ...

  16. Security and Security Complex: Operational Concepts

    OpenAIRE

    Luis Tomé

    2010-01-01

    Security is one of the most ambiguous, contested, and debated ideas in the conceptual framework of international relations. The "traditional" perspective has been severely contested as new approaches develop, and the concept of security has been reworked in all its fundamental components and dimensions, from object and reference to range and security instruments. Likewise, the discussion over the definition and characterization of international security systems, namely regarding competitive s...

  17. Information Security Maturity Model

    OpenAIRE

    Information Security Maturity Model

    2011-01-01

    To ensure security, it is important to build-in security in both the planning and the design phases andadapt a security architecture which makes sure that regular and security related tasks, are deployedcorrectly. Security requirements must be linked to the business goals. We identified four domains thataffect security at an organization namely, organization governance, organizational culture, thearchitecture of the systems, and service management. In order to identify and explore the strengt...

  18. Security Testing: A Survey

    OpenAIRE

    Felderer, M.; Büchlein, M.; Johns, M; Brucker, A.D.; Breu, R.; Pretschner, A.

    2015-01-01

    Identifying vulnerabilities and ensuring security functionality by security testing is a widely applied measure to evaluate and improve the security of software. Due to the openness of modern software-based systems, applying appropriate security testing techniques is of growing importance and essential to perform effective and efficient security testing. Therefore, an overview of actual security testing techniques is of high value both for researchers to evaluate and refine the techniques and...

  19. Foundational aspects of security

    DEFF Research Database (Denmark)

    Chatzikokolakis, Konstantinos; Mödersheim, Sebastian Alexander; Palamidessi, Catuscia;

    2014-01-01

    This Special Issue of the Journal of Computer Security focuses on foundational aspects of security, which in recent years have helped change much of the way we think about and approach system security.......This Special Issue of the Journal of Computer Security focuses on foundational aspects of security, which in recent years have helped change much of the way we think about and approach system security....

  20. Security Aspects of an Enterprise-Wide Network Architecture.

    Science.gov (United States)

    Loew, Robert; Stengel, Ingo; Bleimann, Udo; McDonald, Aidan

    1999-01-01

    Presents an overview of two projects that concern local area networks and the common point between networks as they relate to network security. Discusses security architectures based on firewall components, packet filters, application gateways, security-management components, an intranet solution, user registration by Web form, and requests for…

  1. Secure Clustering in Vehicular Ad Hoc Networks

    Directory of Open Access Journals (Sweden)

    Zainab Nayyar

    2015-09-01

    Full Text Available A vehicular Ad-hoc network is composed of moving cars as nodes without any infrastructure. Nodes self-organize to form a network over radio links. Security issues are commonly observed in vehicular ad hoc networks; like authentication and authorization issues. Secure Clustering plays a significant role in VANETs. In recent years, various secure clustering techniques with distinguishing feature have been newly proposed. In order to provide a comprehensive understanding of these techniques are designed for VANETs and pave the way for the further research, a survey of the secure clustering techniques is discussed in detail in this paper. Qualitatively, as a result of highlighting various techniques of secure clustering certain conclusions are drawn which will enhance the availability and security of vehicular ad hoc networks. Nodes present in the clusters will work more efficiently and the message passing within the nodes will also get more authenticated from the cluster heads.

  2. Incorporating User-oriented Security into CC

    DEFF Research Database (Denmark)

    Sharp, Robin

    2009-01-01

    in an environment which contains not only other computer systems, but also human users. A case study involving the design of a secure medical instrumentation system will be used to illustrate the problems involved in incorporating user requirements into a secure design, so that system, when implemented, will help......Current versions of the Common Criteria concentrate very heavily on technical security issues which are relevant for the design of secure systems. This approach largely ignores a number of questions which can have great significance for whether or not the system can be operated securely...... users to understand whether they are operating the system in a secure manner, thus avoiding user-related pitfalls such as leaking of confidential data as a result of inappropriate input, loss of patient privacy, inappropriate user reactions due to slow system response, or other similar threats...

  3. Security Technologies for Open Networking Environments (STONE)

    Energy Technology Data Exchange (ETDEWEB)

    Muftic, Sead

    2005-03-31

    -domain scenarios is supported by a set of security engines that represent the core of the Federated Identities Management Server, which is also an extension of the Domain Security Server. The Federated Identity Management server allows users to federate their identities or terminate the federation between the service provider and the identity provider. At the service provider web site, the users are offered a list of identity providers to which they can choose to federate their identities. After users federate their identity, they can perform Single Sign-On protocol in an environment of federated domains. The group security system consists of a number of security technologies under a unified architecture, which supports creation of secure groups and execution of secure group transactions and applications in an open networking environment. The system is based on extensions of the GSAKMP standard for group key distribution and management. The Top layer is the Security Infrastructure with the Security Management and Administration System components and protocols that provide security functions common to all secure network applications The Middle layer is the Secure Group Protocols and Applications layer, consisting of the Policy and Group Key Distribution Server and Web-based (thin) Client. The Bottom layer is the supporting Middleware Security Platform, the cryptographic platform already described above. The group security system is designed to perform the functions necessary to create secure groups and enable secure group applications. Specifically, the system can manage group roles, create and disseminate a group security policy, perform authentication and authorization of users using PKI certificates and Web services security, generate group keys, and recover from compromises. In accordance with the GSAKMP standard, the group security system must perform all the required group life-cycle functions: group definition, group establishment, group maintenance, and group removal. The

  4. Redefining security.

    Science.gov (United States)

    Mathews, J T

    1989-01-01

    The concept of US national security was redefined in the 1970s to include international economics, and lately environmental degradation has also become a factor, as pollution transcends boundaries. By 2100 another 5-6 billion people may be added to the world's population requiring dramatic production and technology transformation with the resultant expanded energy use, emissions, and waste impacting the ecosystem. Climate change through global warming is in the offing. The exponential growth of the population in the developing world poses a crucial challenge for food production, housing, and employment. At a 1% growth rate population doubles in 72 years, while at 3% it doubles in 24 years. Africa's growth rate is almost 3%, it is close to 2% in Latin America, and it is somewhat less in Asia. Renewable resources such as overfished fishing grounds can become nonrenewable, and vanished species can never be resurrected. Deforestation leads to soil erosion, damage to water resources through floods and silting of irrigation networks, and accelerated loss of species. 20% of species could disappear by 2000 thereby losing genetic resources for chemicals, drugs, and food sources. Overcultivation has caused major erosion and decline of agricultural productivity in Haiti, Guatemala, Turkey, and India. Lopsided land ownership in Latin America requires land reform for sustainable agricultural production in the face of the majority of people cultivating plots for bare subsistence. Human practices that have caused environmental damage include concessions granted to logging companies in the Philippines, mismanagement of natural resources in sub-Saharan Africa, the ozone hole, and the greenhouse effect with potential climate changes. Solutions include family planning, efficient energy use, sustainable agroforestry techniques, and environmental accounting of goods and services.

  5. Tele-Lab IT-Security: an Architecture for an online virtual IT Security Lab

    OpenAIRE

    Christoph Meinel; Christian Willems

    2008-01-01

    Recently, Awareness Creation in terms of IT security has become a big thing – not only for enterprises. Campaigns for pupils try to highlight the importance of IT security even in the user’s early years. Common practices in security education – as seen in computer science courses at universities – mainly consist of literature and lecturing. In the best case, the teaching facility offers practical courses in a dedicated isolated computer lab. Additionally, th...

  6. Security 2020 Reduce Security Risks This Decade

    CERN Document Server

    Howard, Doug; Schneier, Bruce

    2010-01-01

    Identify real security risks and skip the hype After years of focusing on IT security, we find that hackers are as active and effective as ever. This book gives application developers, networking and security professionals, those that create standards, and CIOs a straightforward look at the reality of today's IT security and a sobering forecast of what to expect in the next decade. It debunks the media hype and unnecessary concerns while focusing on the knowledge you need to combat and prioritize the actual risks of today and beyond.IT security needs are constantly evolving; this guide examine

  7. The corporate security professional

    DEFF Research Database (Denmark)

    Petersen, Karen Lund

    2013-01-01

    In our age of globalization and complex threat environments, every business is called upon to manage security. This tendency is reflected in the fact that a wide range of businesses increasingly think about security in broad terms and strive to translate national security concerns into corporate...... speech. This article argues that the profession of the security manager has become central for understanding how the relationship between national and corporate security is currently negotiated. The national security background of most private sector security managers makes the corporate security...... professional inside the company a powerful hybrid agent. By zooming in on the profession and the practice of national security inside companies, the article raises questions about where to draw the line between corporate security and national security along with the political consequences of the constitution...

  8. A Secure Electronic Transaction Payment Protocol Design and Implementation

    OpenAIRE

    Houssam El Ismaili; Hanane Houmani; Hicham Madroumi

    2014-01-01

    Electronic payment is the very important step of the electronic business system, and its security must be ensured. SSL/TLS and SET are two widely discussed means of securing online credit card payments. Because of implementation issues, SET has not really been adopted by e-commerce participants, whereas, despite the fact that it does not address all security issues, SSL/TLS is commonly used for Internet e-commerce security. The three-domain (3D) security schemes, including 3-D Secure and 3D S...

  9. Macro Security Methodology for Conducting Facility Security and Sustainability Assessments

    International Nuclear Information System (INIS)

    Pacific Northwest National Laboratory (PNNL) has developed a macro security strategy that not only addresses traditional physical protection systems, but also focuses on sustainability as part of the security assessment and management process. This approach is designed to meet the needs of virtually any industry or environment requiring critical asset protection. PNNL has successfully demonstrated the utility of this macro security strategy through its support to the NNSA Office of Global Threat Reduction implementing security upgrades at international facilities possessing high activity radioactive sources that could be used in the assembly of a radiological dispersal device, commonly referred to as a 'dirty bomb'. Traditional vulnerability assessments provide a snap shot in time of the effectiveness of a physical protection system without significant consideration to the sustainability of the component elements that make up the system. This paper describes the approach and tools used to integrate technology, plans and procedures, training, and sustainability into a simple, quick, and easy-to-use security assessment and management tool.

  10. Special Report: Key Issues from the UAPI Continental Security Conference

    OpenAIRE

    Supinski, Stanley; Treglia, Philip; Cayson, Donna; Burkett, Jeffrey

    2011-01-01

    This article appeared in Homeland Security Affairs (June 2011), v.7 no. 15 The University and Agency Partnership Initiative (UAPI) of the Center for Homeland Defense and Security conducted its first ever Continental Security Conference (CSC) on December 7/8, 2010 in Colorado Springs. The event brought together participants from Canada, Mexico, and the United States, and focused on common security issues of interest to all three nations with an emphasis on academic perspectives and contribu...

  11. CC-based Design of Secure Application Systems

    DEFF Research Database (Denmark)

    Sharp, Robin

    2009-01-01

    This paper describes some experiences with using the Common Criteria for Information Security Evaluation as the basis for a design methodology for secure application systems. The examples considered include a Point-of-Sale (POS) system, a wind turbine park monitoring and control system and a secure...... an effective and secure design, starting with the formulation of a Protection Profile and ending with a concrete design, within the project timeframe....

  12. Common Privacy Myths

    Science.gov (United States)

    ... home > privacy + phrs > common privacy myths Common Privacy Myths With the new federal laws protecting the privacy ... are the truths to some of the common myths: Health information cannot be faxed – FALSE Your information ...

  13. Common Control System Vulnerability

    Energy Technology Data Exchange (ETDEWEB)

    Trent Nelson

    2005-12-01

    The Control Systems Security Program and other programs within the Idaho National Laboratory have discovered a vulnerability common to control systems in all sectors that allows an attacker to penetrate most control systems, spoof the operator, and gain full control of targeted system elements. This vulnerability has been identified on several systems that have been evaluated at INL, and in each case a 100% success rate of completing the attack paths that lead to full system compromise was observed. Since these systems are employed in multiple critical infrastructure sectors, this vulnerability is deemed common to control systems in all sectors. Modern control systems architectures can be considered analogous to today's information networks, and as such are usually approached by attackers using a common attack methodology to penetrate deeper and deeper into the network. This approach often is composed of several phases, including gaining access to the control network, reconnaissance, profiling of vulnerabilities, launching attacks, escalating privilege, maintaining access, and obscuring or removing information that indicates that an intruder was on the system. With irrefutable proof that an external attack can lead to a compromise of a computing resource on the organization's business local area network (LAN), access to the control network is usually considered the first phase in the attack plan. Once the attacker gains access to the control network through direct connections and/or the business LAN, the second phase of reconnaissance begins with traffic analysis within the control domain. Thus, the communications between the workstations and the field device controllers can be monitored and evaluated, allowing an attacker to capture, analyze, and evaluate the commands sent among the control equipment. Through manipulation of the communication protocols of control systems (a process generally referred to as ''reverse engineering''), an

  14. Untangle network security

    CERN Document Server

    El-Bawab, Abd El-Monem A

    2014-01-01

    If you are a security engineer or a system administrator and want to secure your server infrastructure with the feature-rich Untangle, this book is for you. For individuals who want to start their career in the network security field, this book would serve as a perfect companion to learn the basics of network security and how to implement it using Untangle NGFW.

  15. Practical Computer Security through Cryptography

    Science.gov (United States)

    McNab, David; Twetev, David (Technical Monitor)

    1998-01-01

    The core protocols upon which the Internet was built are insecure. Weak authentication and the lack of low level encryption services introduce vulnerabilities that propagate upwards in the network stack. Using statistics based on CERT/CC Internet security incident reports, the relative likelihood of attacks via these vulnerabilities is analyzed. The primary conclusion is that the standard UNIX BSD-based authentication system is by far the most commonly exploited weakness. Encryption of Sensitive password data and the adoption of cryptographically-based authentication protocols can greatly reduce these vulnerabilities. Basic cryptographic terminology and techniques are presented, with attention focused on the ways in which technology such as encryption and digital signatures can be used to protect against the most commonly exploited vulnerabilities. A survey of contemporary security software demonstrates that tools based on cryptographic techniques, such as Kerberos, ssh, and PGP, are readily available and effectively close many of the most serious security holes. Nine practical recommendations for improving security are described.

  16. 17 CFR 256.201 - Common stock issued.

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Common stock issued. 256.201... COMPANY ACT OF 1935 Liabilities and Other Credit Accounts § 256.201 Common stock issued. This account shall include the par or stated value of all common capital stock issued and outstanding....

  17. Security of Patched DNS

    CERN Document Server

    Herzberg, Amir

    2012-01-01

    In spite of the availability of DNSSEC, which protects against cache poisoning even by MitM attackers, many caching DNS resolvers still rely for their security against poisoning on merely validating that DNS responses contain some 'unpredictable' values, copied from the re- quest. These values include the 16 bit identifier field, and other fields, randomised and validated by different 'patches' to DNS. We investigate the prominent patches, and show how attackers can circumvent all of them, namely: - We show how attackers can circumvent source port randomisation, in the (common) case where the resolver connects to the Internet via different NAT devices. - We show how attackers can circumvent IP address randomisation, using some (standard-conforming) resolvers. - We show how attackers can circumvent query randomisation, including both randomisation by prepending a random nonce and case randomisation (0x20 encoding). We present countermeasures preventing our attacks; however, we believe that our attacks provide ...

  18. Professional Cocoa Application Security

    CERN Document Server

    Lee, Graham J

    2010-01-01

    The first comprehensive security resource for Mac and iPhone developers. The Mac platform is legendary for security, but consequently, Apple developers have little appropriate security information available to help them assure that their applications are equally secure. This Wrox guide provides the first comprehensive go-to resource for Apple developers on the available frameworks and features that support secure application development.: While Macs are noted for security, developers still need to design applications for the Mac and the iPhone with security in mind; this guide offers the first

  19. IAEA nuclear security program

    Energy Technology Data Exchange (ETDEWEB)

    Ek, D. [International Atomic Energy Agency, Vienna (Austria)

    2006-07-01

    Although nuclear security is a State responsibility, it is nevertheless an international concern, as the consequences of a nuclear security incident would have worldwide impact. These concerns have resulted in the development of numerous international instruments on nuclear security since the terrorist events in the USA on September 11, 2001. The IAEA Office of Nuclear Security has been charged to assist Member States to improvement their nuclear security and to meet the intent of these international obligations in order to ensure a cohesive thread of nuclear security protects the global community. The programs underway and planned by the Office of Nuclear Security will be discussed in this paper. (author)

  20. Survey of information security

    Institute of Scientific and Technical Information of China (English)

    SHEN ChangXiang; ZHANG HuangGuo; FENG DengGuo; CAO ZhenFu; HUANG JiWu

    2007-01-01

    The 21st century is the age of information when information becomes an important strategic resource. The information obtaining, processing and security guarantee capability are playing critical roles in comprehensive national power, and information security is related to the national security and social stability. Therefore, we should take measures to ensure the information security of our country. In recent years, momentous accomplishments have been obtained with the rapid development of jnformation security technology. There are extensive theories about information security and technology. However, due to the limitation of length, this article mainly focuses on the research and development of cryptology, trusted computing, security of network, and information hiding, etc.

  1. Cyber Security and Resilient Systems

    Energy Technology Data Exchange (ETDEWEB)

    Robert S. Anderson

    2009-07-01

    The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

  2. Hybrid-secure MPC 

    DEFF Research Database (Denmark)

    Lucas, Christoph; Raub, Dominik; Maurer, Ueli

    2010-01-01

    Most protocols for distributed, fault-tolerant computation, or multi-party computation (MPC), provide security guarantees in an all-or-nothing fashion. In contrast, a hybrid-secure protocol provides different security guarantees depending on the set of corrupted parties and the computational power...... of the adversary, without being aware of the actual adversarial setting. Thus, hybrid-secure MPC protocols allow for graceful degradation of security. We present a hybrid-secure MPC protocol that provides an optimal trade-off between IT robustness and computational privacy: For any robustness parameter ρ ... obtain one MPC protocol that is simultaneously IT secure with robustness for up to t ≤ ρ actively corrupted parties, IT secure with fairness (no robustness) for up to t secure with agreement on abort (privacy and correctness only) for up to t secure...

  3. Network Security Scanner

    OpenAIRE

    G. MURALI; M.Pranavi; Y.Navateja; K. Bhargavi

    2011-01-01

    Network Security Scanner (NSS) is a tool that allows auditing and monitoring remote network computers for possible vulnerabilities, checks your network for all potential methods that a hacker might use to attack it. Network Security Scanner is a complete networking utilities package that includes a wide range of tools for network security auditing, vulnerability Auditing, scanning, monitoring and more. Network Security Scanner (NSS) is an easy to use, intuitive network security scanner that c...

  4. PayPal Transactions Security

    Directory of Open Access Journals (Sweden)

    Razvan Toader

    2014-12-01

    Full Text Available Recent threads to prominent organizations and companies have greatly increased the need for information security. Many measures have been designed and developed to guard against threats from outsider attacks. Technologies are actively implemented to prohibit such attacks that could actively prohibit rogue connections. In this paper, common vulnerabilities for PayPal transactions identified as well as solutions for defending against them.

  5. Combining security risk assessment and security testing

    OpenAIRE

    Großmann, Jürgen; Seehusen, Fredrik

    2014-01-01

    Complex networked systems have become an integral part of our supply infrastructure. Mobile devices, home automation, smart grids and even vehicles are connected via the Internet and becoming accessible and thus vulnerable to hacker attacks. While the number of security incidents drastically increases, we are more than ever dependent on a secure and mature ICT infrastructure. One of the keys to maintain such a secure and dependable infrastructure are mature, systematic and capable proactive m...

  6. A European Perspective on Security Research

    Science.gov (United States)

    Liem, Khoen; Hiller, Daniel; Castex, Christoph

    Tackling the complexity and interdependence of today's security environment in the globalized world of the 21st century is an everlasting challenge. Whereas the end of the Cold War presented a caesura of global dimension for the political and economic architecture and a realignment of power distribution and international relations between former adversaries, September 11th of 2001 may be seen as another caesura. Since then, specifically among countries of the Western hemisphere, traditional security paradigms and theories have been critically questioned and the different security cultures and perceptions have resulted in diverse security and defence policies as well as in security research efforts of individual countries. Consensus, it seems, exists on the question of what the threats are that our modern interconnected societies are facing. Whether looking at international terrorism, organized crime, climate change, the illegal trafficking of goods and people or naturally caused catastrophes, these phenomena all have in common that they are in most cases of transnational nature. Formerly existing dividing lines between internal and external security continue to fade, presenting an enormous challenge for those in charge of designing security policy and even more so for the various institutions safeguarding European security. That is why dissent often revolves around the question on how to get hold of these complex problems. Geographic location, cultural background, ethical make-up of society as well as relations with neighbouring countries are all important aspects to be considered when assessing the security culture and policy of individual countries.

  7. Managing Cisco network security

    CERN Document Server

    Knipp, Eric

    2002-01-01

    An in-depth knowledge of how to configure Cisco IP network security is a MUST for anyone working in today''s internetworked world"There''s no question that attacks on enterprise networks are increasing in frequency and sophistication..."-Mike Fuhrman, Cisco Systems Manager, Security ConsultingManaging Cisco Network Security, Second Edition offers updated and revised information covering many of Cisco''s security products that provide protection from threats, detection of network security incidents, measurement of vulnerability and policy compliance and management of security policy across an extended organization. These are the tools that network administrators have to mount defenses against threats. Chapters also cover the improved functionality and ease of the Cisco Secure Policy Manger software used by thousands of small-to-midsized businesses and a special section on the Cisco Aironet Wireless Security Solutions.Security from a real-world perspectiveKey coverage of the new technologies offered by the Cisc...

  8. ICT security management

    OpenAIRE

    Schreurs, Jeanne; Moreau, Rachel

    2008-01-01

    Security becomes more and more important and companies are aware that it has become a management problem. It’s critical to know what are the critical resources and processes of the company and their weaknesses. A security audit can be a handy solution. We have developed BEVA, a method to critically analyse the company and to uncover the weak spots in the security system. BEVA results also in a general security score and security scores for each security factor. These will be used in the risk ...

  9. Securing the Vista Environment

    CERN Document Server

    Gregory, Peter

    2007-01-01

    "Securing the Vista Environment" takes you on a quick tour of the most significant security features in Vista, Microsoft's first revision of Windows in almost six years. You'll get background on threats and vulnerabilities that will make you think differently about security. Security is more than just the technology and configurations--it's about how we use the system that makes it secure or not. Then we'll cover Vista's security features, from user privileges to Windows Defender, User Account Control, and BitLocker, as well as strategies for protecting your information from unwanted disclo

  10. Android apps security

    CERN Document Server

    Gunasekera, Sheran

    2012-01-01

    Android Apps Security provides guiding principles for how to best design and develop Android apps with security in mind. It explores concepts that can be used to secure apps and how developers can use and incorporate these security features into their apps. This book will provide developers with the information they need to design useful, high-performing, and secure apps that expose end-users to as little risk as possible.  Overview of Android OS versions, features, architecture and security.  Detailed examination of areas where attacks on applications can take place and what controls should b

  11. Hash Functions and Information Theoretic Security

    Science.gov (United States)

    Bagheri, Nasour; Knudsen, Lars R.; Naderi, Majid; Thomsen, Søren S.

    Information theoretic security is an important security notion in cryptography as it provides a true lower bound for attack complexities. However, in practice attacks often have a higher cost than the information theoretic bound. In this paper we study the relationship between information theoretic attack costs and real costs. We show that in the information theoretic model, many well-known and commonly used hash functions such as MD5 and SHA-256 fail to be preimage resistant.

  12. Hash functions and information theoretic security

    DEFF Research Database (Denmark)

    Bagheri, Nasoor; Knudsen, Lars Ramkilde; Naderi, Majid;

    2009-01-01

    Information theoretic security is an important security notion in cryptography as it provides a true lower bound for attack complexities. However, in practice attacks often have a higher cost than the information theoretic bound. In this paper we study the relationship between information theoret...... attack costs and real costs. We show that in the information theoretic model, many well-known and commonly used hash functions such as MD5 and SHA-256 fail to be preimage resistant....

  13. Network security with openSSL cryptography for secure communications

    CERN Document Server

    Viega, John; Chandra, Pravir

    2002-01-01

    Most applications these days are at least somewhat network aware, but how do you protect those applications against common network security threats? Many developers are turning to OpenSSL, an open source version of SSL/TLS, which is the most widely used protocol for secure network communications.The OpenSSL library is seeing widespread adoption for web sites that require cryptographic functions to protect a broad range of sensitive information, such as credit card numbers and other financial transactions. The library is the only free, full-featured SSL implementation for C and C++, and it can be used programmatically or from the command line to secure most TCP-based network protocols.Network Security with OpenSSL enables developers to use this protocol much more effectively. Traditionally, getting something simple done in OpenSSL could easily take weeks. This concise book gives you the guidance you need to avoid pitfalls, while allowing you to take advantage of the library?s advanced features. And, inst...

  14. A REVIEW ON SECURED CLOUD COMPUTING ENVIRONMENT

    Directory of Open Access Journals (Sweden)

    M. Hemanth Chakravarthy

    2014-01-01

    Full Text Available Nowadays, the scientific problem becomes very complex; therefore, it requires more computing power and storage space. These requirements are very common in an organization while dealing with current technological data and requirements. Based on these basic requirements, need of higher computational resources is an important issue when dealing with current technological methodology. Hence, cloud computing has become the most important computing paradigm of recent world. The cloud computing is an open source and using Internet as network model. Rapid growth in the field of “cloud computing” also increases severe security concerns, because security has a constant issue. This study reviews security models of cloud computing.

  15. Security for wireless implantable medical devices

    CERN Document Server

    Hei, Xiali

    2013-01-01

    In the treatment of chronic diseases, wireless Implantable Medical Devices (IMDs) are commonly used to communicate with an outside programmer (reader). Such communication raises serious security concerns, such as the ability for hackers to gain access to a patient's medical records. This brief provides an overview of such attacks and the new security challenges, defenses, design issues, modeling and performance evaluation in wireless IMDs.  While studying the vulnerabilities of IMDs and corresponding security defenses, the reader will also learn the methodologies and tools for designing securi

  16. Complex reconfiguration - developing common tools

    International Nuclear Information System (INIS)

    Reconfiguring DOE sites, facilities, and laboratories to meet expected and evolving missions involves a number of disciplines and approaches formerly the preserve of private industry and defense contractors. This paper considers the process of identifying common tools for the various disciplines that can be exercised, assessed, and applied by team members to arrive at integrated solutions. The basic tools include: systems, hardware, software, and procedures that can characterize a site/facility's environment to meet organizational goals, safeguards and security, ES ampersand H, and waste requirements. Other tools such as computer-driven inventory and auditing programs can provide traceability of materials and product as they are processed and required added protection and control. This paper will also discuss the use of integrated teams in a number of high technology enterprises that could be adopted by DOE in high profile programs from environmental remediation to weapons dismantling and arms control

  17. Security Protocols in a Nutshell

    OpenAIRE

    Toorani, Mohsen

    2016-01-01

    Security protocols are building blocks in secure communications. They deploy some security mechanisms to provide certain security services. Security protocols are considered abstract when analyzed, but they can have extra vulnerabilities when implemented. This manuscript provides a holistic study on security protocols. It reviews foundations of security protocols, taxonomy of attacks on security protocols and their implementations, and different methods and models for security analysis of pro...

  18. Common Reactions After Trauma

    Science.gov (United States)

    ... here Enter ZIP code here Common Reactions After Trauma Public This section is for Veterans, General Public, Family, & Friends Common Reactions After Trauma Available in Spanish: Reacciones Comunes Después de un ...

  19. Secure DTN Communications Project

    Data.gov (United States)

    National Aeronautics and Space Administration — Innoflight proposes to implement and perform an on-orbit demonstration of a Secure DTN communications suite on the SCaN Testbed aboard the ISS. Secure DTN is a...

  20. Department of Homeland Security

    Science.gov (United States)

    ... Content Official website of the Department of Homeland Security Contact Us Quick Links Site Map A-Z ... HP - 2016 CISRM HP - 2016 CISRM Critical Infrastructure Security HP - Surge Capacity Force HP - Surge Capacity Force ...

  1. SECURE REMOTE CLIENT AUTHENTICATION

    Directory of Open Access Journals (Sweden)

    K.Pradeep,

    2010-10-01

    Full Text Available This paper discusses an application of Secure Remote Client Authentication. It presents a Smart Cards and Digitally certification from third party vendors, Smart cards are based on algorithm to provide secure Remote client Authentication. These schemes vary significantly.In relation to today’s security challenges, which includephishing, man-in-the-middle attacks and malicious software. Secure Remote Client authentication plays a key role.

  2. SECURE REMOTE CLIENT AUTHENTICATION

    OpenAIRE

    K.Pradeep,; R.Usha Rani; E.Ravi Kumar; K.Nikhila,; Vijay Sankar

    2010-01-01

    This paper discusses an application of Secure Remote Client Authentication. It presents a Smart Cards and Digitally certification from third party vendors, Smart cards are based on algorithm to provide secure Remote client Authentication. These schemes vary significantly.In relation to today’s security challenges, which includephishing, man-in-the-middle attacks and malicious software. Secure Remote Client authentication plays a key role.

  3. Social Security Financial Crises

    OpenAIRE

    Rodrigo Cerda

    2003-01-01

    This paper explores the causes of the social security financial crises. We indicate that the financial crisis might be endogenous to the social security system. The main idea is that the PAYG social security system might affect fertility and human capital's decisions and therefore, may negatively impact the aggregated growth rate of the economy. These effects lead to an endogenous erosion of the financial basis of the PAYG social security program so that, as a consequence, the PAYG system is ...

  4. East Asia's Security System

    OpenAIRE

    Hojzáková, Věra

    2012-01-01

    The aim of the master thesis is to characterize and evaluate the current security system in East Asia, to show the security strategies of the system actors and the existing friction points, and to assess the future development of the security system in place. For this purpose the author first defines the East Asia's security system using the conceptual tools of three international relations theories, namely neo-realism, neo-liberalism, and constructivism. In the following section, the securit...

  5. Hybrid Security Policies

    Directory of Open Access Journals (Sweden)

    Radu CONSTANTINESCU

    2006-01-01

    Full Text Available Policy is defined as the rules and regulations set by the organization. They are laid down by management in compliance with industry regulations, law and internal decisions. Policies are mandatory. Security policies rules how the information is protected against security vulnerabilities and they are the basis for security awareness, training and vital for security audits. Policies are focused on desired results. The means of achieving the goals are defined on controls, standards and procedures.

  6. Mobile platform security

    CERN Document Server

    Asokan, N; Dmitrienko, Alexandra

    2013-01-01

    Recently, mobile security has garnered considerable interest in both the research community and industry due to the popularity of smartphones. The current smartphone platforms are open systems that allow application development, also for malicious parties. To protect the mobile device, its user, and other mobile ecosystem stakeholders such as network operators, application execution is controlled by a platform security architecture. This book explores how such mobile platform security architectures work. We present a generic model for mobile platform security architectures: the model illustrat

  7. Network Security with Cryptography

    OpenAIRE

    Prof. Mukund R. Joshi; Renuka Avinash Karkade

    2015-01-01

    Network Security & Cryptography is a concept to protect network and data transmission over wireless network. Data Security is the main aspect of secure data transmission over unreliable network. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Netw...

  8. Security system signal supervision

    International Nuclear Information System (INIS)

    This purpose of this NUREG is to present technical information that should be useful to NRC licensees for understanding and applying line supervision techniques to security communication links. A review of security communication links is followed by detailed discussions of link physical protection and DC/AC static supervision and dynamic supervision techniques. Material is also presented on security for atmospheric transmission and video line supervision. A glossary of security communication line supervision terms is appended. 16 figs

  9. Information Security Management

    OpenAIRE

    Huang, Lu

    2015-01-01

    The main purpose of the thesis was to present different areas of information security controls based on the international information security standard ISO 27001. The thesis also describes the methods of risk analysis and how to establish, implement, maintain and improve information security system in organizations. Most of the material was collected from books and various online resources. Some information was taken also from the teaching materials of the information security course. ...

  10. Android application security essentials

    CERN Document Server

    Rai, Pragati

    2013-01-01

    Android Application Security Essentials is packed with examples, screenshots, illustrations, and real world use cases to secure your apps the right way.If you are looking for guidance and detailed instructions on how to secure app data, then this book is for you. Developers, architects, managers, and technologists who wish to enhance their knowledge of Android security will find this book interesting. Some prior knowledge of development on the Android stack is desirable but not required.

  11. Developing Secure Cloud Applications

    OpenAIRE

    Rak, Massimiliano; Ficco, Massimo; Battista, Ermanno; Casola, Valentina; Mazzocca, Nicola

    2014-01-01

    Today the main limit to Cloud adoption is related to the perception of a security loss the users have. Indeed, the existing solutions to provide security are mainly focused on Cloud service provider prospective in order to securely integrate frameworks and Infrastructures as a Services in a Cloud datacenter. Customer could not monitor and evaluate the security mechanisms enforced by service provider. Service Level Agreements mainly focus on performance related terms and no guarantees are ...

  12. Security Policy Enforcement

    OpenAIRE

    Irvine, Cynthia E.

    2005-01-01

    Many chapters of this Handbook describe mechanisms that contribute to various facets of security. The arbitrary use of security mechanisms provides no prescription for the achievement of security goals. It is only in their application in the context of organizational objectives for the protection of information and computational assets that security can be assessed. This chapter is intended to discuss the policies that provide a rationale for those mechanisms and to broadly examine their enfo...

  13. Web Application Security Testing

    OpenAIRE

    Bukovský, Ondřej

    2012-01-01

    The purpose of this bachelor's thesis is to present the topic of web applications security. The purpose of the first, theoretical part of this work is to introduce and describe fundamentals like web security or penetration testing. OWASP (Open Web Application Security Project) and their ten most critical web applications security risks are presented in the rest of the first part. Second, practical part describes tested web application and defines purpose and scope of penetration tests. Then t...

  14. Electronic healthcare information security

    CERN Document Server

    Dube, Kudakwashe; Shoniregun, Charles A

    2010-01-01

    The ever-increasing healthcare expenditure and pressing demand for improved quality and efficiency of patient care services are driving innovation in healthcare information management. The domain of healthcare has become a challenging testing ground for information security due to the complex nature of healthcare information and individual privacy. ""Electronic Healthcare Information Security"" explores the challenges of e-healthcare information and security policy technologies. It evaluates the effectiveness of security and privacy implementation systems for anonymization methods and techniqu

  15. Secure pairing with biometrics

    NARCIS (Netherlands)

    Buhan, I.R.; Boom, B.J.; Doumen, J.M.; Hartel, P.H.; Veldhuis, R.N.J.

    2009-01-01

    Secure pairing enables two devices that share no prior context with each other to agree upon a security association, which they can use to protect their subsequent communication. Secure pairing offers guarantees of the association partner identity and it should be resistant to eavesdropping and to a

  16. Quantum secure circuit evaluation

    Institute of Scientific and Technical Information of China (English)

    CHEN Huanhuan; LI Bin; ZHUANG Zhenquan

    2004-01-01

    In order to solve the problem of classical secure circuit evaluation, this paper proposes a quantum approach. In this approach, the method of inserting redundant entangled particles and quantum signature has been employed to strengthen the security of the system. Theoretical analysis shows that our solution is secure against classical and quantum attacks.

  17. Lemnos interoperable security project.

    Energy Technology Data Exchange (ETDEWEB)

    Halbgewachs, Ronald D.

    2010-03-01

    With the Lemnos framework, interoperability of control security equipment is straightforward. To obtain interoperability between proprietary security appliance units, one or both vendors must now write cumbersome 'translation code.' If one party changes something, the translation code 'breaks.' The Lemnos project is developing and testing a framework that uses widely available security functions and protocols like IPsec - to form a secure communications channel - and Syslog, to exchange security log messages. Using this model, security appliances from two or more different vendors can clearly and securely exchange information, helping to better protect the total system. Simplify regulatory compliance in a complicated security environment by leveraging the Lemnos framework. As an electric utility, are you struggling to implement the NERC CIP standards and other regulations? Are you weighing the misery of multiple management interfaces against committing to a ubiquitous single-vendor solution? When vendors build their security appliances to interoperate using the Lemnos framework, it becomes practical to match best-of-breed offerings from an assortment of vendors to your specific control systems needs. The Lemnos project is developing and testing a framework that uses widely available open-source security functions and protocols like IPsec and Syslog to create a secure communications channel between appliances in order to exchange security data.

  18. Secure Disk Mixed System

    Directory of Open Access Journals (Sweden)

    Myongchol Ri

    2013-01-01

    Full Text Available We propose a disk encryption method, called Secure Disk Mixed System (SDMS in this paper, for data protection of disk storages such as USB flash memory, USB hard disk and CD/DVD. It is aimed to solve temporal and spatial limitations of existing disk encryption methods and to control security performance flexibly according to the security requirement of system.

  19. Microsoft Azure security

    CERN Document Server

    Freato, Roberto

    2015-01-01

    This book is intended for Azure administrators who want to understand the application of security principles in distributed environments and how to use Azure to its full capability to reduce the risks of security breaches. Only basic knowledge of the security processes and services of Microsoft Azure is required.

  20. Learning Puppet security

    CERN Document Server

    Slagle, Jason

    2015-01-01

    If you are a security professional whose workload is increasing, or a Puppet professional looking to increase your knowledge of security, or even an experienced systems administrator, then this book is for you. This book will take you to the next level of security automation using Puppet. The book requires no prior knowledge of Puppet to get started.

  1. Refelctions on the security

    Directory of Open Access Journals (Sweden)

    Ladislav Hofreiter

    2013-07-01

    Full Text Available In this paper are presented the author‘s reflections about concept meaning of the security, about his systemic perception and actual scientific access to the security research. The author presented securitology paradigm for valuation security optional reference object.

  2. Indicators for energy security

    NARCIS (Netherlands)

    Kruyt, B.; van Vuuren, D.P.; de Vries, H.J.M.; Groenenberg, H.

    2009-01-01

    The concept of energy security is widely used, yet there is no consensus on its precise interpretation. In this research, we have provided an overview of available indicators for long-term security of supply (SOS). We distinguished four dimensions of energy security that relate to the availability,

  3. Network perimeter security building defense in-depth

    CERN Document Server

    Riggs, Cliff

    2003-01-01

    PREFACEWho is this Book For?The Path to Network SecurityWho Should Read This Book?MANAGING NETWORK SECURITYThe Big Picture: Security Policies from A to ZAdministrative CountermeasuresPhysical CountermeasuresTechnological CountermeasuresCreating the Security Standards DocumentCreating the Configuration Guide DocumentPulling it All Together: Sample Security Policy CreationProteris Security Standards and ProceduresTHE NETWORK STACK AND SECURITYConnecting the NetworkProtocolsServers and HostsCRYPTOGRAPHY AND VPN TERMINOLOGYKeysCertificatesHashingDigital SignaturesCommon Encryption AlgorithmsSplit

  4. Secure Transportation Management

    Energy Technology Data Exchange (ETDEWEB)

    Gibbs, P. W. [Brookhaven National Lab. (BNL), Upton, NY (United States)

    2014-10-15

    Secure Transport Management Course (STMC) course provides managers with information related to procedures and equipment used to successfully transport special nuclear material. This workshop outlines these procedures and reinforces the information presented with the aid of numerous practical examples. The course focuses on understanding the regulatory framework for secure transportation of special nuclear materials, identifying the insider and outsider threat(s) to secure transportation, organization of a secure transportation unit, management and supervision of secure transportation units, equipment and facilities required, training and qualification needed.

  5. Pro Spring security

    CERN Document Server

    Scarioni, Carlo

    2013-01-01

    Security is a key element in the development of any non-trivial application. The Spring Security Framework provides a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications. Pro Spring Security will be a reference and advanced tutorial that will do the following: Guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground-up. Demonstrates the different authentication and authorization methods to secure enterprise-level applications

  6. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2014-01-01

    The runaway growth of computer viruses and worms and the ongoing nuisance posed by malicious hackers and employees who exploit the security vulnerabilities of open network protocols make the tightness of an organization's security system an issue of prime importance. And information systems technology is advancing at a frenetic pace. Against this background, the challenges facing information security professionals are increasing rapidly.Information Security Management Handbook, Fourth Edition, Volume 2 is an essential reference for anyone involved in the security of information systems.

  7. Poland's gas security

    OpenAIRE

    Rosicki, Remigiusz

    2015-01-01

    The subject matter analyzed in the text is Poland’s energy security as illustrated with the security of gas supply (gas supply security). The text analyzes a selection of problems concerned with gas security and so the focus is on: (1) a description of gas supply contracts, and (2) an assessment of gas supply security with regard to the technical import capabilities of the transmission infrastructure. In both cases two time-frames were applied: (1) 2006–2010, (2) the period after 2010 with a ...

  8. Android security cookbook

    CERN Document Server

    Makan, Keith

    2013-01-01

    Android Security Cookbook' breaks down and enumerates the processes used to exploit and remediate Android app security vulnerabilities in the form of detailed recipes and walkthroughs.""Android Security Cookbook"" is aimed at anyone who is curious about Android app security and wants to be able to take the necessary practical measures to protect themselves; this means that Android application developers, security researchers and analysts, penetration testers, and generally any CIO, CTO, or IT managers facing the impeding onslaught of mobile devices in the business environment will benefit from

  9. Information security management handbook

    CERN Document Server

    2002-01-01

    The Information Security Management Handbook continues its tradition of consistently communicating the fundamental concepts of security needed to be a true CISSP. In response to new developments, Volume 4 supplements the previous volumes with new information covering topics such as wireless, HIPAA, the latest hacker attacks and defenses, intrusion detection, and provides expanded coverage on security management issues and applications security. Even those that don't plan on sitting for the CISSP exam will find that this handbook is a great information security reference.The changes in the tech

  10. Network Security Using Firewalls

    Directory of Open Access Journals (Sweden)

    Radu Lucaciu

    2008-05-01

    Full Text Available As networks increase in size and complexity, security products are growing in sophistication and security threats are becoming more ingenious. The usage of security solutions has become inevitable for all modern organisations. There is no perfect security, but the idea is to make a network so hard to access, that it doesn’t worth trying. One of the crucial components that contribute to this security are firewalls. It is important to prevent undesired data before it ever gets into the target system. This is the job of firewalls and the article covers this topic.

  11. Information security fundamentals

    CERN Document Server

    Blackley, John A; Peltier, Justin

    2004-01-01

    Effective security rules and procedures do not exist for their own sake-they are put in place to protect critical assets, thereby supporting overall business objectives. Recognizing security as a business enabler is the first step in building a successful program.Information Security Fundamentals allows future security professionals to gain a solid understanding of the foundations of the field and the entire range of issues that practitioners must address. This book enables students to understand the key elements that comprise a successful information security program and eventually apply thes

  12. Security through Collaboration in MANETs

    Science.gov (United States)

    Li, Wenjia; Parker, James; Joshi, Anupam

    It is well understood that Mobile Ad Hoc Networks (MANETs) are extremely susceptible to a variety of attacks, and traditional security mechanisms do not work well. Many security schemes have been proposed that depend on cooperation amongst the nodes in a MANET for identifying nodes that are exhibiting malicious behavior such as packet dropping, packet modification, and packet misrouting. We argue that in general, this problem can be viewed as an instance of detecting nodes whose behavior is an outlier when compared to others. In this paper, we propose a collaborative outlier detection algorithm for MANETs that factors in a nodes reputation. The algorithm leads to a common outlier view amongst distributed nodes with a limited communication overhead. Simulation results demonstrate that the proposed algorithm is efficient and accurate.

  13. Computer Security Systems Enable Access.

    Science.gov (United States)

    Riggen, Gary

    1989-01-01

    A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

  14. Security Policies for Securing Cloud Databases

    Directory of Open Access Journals (Sweden)

    Ingrid A. Buckley

    2014-07-01

    Full Text Available Databases are an important and almost mandatory means for storing information for later use. Databases require effective security to protect the information stored within them. In particular access control measures are especially important for cloud databases, because they can be accessed from anywhere in the world at any time via the Internet. The internet has provided a plethora of advantages by increasing accessibility to various services, education, information and communication. The internet also presents challenges and disadvantages, which include securing services, information and communication. Naturally, the internet is being used for good but also to carry out malicious attacks on cloud databases. In this paper we discuss approaches and techniques to protect cloud databases, including security policies which can realized as security patterns.

  15. Information security cost management

    CERN Document Server

    Bazavan, Ioana V

    2006-01-01

    While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner.Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book demonstrates how to design the best security strategy with the resources you have available. Organized into five sections, the book-Focuses on setting the right road map so that you can be most effective in your information security implementationsDiscusses cost-effective staffing, the single biggest expense to the security organizationPresents practical ways to build and manage the documentation that details strategy, provides resources for operating annual audits, and illustrates how to advertise accomplishments to senior management effectivelyI...

  16. Introduction to Hardware Security

    Directory of Open Access Journals (Sweden)

    Yier Jin

    2015-10-01

    Full Text Available Hardware security has become a hot topic recently with more and more researchers from related research domains joining this area. However, the understanding of hardware security is often mixed with cybersecurity and cryptography, especially cryptographic hardware. For the same reason, the research scope of hardware security has never been clearly defined. To help researchers who have recently joined in this area better understand the challenges and tasks within the hardware security domain and to help both academia and industry investigate countermeasures and solutions to solve hardware security problems, we will introduce the key concepts of hardware security as well as its relations to related research topics in this survey paper. Emerging hardware security topics will also be clearly depicted through which the future trend will be elaborated, making this survey paper a good reference for the continuing research efforts in this area.

  17. The Science Commons Project

    OpenAIRE

    Martin, Juan Carlos

    2007-01-01

    Science Commons serves the advancement of science by contributing to the removal of unnecessary legal and technical barriers to scientific collaboration and innovation. Built on the promise of Open Access to scholarly literature and data, Science Commons identifies and eases key barriers to the movement of information, tools and data through the scientific research cycle. The long term vision of Science Commons is to provide more than just useful contracts. We will combine our publishin...

  18. Spectrum Sharing Security and Attacks in CRNs: a Review

    Directory of Open Access Journals (Sweden)

    Wajdi Alhakami

    2014-01-01

    Full Text Available Cognitive Radio plays a major part in communication technology by resolving the shortage of the spectrum through usage of dynamic spectrum access and artificial intelligence characteristics. The element of spectrum sharing in cognitive radio is a fundamental approach in utilising free channels. Cooperatively communicating cognitive radio devices use the common control channel of the cognitive radio medium access control to achieve spectrum sharing. Thus, the common control channel and consequently spectrum sharing security are vital to ensuring security in the subsequent data communication among cognitive radio nodes. In addition to well known security problems in wireless networks, cognitive radio networks introduce new classes of security threats and challenges, such as licensed user emulation attacks in spectrum sensing and misbehaviours in the common control channel transactions, which degrade the overall network operation and performance. This review paper briefly presents the known threats and attacks in wireless networks before it looks into the concept of cognitive radio and its main functionality. The paper then mainly focuses on spectrum sharing security and its related challenges. Since spectrum sharing is enabled through usage of the common control channel, more attention is paid to the security of the common control channel by looking into its security threats as well as protection and detection mechanisms. Finally, the pros and cons as well as the comparisons of different CR-specific security mechanisms are presented with some open research issues and challenges.

  19. Tragedy of the Commons

    DEFF Research Database (Denmark)

    Nørgaard, Jørgen

    The tittle refers to an article from 1968 by Garrett Hardin, using the metaphore of the common grazing land in villages in old time. These 'Commons' were for free use for people in the commounity to have some sheep grazing. This system was based on a certain social solidarity and ethic. With an i......The tittle refers to an article from 1968 by Garrett Hardin, using the metaphore of the common grazing land in villages in old time. These 'Commons' were for free use for people in the commounity to have some sheep grazing. This system was based on a certain social solidarity and ethic...

  20. Designing Dependable Service Oriented Web Services Security Architectures Solutions

    Directory of Open Access Journals (Sweden)

    M.Upendra Kumar

    2010-04-01

    Full Text Available System Security Architecture from a software engineering viewpoint imposes that strong security must be a guiding principle of the entire software development process. It describes a way to weave security into systems architecture, and it identifies common patterns of implementation found in most security products. The security and software engineering communities must find ways to develop software correctly in a timely and cost-effective fashion. There’s no substitute for working software security as deeply into the evelopment process as possible. System designers and developers must take a more proactive role in building secure software. The root of most security problems is software that fails in unexpected ways whenunder attack. The enforcement of security at the design phase canreduce the cost and effort associated with the introduction of security during implementation. At the architecture level a systemmust be coherent and present unified security architecture that takes into account security principles (such as the least privilege. In this paper we want to discuss about different facets of security as applicable to Service Oriented Architectures (SOA Security Architecture implementations. First we examine the securityrequirements and its solution mechanisms. In the context of WebServices, the predominant SOA implementation standard has a crucial role to play. The Web Services architecture is expected to play a prominent role in developing next generation distributed systems. Building dependable systems based on web services architecture is a major research issue being discussed. Finally, we provide a case study of Web Services Security Architecture, enhancing its security pertaining to Web 2.0 AJAX (Asynchronous JavaScript and XML and its Security encryption of data using MD5algorithm.

  1. Latvian Security and Defense Policy within the Twenty-First Century Security Environment

    Directory of Open Access Journals (Sweden)

    Rublovskis Raimonds

    2014-12-01

    Full Text Available The aim of this paper is to analyze fundamental factors which form and profoundly shape security and defense policy of the Republic of Latvia. One can argue that historical background, geographical location, common institutional history within the former Soviet Union, the Russia factor, the relative smallness of the territory of state and the population, the ethnic composition of the population, the low density of the population and rather limited financial and manpower resources available for the defense of the Republic of Latvia are the key factors of influence on the state security and defense policy. The core principles of the security and defense policy of Latvia are the membership in powerful global military alliance of NATO and bilateral strategic partnership with the United States. However, security and defense cooperation among the three Baltic States as well as enhanced cooperation within the Baltic-Nordic framework is seen as an important supplementary factor for the increased security of the Republic of Latvia. Latvia has developed a sustainable legal and institutional framework in order to contribute to state security and defense; however, security challenges and significant changes within the global security environment of the twenty-first century will further challenge the ability of the Republic of Latvia to sustain its current legal framework, and more importantly, current institutional structure of Latvian security and defense architecture. Significant internal and external challenges will impact the fundamental pillars of Latvian security and defense policy, such as American strategic shift to the Pacific, and lack of political will to increase defense budgets in European part of NATO. It has to be clear that very independence, security and defense of the Republic of Latvia depend on the ability of NATO to remain an effective organization with timely and efficient decision-making, and the ability of the United States to remain

  2. Human Security Agendas

    Institute of Scientific and Technical Information of China (English)

    Alan Hunter

    2012-01-01

    Ⅰ.IntroductionThe need for governments and international organisations to gain a better understanding of "security" is ever more urgent.For example in the conflict in Libya in early 2011,many security dilemmas were visible:the protection of Libyan civilians,the security of the regime,whether and how the UN or NATO should intervene,whether Europe would be threatened with a massive refugee flow,how to protect or evacuate foreign citizens (including Chinese),how to secure food and medical supplies in the midst of armed conflict.Such events may be termed "complex emergencies" which often raise legal, military and humanitarian issues simultaneously.International law and practice do not provide clear guidelines on such situations,and responses can be random,contingent on a variety of factors.Traditional concepts of security,for example protection of national borders,are certainly still relevant and legally enforceable,but more sophisticated concepts are needed to respond to security dilemmas in today's globalised world.Human security as a concept was first developed within the UN system in the 1990s,and set out,for example,in Human Security Now [1] The first section of this paper tracks the development of Human Security discourse,and also examines the broadening of the "security"concept in recent years.The second section reports on institutions with a specific interest in Human Security,for example within the UN system and in universities.The third section acknowledges some critiques of the Human Security paradigm.The last section reports on new directions that may enrich the Human Security agenda.

  3. Enhanced Security Strategies for MPLS Signaling

    Directory of Open Access Journals (Sweden)

    Francesco Palmieri

    2007-09-01

    Full Text Available In an increasingly hostile environment, the need for security in network infrastructure is stronger than ever, especially for Multi-Protocol Label Switching (MPLS, widely used to provide most of the new-generation network infrastructure-level services in the Internet. Unfortunately, the MPLS control plane lacks scalable verification for the authenticity and legitimacy of signaling messages and communication between peer routers is subject to active and passive forgery, hijacking and wiretapping activities. In this paper, we propose a robust framework for MPLS-based network survivability against security threats. The security of MPLS control plane protocols can be greatly enhanced by requiring digital signature of all the signaling messages, in accordance with a common security paradigm valid for all the protocols. Our design goals include integrity safeguarding, protection against replay attacks, and gradual deployment, with routers not supporting authentication breaking the trust chain but operating undisturbed under any other respect.

  4. Lecture 13: Control System Cyber Security

    CERN Document Server

    CERN. Geneva

    2013-01-01

    Today, the industralized world lives in symbiosis with control systems: it depends on power distribution, oil production, public transport, automatic production lines. While the convenience is at hand, still too many control systems are designed without any security in mind, lack basic security protections, and are not even robust enough to withstand basic attacks. The Stuxnet worm attacking Siemens PLCs in 2010 was another close call. Attackers currently enjoy hacking control systems, and aim to switch lights off. This presentation shall recap the current situation and outline why the presenter is still waiting for a change in paradigm. Stefan Lüders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Being initially developer of a common safety system used in all four experiments at the Large Hadron Collider, he gathered expertise in cyber-security issues of control systems. Consequently in 2004, he took over responsibilities in securing CERN's accelerator and...

  5. Implementing healthcare information security: standards can help.

    Science.gov (United States)

    Orel, Andrej; Bernik, Igor

    2013-01-01

    Using widely spread common approaches to systems security in health dedicated controlled environments, a level of awareness, confidence and acceptance of relevant standardisation is evaluated. Patients' information is sensitive, so putting appropriate organisational techniques as well as modern technology in place to secure health information is of paramount importance. Mobile devices are becoming the top priorities in advanced information security planning with healthcare environments being no exception. There are less and less application areas in healthcare without having a need for a mobile functionality which represents an even greater information security challenge. This is also true in emergency treatments, rehabilitation and homecare just to mention a few areas outside hospital controlled environments. Unfortunately quite often traditional unsecured communications principles are still in routine use for communicating sensitive health related information. The security awareness level with users, patients and care professionals is not high enough so potential threats and risks may not be addressed and the respective information security management is therefore weak. Standards like ISO/IEC 27000 ISMS family, the ISO/IEC 27799 information security guidelines in health are often not well known, but together with legislation principles such as HIPAA, they can help.

  6. Robust Security System for Critical Computers

    Directory of Open Access Journals (Sweden)

    Preet Inder Singh

    2012-06-01

    Full Text Available Among the various means of available resource protection including biometrics, password based system is most simple, user friendly, cost effective and commonly used, but this system having high sensitivity with attacks. Most of the advanced methods for authentication based on password encrypt the contents of password before storing or transmitting in physical domain. But all conventional cryptographic based encryption methods are having its own limitations, generally either in terms of complexity, efficiency or in terms of security. In this paper a simple method is developed that provide more secure and efficient means of authentication, at the same time simple in design for critical systems. Apart from protection, a step toward perfect security has taken by adding the feature of intruder detection along with the protection system. This is possible by merging various security systems with each other i.e password based security with keystroke dynamic, thumb impression with retina scan associated with the users. This new method is centrally based on user behavior and users related security system, which provides the robust security to the critical systems with intruder detection facilities.

  7. Towards Secure and Practical MACs for Body Sensor Networks

    OpenAIRE

    Gong, Z; Hartel, P.H.; Nikova, S.I.; Zhu, Bo

    2009-01-01

    Wireless sensor network (WSN) commonly requires lower level security for public information gathering, whilst body sensor network (BSN) must be secured with strong authenticity to protect personal health information. First in this paper, some practical problems with the Message Authentication Codes (MACs), which are suggested in the current security architectures for WSN, are reconsidered. The analysis exploits the fact that the recommended MACs for WSN, e.g., TinySec (CBC-MAC), MiniSec (OCB-...

  8. Optimizing security of cloud computing within the DoD

    OpenAIRE

    Antedomenico, Noemi

    2010-01-01

    What countermeasures best strengthen the confidentiality, integrity and availability (CIA) of the implementation of cloud computing within the DoD? This question will be answered by analyzing threats and countermeasures within the context of the ten domains comprising the Certified Information System Security Professional (CISSP) Common Body of Knowledge (CBK). The ten domains that will be used in this analysis include access control; telecommunications and network security; information secur...

  9. IT Security Issues Within the Video Game Industry

    CERN Document Server

    Mohr, Stephen

    2011-01-01

    IT security issues are an important aspect for each and every organization within the video game industry. Within the video game industry alone, you might not normally think of security risks being an issue. But as we can and have seen in recent news, no company is immune to security risks no matter how big or how small. While each of these organizations will never be exactly the same as the next, there are common security issues that can and do affect each and every video game company. In order to properly address those security issues, one of the current leading video game companies was selected in order to perform an initial security assessment. This security assessment provided a starting point upon which specific goals and procedures were determined to help mitigate those risks. The information contained within was initially completed on the case study but has been generalized to allow the information to be easily applied to any video game company.

  10. Security Testing of WebSockets

    OpenAIRE

    Kuosmanen, Harri

    2016-01-01

    The current state of WebSocket is not an exception when it comes to security issues in traditional web applications. There are vulnerabilities that commonly exist in WebSocket implementations that any attacker could potentially exploit. In order to build a protection to avoid these vulnerabilities it needs to be understood what the vulnerabilities are and how they are discovered, how can they be exploited, and how can they be defended against. Many of the commonly known web applicatio...

  11. While working around security

    DEFF Research Database (Denmark)

    Mathiasen, Niels Raabjerg; Bødker, Susanne; Petersen, Marianne Graves

    This paper describes our work at two levels. First of all the paper discusses how users of IT deal with issues of IT security in their everyday life. Secondly, we discuss how the kind of understanding of IT security that comes out of careful analyses of use confronts the ways in which usable...... IT security is established in the literature. Recent literature has called for better conceptual models as a starting point for improving IT security. In contrast to such models we propose to dress up designers by helping them better understand the work that goes into everyday security. The result...... is a methodological toolbox that helps address and design for usable and useful IT security. We deploy examples of analyses and design, carried out by ourselves and by others to fine-tune our design perspective; in particular we use examples from three current research projects....

  12. While Working Around Security

    DEFF Research Database (Denmark)

    Mathiasen, Niels Raabjerg

    Users of technology encounter various IT security mechanisms in their everyday lives. If these mechanisms fail to support everyday activities, they either get in the way, or the users find a way to work around them. Even though users manage to carry out everyday activities by using substandard...... IT security mechanisms or via workarounds, it will influence their experience of security. If researchers and designers only focus on IT security artifacts and fail to take the user experience into account, incorrect processes or workarounds will occur. Accordingly, to get users to follow the correct process...... may seem to be a criterion of success, even though it may yield a less appropriate experience of security. This dissertation deals with an improved understanding of IT security sensitive IT artifacts and presents three design methods, and a framework for addressing the complexities and contingencies...

  13. Security through Play

    OpenAIRE

    Gondree, Mark; Peterson, Zachary N. J.; Denning, Tamara

    2013-01-01

    Precollege classrooms have neither the support nor the room to explore computer security topics. At best, students are the targets of in-school safety campaigns, absorbing rules and best practices that only hint at the rich landscape of security problems. How to expose young students to cybersecurity outside the classroom!to computer security technology, concepts, and careers!is a challenge. Unfortunately, popular media might give more visibility to cybe...

  14. Security consideration for virtualization

    OpenAIRE

    Gebhardt, Carl

    2008-01-01

    Virtualization is not a new technology, but has recently experienced a resurgence of interest among industry and research. New products and technologies are emerging quickly, and are being deployed with little considerations to security concerns. It is vital to understand that virtualization does not improve security by default. Hence, any aspect of virtualization needs to undergo constant security analysis and audit. Virtualization is a changeable and very dynamic field wit...

  15. ITIL® and information security

    International Nuclear Information System (INIS)

    This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework

  16. Information Security Training & Awareness

    OpenAIRE

    Hogervorst, Monique

    2009-01-01

    Information security standards, best practices and literature all identify the need for Training & Awareness, the theory is clear. The surveys studied show that in the real world the situation is different: the focus of businesses is still on technical information security controls aimed at the external attacker. And although threats and vulnerabilities point out that personnel security becomes more important, the attitude of managers and employees does not reflect tha...

  17. Towards Information Security Awareness

    OpenAIRE

    Marius Petrescu; Delia Mioara Popescu; Nicoleta Sirbu

    2010-01-01

    Information security has come to be recognized as increasingly important because global communication and information systems allow a potentially large number of unauthorized users to access and possibly alter information from around the world. As the dependence on information systems grows, so the security of information networks becomes ever more critical to any entity, no matter if it is a company or a public institution. Information security involves both technology and people. Any securi...

  18. Addressing Software Security

    Science.gov (United States)

    Bailey, Brandon

    2015-01-01

    Historically security within organizations was thought of as an IT function (web sites/servers, email, workstation patching, etc.) Threat landscape has evolved (Script Kiddies, Hackers, Advanced Persistent Threat (APT), Nation States, etc.) Attack surface has expanded -Networks interconnected!! Some security posture factors Network Layer (Routers, Firewalls, etc.) Computer Network Defense (IPS/IDS, Sensors, Continuous Monitoring, etc.) Industrial Control Systems (ICS) Software Security (COTS, FOSS, Custom, etc.)

  19. Secure shell session resumption

    OpenAIRE

    Kuryla, S. V.

    2009-01-01

    The Secure Shell (SSH) Protocol is a protocol for secure remote login and other secure network services over an insecure network. However, using modern cryptography techniques might be computationally expensive, especially for low-end devices such as wireless access points and DSL routers. Here I present an implementation of a session resumption mechanism that has been proposed earlier to improve the performance of SSI I.

  20. Automated security management

    CERN Document Server

    Al-Shaer, Ehab; Xie, Geoffrey

    2013-01-01

    In this contributed volume, leading international researchers explore configuration modeling and checking, vulnerability and risk assessment, configuration analysis, and diagnostics and discovery. The authors equip readers to understand automated security management systems and techniques that increase overall network assurability and usability. These constantly changing networks defend against cyber attacks by integrating hundreds of security devices such as firewalls, IPSec gateways, IDS/IPS, authentication servers, authorization/RBAC servers, and crypto systems. Automated Security Managemen

  1. Outsourcing information security

    CERN Document Server

    Axelrod, Warren

    2004-01-01

    This comprehensive and timely resource examines security risks related to IT outsourcing, clearly showing you how to recognize, evaluate, minimize, and manage these risks. Unique in its scope, this single volume offers you complete coverage of the whole range of IT security services and fully treats the IT security concerns of outsourcing. The book helps you deepen your knowledge of the tangible and intangible costs and benefits associated with outsourcing IT and IS functions.

  2. Fragile States : Securing Development

    OpenAIRE

    Zoellick, R.

    2008-01-01

    Fragile states are the toughest development challenge of our era. But we ignore them at our peril: about one billion people live in fragile states, including a disproportionate number of the world's extreme poor, and they account for most of today's wars. These situations require a different framework of building security, legitimacy, governance, and the economy. Only by securing development - bringing security and development together to smooth the transition from conflict to peace and then ...

  3. Motivating Contributions for Home Computer Security

    Science.gov (United States)

    Wash, Richard L.

    2009-01-01

    Recently, malicious computer users have been compromising computers en masse and combining them to form coordinated botnets. The rise of botnets has brought the problem of home computers to the forefront of security. Home computer users commonly have insecure systems; these users do not have the knowledge, experience, and skills necessary to…

  4. Flood planning; the politics of water security

    NARCIS (Netherlands)

    Warner, J.F.

    2010-01-01

    Floods are amongst the most common and devastating natural disasters. In the wake of such an event, the pressure to initiate flood protection schemes that will provide security is enormous, and politicians promise quick solutions in the national interest. Jeroen Warner examines a number of such proj

  5. Engineering security agreements against external insider threat

    NARCIS (Netherlands)

    Franqueira, Virginia Nunes Leal; Cleeff, van André; Eck, van Pascal; Wieringa, Roel

    2013-01-01

    Companies are increasingly engaging in complex inter-organisational networks of business and trading part- ners, service and managed security providers to run their operations. Therefore, it is now common to outsource critical business processes and to completely move IT resources to the custody of

  6. Effects of Security actions

    Science.gov (United States)

    Bergman, Ramona; Andersson-Sköld, Yvonne; Nyberg, Lars; Johansson, Magnus

    2010-05-01

    In a project funded by the Swedish Civil Contingencies Agency, the effort and work to reduce different kinds of accidents are being evaluated. The project wants to illuminate the links between actions and outcome, so we can learn from today's performance and in the future select more effective measures and overall deal with accidents more efficiently. The project ESS covers the field of frequent accidents such as sliding accidents at home, in house fires and less common accidents such as chemical and land fill accidents up to even more rare accidents such as natural accidents and hazards. In the ESS project SGI (Swedish geotechnical institute) will evaluate the work and effort concerning various natural hazards limited to landslides, erosion and flooding. The aim is to investigate how municipalities handle, especially prevention, of such natural disasters today. The project includes several aspects such as: • which are the driving forces for risk analysis in a municipality • do one use risk mapping (and what type) in municipal risk analysis • which aspects are most important when selecting preventive measures • in which way do one learn from past accidents • and from previous accidents elsewhere, by for example use existing databases • etc There are many aspects that play a role in a well-functioning safety promotion work. The overall goal is to examine present work and activities, highlight what is well functioning and identify weak points. The aim is to find out where more resources are needed and give suggestions for a more efficient security work. This includes identification of the most efficient "tools" in use or needed. Such tools can be education, directives, funding, more easily available maps and information regarding previous accidents and preventive measures etc. The project will result in recommendations for more effective ways to deal with landslides, erosion and flooding. Since different kinds of problems can occur depending on level of

  7. Chemical Security Analysis Center

    Data.gov (United States)

    Federal Laboratory Consortium — In 2006, by Presidential Directive, DHS established the Chemical Security Analysis Center (CSAC) to identify and assess chemical threats and vulnerabilities in the...

  8. Microsoft Windows Security Essentials

    CERN Document Server

    Gibson, Darril

    2011-01-01

    Windows security concepts and technologies for IT beginners IT security can be a complex topic, especially for those new to the field of IT. This full-color book, with a focus on the Microsoft Technology Associate (MTA) program, offers a clear and easy-to-understand approach to Windows security risks and attacks for newcomers to the world of IT. By paring down to just the essentials, beginners gain a solid foundation of security concepts upon which more advanced topics and technologies can be built. This straightforward guide begins each chapter by laying out a list of topics to be discussed,

  9. Operating System Security

    CERN Document Server

    Jaeger, Trent

    2008-01-01

    Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build "secure" operating systems - operating systems whose mechanisms protect the system against a motivated adversary. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems. In this book, we examine past research that outlines the requirements for a secure operating system and research that implements example systems that aim for such requirements. For system designs that aimed to

  10. Command and Control during Security Incidents/Emergencies

    Energy Technology Data Exchange (ETDEWEB)

    Knipper, W. [NSTec

    2013-10-16

    This presentation builds on our response to events that pose, or have the potential to pose, a serious security or law enforcement risk and must be responded to and controlled in a clear a decisive fashion. We will examine some common concepts in the command and control of security-centric events.

  11. Towards Secure and Practical MACs for Body Sensor Networks

    NARCIS (Netherlands)

    Gong, Z.; Hartel, P.H.; Nikova, S.I.; Zhu, Bo

    2009-01-01

    Wireless sensor network (WSN) commonly requires lower level security for public information gathering, whilst body sensor network (BSN) must be secured with strong authenticity to protect personal health information. First in this paper, some practical problems with the Message Authentication Codes

  12. Governing the Conflicted Commons

    DEFF Research Database (Denmark)

    Sareen, Siddharth

    authorisation of knowledge, aligning different objectives and managing failures, engaging in anti-politics and re-assembling practices that hold interventions together over time. Interventions in the Saranda division elide development with security-oriented concerns and, rather than ensuring forest inhabitants....... Article 2 employs six practices of assemblage to identify how interventions impact local democracy through forging alignments, rendering technical, authorising knowledge, managing failure, anti-politics and re-assembling. Article 3 demonstrates whose rules govern locally using an access framework...

  13. Security engineering: Phisical security measures for high-risk personnel

    Directory of Open Access Journals (Sweden)

    Jelena S. Cice

    2013-06-01

    terrorist or criminal targets based on their grade, assignment, symbolic value, criticality, and threat and vulnerability assessment. Levels of protection The recommendations contained in this criterion are intended to minimize the possibility of HRP casualties in buildings or portions of buildings in which they work and live. These recommendations provide appropriate and implementable measures to establish a level of protection against terrorist attacks where no known threat of terrorist activity currently exists. While complete protection against all potential threats is cost prohibitive, the intent of these recommendations can be achieved through prudent master planning, real estate acquisition, and design and construction practices. Tag number The tag number at the beginning of each physical security measure (recommendation is unique and is intended to be a communication aid when linking the requirement (recommendation to the supporting text or commentary. The three-character tag number uses the following legend. Tag Number First Character -The first character is an abbreviation for the defense zone layer that is most applicable for the countermeasure. “S” is used to represent site or external zone issues. “P” is used to represent the perimeter zone. “G” is used to represent issues relative to the property grounds. “E” is used to represent issues associated with the building exterior of the HRP office or residence. “I” is used to represent issues associated with the building interior. “H” is used to represent issues associated with the safe room or safe haven. Tag Number Second Character - The second character is a sequential number for countermeasures in a given zone - a requirement or a recommendation. This number ensures a unique tag number. Tag Number Third Character- The third character indicates whether the countermeasure is applicable to offices, residences, or both (common. “O” indicates a requirement or recommendation unique to

  14. Common Foot Problems

    Science.gov (United States)

    ... and rashes clinical tools newsletter | contact Share | Common Foot Problems A A A Trauma, infection, skin disease, ... the sole of the front part of the foot and on the toes. Foot infections include warts; ...

  15. Common Knowledge on Networks

    CERN Document Server

    Liddell, Torrin M

    2015-01-01

    Common knowledge of intentions is crucial to basic social tasks ranging from cooperative hunting to oligopoly collusion, riots, revolutions, and the evolution of social norms and human culture. Yet little is known about how common knowledge leaves a trace on the dynamics of a social network. Here we show how an individual's network properties---primarily local clustering and betweenness centrality---provide strong signals of the ability to successfully participate in common knowledge tasks. These signals are distinct from those expected when practices are contagious, or when people use less-sophisticated heuristics that do not yield true coordination. This makes it possible to infer decision rules from observation. We also find that tasks that require common knowledge can yield significant inequalities in success, in contrast to the relative equality that results when practices spread by contagion alone.

  16. Common Conditions in Newborns

    Science.gov (United States)

    ... Prenatal Baby Bathing & Skin Care Breastfeeding Crying & Colic Diapers & Clothing Feeding & Nutrition Preemie Sleep Teething & Tooth Care Toddler Preschool Gradeschool Teen Young Adult Healthy Children > Ages & Stages > Baby > Common Conditions in ...

  17. Genomic Data Commons launches

    Science.gov (United States)

    The Genomic Data Commons (GDC), a unified data system that promotes sharing of genomic and clinical data between researchers, launched today with a visit from Vice President Joe Biden to the operations center at the University of Chicago.

  18. ACS: ALMA Common Software

    Science.gov (United States)

    Chiozzi, Gianluca; Šekoranja, Matej

    2013-02-01

    ALMA Common Software (ACS) provides a software infrastructure common to all ALMA partners and consists of a documented collection of common patterns and components which implement those patterns. The heart of ACS is based on a distributed Component-Container model, with ACS Components implemented as CORBA objects in any of the supported programming languages. ACS provides common CORBA-based services such as logging, error and alarm management, configuration database and lifecycle management. Although designed for ALMA, ACS can and is being used in other control systems and distributed software projects, since it implements proven design patterns using state of the art, reliable technology. It also allows, through the use of well-known standard constructs and components, that other team members whom are not authors of ACS easily understand the architecture of software modules, making maintenance affordable even on a very large project.

  19. MA Common Tern Census

    Data.gov (United States)

    US Fish and Wildlife Service, Department of the Interior — The official State census period for common terns was June 1-10. The survey was conducted on June 4 by Biologist Healey, Biotech Springfield, and Maintenance...

  20. Cyberspace security: How to develop a security strategy

    CERN Document Server

    Raggad, Bel G

    2007-01-01

    Despite all visible dividers, the Internet is getting us closer and closer, but with a great price. Our security is the price. The internatl. community is fully aware of the urgent need to secure the cyberspace as you see the multiplication of security standards and national schemes interpreting them beyond borders: ISO 15408, ISO 17799, and ISO 27001. Even though some countries, incl. the Security Big Six (SB6), are equipped with their security books and may feel relatively safe; this remains a wrong sense of security as long as they share their networks with entities of less security. The standards impose security best practices and system specifications for the development of information security management systems. Partners beyond borders have to be secure as this is only possible if all entities connected to the partnership remain secure. Unfortunately, there is no way to verify the continuous security of partners without periodic security auditing and certification, and members who do not comply should ...

  1. Timely Common Knowledge

    OpenAIRE

    Yannai A. Gonczarowski; Moses, Yoram

    2013-01-01

    Coordinating activities at different sites of a multi-agent system typically imposes epistemic constraints on the participants. Specifying explicit bounds on the relative times at which actions are performed induces combined temporal and epistemic constraints on when agents can perform their actions. This paper characterises the interactive epistemic state that arises when actions must meet particular temporal constraints. The new state, called timely common knowledge, generalizes common know...

  2. UNDERSTANDING THE GLOBAL COMMONS

    OpenAIRE

    Bromley, Daniel W.; Cochrane, Jeffrey A.

    1994-01-01

    We want to clarify the way in which we think about the global commons, particularly the problem of global warming caused by greenhouse gas emissions and tropical deforestation. We develop a policy framework in which the policy goal is the sustainability of the earth's ability to absorb greenhouse gases. The framework considers the unequal incidence of benefits and costs of particular policies. We identify several resource management regimes and suggest that management under a common property ...

  3. Free Movement between Ireland and the UK: from the "common travel area" to The Common Travel Area

    OpenAIRE

    Meehan, Elizabeth

    2000-01-01

    Free Movement between Ireland and the UK: from the "common travel area" to The Common Travel Area is about Ireland's preservation of the Irish-British Common Travel Area through securing the same exemptions as those of the UK from the EU's abolition of internal border controls. It outlines the CTA's history of co-ordinated immigration policies, to safeguard free movement between the islands, and reciprocal rights which facilitate movement. It argues that Ireland's co-operation with the UK was...

  4. Personnel Security System using Bluetooth Low Energy (BLE) Tag

    OpenAIRE

    K.Gautham; G.Raghav; V. Krishnamurthy; N.R.Raajan

    2013-01-01

    One of the primary aspects of Personal security is through various user authentication techniques like biometrics, password, Smart Card, etc. We propose to design a personal security authentication system using the commonly available Bluetooth technology. The authentication is done on a fixed device, connected to the web and the identity is provided by a mobile device commonly carried by the person. Almost every cell phone has Bluetooth® transceiver for connecting to a wireless headset or to ...

  5. Relaxing Chosen-Ciphertext Security

    DEFF Research Database (Denmark)

    Canetti, Ran; Krawczyk, Hugo; Nielsen, Jesper Buus

    2003-01-01

    Security against adaptive chosen ciphertext attacks (or, CCA security) has been accepted as the standard requirement from encryption schemes that need to withstand active attacks. In particular, it is regarded as the appropriate security notion for encryption schemes used as components within...... general protocols and applications. Indeed, CCA security was shown to suffice in a large variety of contexts. However, CCA security often appears to be somewhat too strong: there exist encryption schemes (some of which come up naturally in practice) that are not CCA secure, but seem sufficiently secure...... “for most practical purposes.” We propose a relaxed variant of CCA security, called Replayable CCA (RCCA) security. RCCA security accepts as secure the non-CCA (yet arguably secure) schemes mentioned above; furthermore, it suffices for most existing applications of CCA security. We provide three...

  6. Security Embedding Codes

    CERN Document Server

    Ly, Hung D; Blankenship, Yufei

    2011-01-01

    This paper considers the problem of simultaneously communicating two messages, a high-security message and a low-security message, to a legitimate receiver, referred to as the security embedding problem. An information-theoretic formulation of the problem is presented. A coding scheme that combines rate splitting, superposition coding, nested binning and channel prefixing is considered and is shown to achieve the secrecy capacity region of the channel in several scenarios. Specifying these results to both scalar and independent parallel Gaussian channels (under an average individual per-subchannel power constraint), it is shown that the high-security message can be embedded into the low-security message at full rate (as if the low-security message does not exist) without incurring any loss on the overall rate of communication (as if both messages are low-security messages). Extensions to the wiretap channel II setting of Ozarow and Wyner are also considered, where it is shown that "perfect" security embedding...

  7. Security in the cloud.

    Science.gov (United States)

    Degaspari, John

    2011-08-01

    As more provider organizations look to the cloud computing model, they face a host of security-related questions. What are the appropriate applications for the cloud, what is the best cloud model, and what do they need to know to choose the best vendor? Hospital CIOs and security experts weigh in.

  8. Information security management principles

    CERN Document Server

    Taylor, Andy; Finch, Amanda; Sutton, David; Taylor, Andy

    2013-01-01

    In today's technology-driven environment, there is an ever-increasing demand for information delivery. A compromise has to be struck between security and availability. This book is a pragmatic guide to information assurance for both business professionals and technical experts. This second edition includes the security of cloud-based resources.

  9. Secure Dynamic Program Repartitioning

    DEFF Research Database (Denmark)

    Hansen, Rene Rydhoff; Probst, Christian

    2005-01-01

    Secure program partitioning has been introduced as a language-based technique to allow the distribution of data and computation across mutualy untrusted hosts, while at the same time guaranteeing the protection of confidential data. Programs that have been annotated with security types...

  10. Google - Security Testing Tool

    OpenAIRE

    Staykov, Georgi

    2007-01-01

    Using Google as a security testing tool, basic and advanced search techniques using advanced google search operators. Examples of obtaining control over security cameras, VoIP systems, web servers and collecting valuable information as: Credit card details, cvv codes – only using Google.

  11. Nuclear Security Culture Practice

    International Nuclear Information System (INIS)

    Both the human factor and security culture are critical components in ensuring the security of nuclear facilities, infrastructure and transport – their importance cannot be overestimated. To reflect that, the IAEA and international experts have developed the concept of nuclear security culture and its implementing guide, which was published by the IAEA in 2008 under the Nuclear Security Series No. 7. The importance of nuclear security culture has also been recognized by the two nuclear security summits in 2010 and 2012, and included in the final communique and summit recommendations as one of the most important factors. As the next step in promoting and improving nuclear security culture, the IAEA has been working with a group of international experts to develop and implement a robust methodology for self-assessment at nuclear facilities to provide national authorities and facility management with benchmark information on the status of nuclear security culture, and later for the development of a set of measures to fill the identified gaps. The methodology is currently in the final stages of development, and will be brought for IAEA member state review and finalization

  12. INDECT Advanced Security Requirements

    CERN Document Server

    Uruena, Manuel; Martinez, Maria; Niemiec, Marcin; Stoianov, Nikolai

    2010-01-01

    This paper reviews the requirements for the security mechanisms that are currently being developed in the framework of the European research project INDECT. An overview of features for integrated technologies such as Virtual Private Networks (VPNs), Cryptographic Algorithms, Quantum Cryptography, Federated ID Management and Secure Mobile Ad-hoc networking are described together with their expected use in INDECT.

  13. Energy systems security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Energy Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to electricity transmission grids and their protection, risk assessment of energy systems, analysis of interdependent energy networks. Methods to manage electricity transmission disturbances so as to avoid blackouts are discussed, and self-healing energy system and a nano-enabled power source are presented.

  14. Network Security Is Manageable

    Science.gov (United States)

    Roberts, Gary

    2006-01-01

    An effective systems librarian must understand security vulnerabilities and be proactive in preventing problems. Specifics of future attacks or security challenges cannot possibly be anticipated, but this paper suggests some simple measures that can be taken to make attacks less likely to occur: program the operating system to get automatic…

  15. VMware view security essentials

    CERN Document Server

    Langenhan, Daniel

    2013-01-01

    A practical and fast-paced guide that gives you all the information you need to secure your virtual environment.This book is a ""how-to"" for the novice, a ""reference guide"" for the advanced user, and a ""go to"" for the experienced user in all the aspects of VMware View desktop virtualization security.

  16. Hydrological extremes and security

    Science.gov (United States)

    Kundzewicz, Z. W.; Matczak, P.

    2015-04-01

    Economic losses caused by hydrological extremes - floods and droughts - have been on the rise. Hydrological extremes jeopardize human security and impact on societal livelihood and welfare. Security can be generally understood as freedom from threat and the ability of societies to maintain their independent identity and their functional integrity against forces of change. Several dimensions of security are reviewed in the context of hydrological extremes. The traditional interpretation of security, focused on the state military capabilities, has been replaced by a wider understanding, including economic, societal and environmental aspects that get increasing attention. Floods and droughts pose a burden and serious challenges to the state that is responsible for sustaining economic development, and societal and environmental security. The latter can be regarded as the maintenance of ecosystem services, on which a society depends. An important part of it is water security, which can be defined as the availability of an adequate quantity and quality of water for health, livelihoods, ecosystems and production, coupled with an acceptable level of water-related risks to people, environments and economies. Security concerns arise because, over large areas, hydrological extremes - floods and droughts - are becoming more frequent and more severe. In terms of dealing with water-related risks, climate change can increase uncertainties, which makes the state's task to deliver security more difficult and more expensive. However, changes in population size and development, and level of protection, drive exposure to hydrological hazards.

  17. Human factors in network security

    OpenAIRE

    Jones, Francis B.

    1991-01-01

    Human factors, such as ethics and education, are important factors in network information security. This thesis determines which human factors have significant influence on network security. Those factors are examined in relation to current security devices and procedures. Methods are introduced to evaluate security effectiveness by incorporating the appropriate human factors into network security controls

  18. Natural gas and energy security

    Energy Technology Data Exchange (ETDEWEB)

    Saga, B.P.

    1996-12-31

    This paper relates to energy security by natural gas supply seen in an International Energy Agency perspective. Topics are: Security of supply, what is it; the role gas on the European energy scene; short term security of supply; long term security of supply; future structural and regulatory developments and possible implications for security of supply. 6 figs.

  19. European [Security] Union

    DEFF Research Database (Denmark)

    Manners, Ian James

    2013-01-01

    policies involved the navigation and negotiation of security, borders and governance in and by the European Union (EU). This article analyses these practices of bordering and governance through a five-fold security framework. The article argues that a richer understanding of EU security discourses can be...... achieved through bringing the five dimensions to the analysis and using them to study both the interlinking and the interweaving of security, bordering and governance. Overall, the analysis presented here suggests that the five dimensions of broadening, deepening, thickening, practice and being can all...... contribute to a more expansive understanding of how EU security in the 2000s has been related to bordering and governance processes, and how these have been increasingly interwoven within the EU....

  20. Unconditionally Secure Protocols

    DEFF Research Database (Denmark)

    Meldgaard, Sigurd Torkel

    they are used to speed up secure computation. An Oblivious RAM is a construction for a client with a small $O(1)$ internal memory to store $N$ pieces of data on a server while revealing nothing more than the size of the memory $N$, and the number of accesses. This specifically includes hiding the access pattern......This thesis contains research on the theory of secure multi-party computation (MPC). Especially information theoretically (as opposed to computationally) secure protocols. It contains results from two main lines of work. One line on Information Theoretically Secure Oblivious RAMS, and how....... We construct an oblivious RAM that hides the client's access pattern with information theoretic security with an amortized $\\log^3 N$ query overhead. And how to employ a second server that is guaranteed not to conspire with the first to improve the overhead to $\\log^2 N$, while also avoiding...

  1. International Nuclear Security

    Energy Technology Data Exchange (ETDEWEB)

    Doyle, James E. [Los Alamos National Laboratory

    2012-08-14

    This presentation discusses: (1) Definitions of international nuclear security; (2) What degree of security do we have now; (3) Limitations of a nuclear security strategy focused on national lock-downs of fissile materials and weapons; (4) What do current trends say about the future; and (5) How can nuclear security be strengthened? Nuclear security can be strengthened by: (1) More accurate baseline inventories; (2) Better physical protection, control and accounting; (3) Effective personnel reliability programs; (4) Minimize weapons-usable materials and consolidate to fewer locations; (5) Consider local threat environment when siting facilities; (6) Implement pledges made in the NSS process; and (7) More robust interdiction, emergency response and special operations capabilities. International cooperation is desirable, but not always possible.

  2. Moving towards Cloud Security

    Directory of Open Access Journals (Sweden)

    Edit Szilvia Rubóczki

    2015-01-01

    Full Text Available Cloud computing hosts and delivers many different services via Internet. There are a lot of reasons why people opt for using cloud resources. Cloud development is increasing fast while a lot of related services drop behind, for example the mass awareness of cloud security. However the new generation upload videos and pictures without reason to a cloud storage, but only few know about data privacy, data management and the proprietary of stored data in the cloud. In an enterprise environment the users have to know the rule of cloud usage, however they have little knowledge about traditional IT security. It is important to measure the level of their knowledge, and evolve the training system to develop the security awareness. The article proves the importance of suggesting new metrics and algorithms for measuring security awareness of corporate users and employees to include the requirements of emerging cloud security.

  3. Center for Homeland Defense and Security Homeland Security Affairs Journal

    OpenAIRE

    2015-01-01

    Homeland Security Affairs is the peer-reviewed online journal of the Center for Homeland Defense and Security (CHDS). The journal provides a forum to propose and debate strategies, policies and organizational arrangements to strengthen U.S. homeland security.

  4. It Security Issues Within the Video Game Industry

    OpenAIRE

    STEPHEN MOHR; SYED (SHAWON) RAHMAN,

    2011-01-01

    IT security issues are an important aspect for each and every organization within the video game industry. Within the video game industry alone, you might not normally think of security risks being an issue. But as we can and have seen in recent news, no company is immune to security risks no matter how big or how small. While each of these organizations will never be exactly the same as the next, there are common security issues that can and do affect each and every video game company. In or...

  5. Commonality based interoperability

    Science.gov (United States)

    Moulton, Christine L.; Hepp, Jared J.; Harrell, John

    2016-05-01

    What interoperability is and why the Army wants it between systems is easily understood. Enabling multiple systems to work together and share data across boundaries in a co-operative manner will benefit the warfighter by allowing for easy access to previously hard-to-reach capabilities. How to achieve interoperability is not as easy to understand due to the numerous different approaches that accomplish the goal. Commonality Based Interoperability (CBI) helps establish how to achieve the goal by extending the existing interoperability definition. CBI is not an implementation, nor is it an architecture; it is a definition of interoperability with a foundation of establishing commonality between systems.

  6. COMMON FISCAL POLICY

    Directory of Open Access Journals (Sweden)

    Gabriel Mursa

    2014-08-01

    Full Text Available The purpose of this article is to demonstrate that a common fiscal policy, designed to support the euro currency, has some significant drawbacks. The greatest danger is the possibility of leveling the tax burden in all countries. This leveling of the tax is to the disadvantage of countries in Eastern Europe, in principle, countries poorly endowed with capital, that use a lax fiscal policy (Romania, Bulgaria, etc. to attract foreign investment from rich countries of the European Union. In addition, common fiscal policy can lead to a higher degree of centralization of budgetary expenditures in the European Union.

  7. Optimisation and common sense

    International Nuclear Information System (INIS)

    This note builds on recent articles about the development of new ICRP recommendations by supporting the use of common sense in optimisation; use of an additional criterion relating to technology-based principles is suggested to support utility- and equity-based criteria. This is taken forward by use of authoritative good practice safety precautions and a need to consider safety in an integrated manner. It is noted that use of common sense in ALARP or ALARA decisions is liable to rely on access to information and training. (author)

  8. The European Union as a Security Actor: Moving Beyond the Second Pillar

    Directory of Open Access Journals (Sweden)

    Kamil Zwolski

    2009-04-01

    Full Text Available It is suggested in this article that there is a discrepancy between, on the one hand, literature that focuses on the European Union (EU as a security actor and, on the other, contemporary security studies literature. This difference concerns the fact that the literature on the EU as a security actor treats security in a narrower sense than how it is approached in the literature on security studies. Over the past few decades, security studies literature has begun to fully acknowledge that the concept of security has broadened beyond traditional ‘hard’ security concerns and can encompass many different issues, for example the security implications of climate change. However, the literature on the EU as a security actor very often associates security only with the second pillar of the EU’s organisational structure; in particular the intergovernmental cooperation embodied by the Common Foreign and Security Policy (CFSP and the European Security and Defence Policy (ESDP. The main purpose of this article is to utilise the broader security studies approach to security as a means to expand the understanding of security in the context of the EU’s performance on the international stage. This is important because it allows the Union’s �����actorness’ in the field of security to be examined in a more holistic manner.

  9. Energizing security: NATO’s quest for energy security

    OpenAIRE

    Schlag, Gabriele

    2011-01-01

    At least since the 1980s, a scholarly debate on the very meaning of security has structured the field of (Critical) Security Studies to a large extent (see Working Paper #1). Today, many new concept such as human security and societal security are prominent anchors in academic and political debates directing our attention to the non-military aspects of security, in particular to the manifold insecurities people (and not only the state) face. The call for energy security is one prominent examp...

  10. Generating WS-SecurityPolicy documents via security model transformation

    DEFF Research Database (Denmark)

    Jensen, Meiko

    2009-01-01

    When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriate...... security model definition and transformation approach, targeting the WS-SecurityPolicy and WS-BPEL specifications, in order to enable a Web-Service-based secure business process development....

  11. Security intelligence a practitioner's guide to solving enterprise security challenges

    CERN Document Server

    Li, Qing

    2015-01-01

    Identify, deploy, and secure your enterprise Security Intelligence, A Practitioner's Guide to Solving Enterprise Security Challenges is a handbook for security in modern times, against modern adversaries. As leaders in the design and creation of security products that are deployed globally across a range of industries and market sectors, authors Qing Li and Gregory Clark deliver unparalleled insight into the development of comprehensive and focused enterprise security solutions. They walk you through the process of translating your security goals into specific security technology domains, fo

  12. Is Context Common Ground?

    DEFF Research Database (Denmark)

    Østergaard, Jens Sand

    2012-01-01

    This article will explore the relation between the how’s and why’s of humour, by gradually moving from the contextual compositionality of conversational implication to a broadened perspective on the open- ended nature of conversation and the purpose humour serves in developing ‘common ground’....

  13. Common File Formats.

    Science.gov (United States)

    Mills, Lauren

    2014-03-21

    An overview of the many file formats commonly used in bioinformatics and genome sequence analysis is presented, including various data file formats, alignment file formats, and annotation file formats. Example workflows illustrate how some of the different file types are typically used.

  14. Sequential Common Agency

    NARCIS (Netherlands)

    Prat, A.; Rustichini, A.

    1998-01-01

    In a common agency game a set of principals promises monetary transfers to an agent which depend on the action he will take. The agent then chooses the action, and is paid the corresponding transfers. Principals announce their transfers simultaneously. This game has many equilibria; Bernheim and Whi

  15. Understanding and applying cryptography and data security

    CERN Document Server

    Elbirt, Adam J

    2009-01-01

    Introduction A Brief History of Cryptography and Data Security Cryptography and Data Security in the Modern World Existing Texts Book Organization Symmetric-Key Cryptography Cryptosystem Overview The Modulo Operator Greatest Common Divisor The Ring ZmHomework ProblemsSymmetric-Key Cryptography: Substitution Ciphers Basic Cryptanalysis Shift Ciphers Affine Ciphers Homework ProblemsSymmetric-Key Cryptography: Stream Ciphers Random Numbers The One-Time Pad Key Stream GeneratorsReal-World ApplicationsHomework ProblemsSymmetric-Key Cryptography: Block Ciphers The Data Encryption StandardThe Advance

  16. Emergence and proliferation of private security companies in El Salvador

    Directory of Open Access Journals (Sweden)

    Boris Saavedra

    2014-12-01

    Full Text Available El Salvador has been impacted by political instability and socioeconomic turmoil in a perfect environment for organized crime amidst the pacification and democratization of the country after a bloody internal conflict. This essay focuses on private security through a descriptive analysis of the factors that influence its development and implications for governance and governability in the country. Analysis of security as a common good, factors that influence the use of private security, and inter-institutional relations of private security and police require appropriate regulation in accordance with the factors mentioned above. When considering security as a common good, observance of fundamental rights is mandatory and forms the basis of legitimacy of government action.DOI: http://dx.doi.org/10.5377/rpsp.v4i2.1765

  17. Global nuclear security engagement

    International Nuclear Information System (INIS)

    Full text: The Nuclear Security Summits in Washington (2010) and Seoul (2012) were convened with the goal of reducing the threat of nuclear terrorism. These meetings have engaged States with established nuclear fuel cycle activities and encouraged their commitment to nuclear security. The participating States have reaffirmed that it is a fundamental responsibility of nations to maintain effective nuclear security in order to prevent unauthorized actors from acquiring nuclear materials. To that end, the participants have identified important areas for improvement and have committed to further progress. Yet, a broader message has emerged from the Summits: effective nuclear security requires both global and regional engagement. Universal commitment to domestic nuclear security is essential, if only because the peaceful use of nuclear energy remains a right of all States: Nations may someday adopt nuclear energy, even if they are not currently developing nuclear technology. However, the need for nuclear security extends beyond domestic power production. To harvest natural resources and to develop part of a nuclear fuel cycle, a State should embrace a nuclear security culture. Nuclear materials may be used to produce isotopes for medicine and industry. These materials are transported worldwide, potentially crossing a nation's borders or passing by its shores. Regrettably, measures to prevent the loss of control may not be sufficient against an adversary committed to using nuclear or other radioactive materials for malicious acts. Nuclear security extends beyond prevention measures, encompassing efforts to detect illicit activities and respond to nuclear emergencies. The Seoul Communique introduces the concept of a Global Nuclear Security Architecture, which includes multilateral instruments, national legislation, best practices, and review mechanisms to promote adoption of these components. Key multilateral instruments include the Convention on Physical Protection of

  18. Network Security Scanner

    Directory of Open Access Journals (Sweden)

    G. Murali

    2011-11-01

    Full Text Available Network Security Scanner (NSS is a tool that allows auditing and monitoring remote network computers for possible vulnerabilities, checks your network for all potential methods that a hacker might use to attack it. Network Security Scanner is a complete networking utilities package that includes a wide range of tools for network security auditing, vulnerability Auditing, scanning, monitoring and more. Network Security Scanner (NSS is an easy to use, intuitive network security scanner that can quickly scan and audit your network computers for vulnerabilities, exploits, and information enumerations. Vulnerability management is an on-going process that protects your valuable data and it is a key component of an effective information security strategy, which provides comprehensive, preemptive protection against threats to your enterprise security. N.S.S is built on an architecture that allows for high reliability and scalability that caters for both medium and large sized networks. NSS consists of six modules. They are Host Scanning, Port Scanning, Pinging, NSLookup, Vulnerability Auditing and Trace route. NSS also performs live host detection, operating system identification, SNMP Auditing. Finds rouge services and open TCP and UDP ports. The ability varies to perform scanning over the network identifying the live hosts and guess the operating system of the remote hosts and installed programs into the remote hosts. Apart identifying the live hosts we could map the ports and list the services which are running in the host.

  19. Medical Information Security

    Directory of Open Access Journals (Sweden)

    William C. Figg, Ph.D.

    2011-05-01

    Full Text Available Modern medicine is facing a complex environment, not from medical technology but rather government regulations and information vulnerability. HIPPA is the government’s attempt to protect patient’s information yet this only addresses traditional record handling. The main threat is from the evolving security issues. Many medical offices and facilities have multiple areas of information security concerns. Physical security is often weak, office personnel are not always aware of security needs and application security and transmission protocols are not consistently maintained. Health insurance needs and general financial opportunity has created an emerging market in medical identity theft. Medical offices have the perfect storm of information collection, personal, credit, banking, health, and insurance. Thieves have realized that medical facilities have as much economic value as banks and the security is much easier to crack. Mostly committed by insiders, medical identity theft is a well-hidden information crime. In spite of its covert nature, the catastrophic ramification to the victims is overt. This information crime involves stealing patients’ records to impersonate the patients in an effort of obtaining health care services or claiming Medicare on the patients’ behalf. Unlike financial identity theft, there is a lack of recourse for the victims to recover from damages. Medical identity theft undermines the quality of health care information systems and enervates the information security of electronic patient record.

  20. Secure Cloud Architecture

    Directory of Open Access Journals (Sweden)

    Kashif Munir

    2013-02-01

    Full Text Available Cloud computing is set of resources and services offered through the Internet. Cloud services are delivered from data centers located throughout the world. Cloud computing facilitates its consumers by providing virtual resources via internet. The biggest challenge in cloud computing is the security and privacy problems caused by its multi-tenancy nature and the outsourcing of infrastructure, sensitive data and critical applications. Enterprises are rapidly adopting cloud services for their businesses, measures need to be developed so that organizations can be assured of security in their businesses and can choose a suitable vendor for their computing needs. Cloud computing depends on the internet as a medium for users to access the required services at any time on pay-per-use pattern. However this technology is still in its initial stages of development, as it suffers from threats and vulnerabilities that prevent the users from trusting it. Various malicious activitiesfrom illegal users have threatened this technology such as data misuse, inflexible access control and limited monitoring. The occurrence of these threats may result into damaging or illegal access of critical and confidential data of users. In this paper we identify the most vulnerable security threats/attacks in cloud computing, which will enable both end users and vendors to know a bout the k ey security threats associated with cloud computing and propose relevant solution directives to strengthen security in the Cloud environment. We also propose secure cloud architecture for organizations to strengthen the security.

  1. Security Components of Globalization

    Directory of Open Access Journals (Sweden)

    Florin Iftode

    2015-05-01

    Full Text Available The objective of this paper is our intention to present what are the main connections between globalization and international security. In terms of global security we can perceive the globalization as a process by which global state is represented by the UN, with a single world system, represented by major security organizations and with global effects. We will present from the beginning the main theoretical aspects that define the phenomenon of globalization, and then our contribution in assessing the implications of this phenomenon on the regional and global security. The results of our research are materialized in the last part of the paper. They emphasize the personal assessments on how the phenomenon of globalization has direct effect on global security. When talking about government, we think of norms, rules and decisionmaking procedures in the management of international life. The value that we add to the new scientific interpretation of the definition of globalization is represented, primarily, by the valuable bibliographic used resources and the original approach on the concept that refers to the links between globalization and security. This article may be, at any time, a starting point in an interesting research direction in the field of global security.

  2. Public key infrastructure for DOE security research

    Energy Technology Data Exchange (ETDEWEB)

    Aiken, R.; Foster, I.; Johnston, W.E. [and others

    1997-06-01

    This document summarizes the Department of Energy`s Second Joint Energy Research/Defence Programs Security Research Workshop. The workshop, built on the results of the first Joint Workshop which reviewed security requirements represented in a range of mission-critical ER and DP applications, discussed commonalties and differences in ER/DP requirements and approaches, and identified an integrated common set of security research priorities. One significant conclusion of the first workshop was that progress in a broad spectrum of DOE-relevant security problems and applications could best be addressed through public-key cryptography based systems, and therefore depended upon the existence of a robust, broadly deployed public-key infrastructure. Hence, public-key infrastructure ({open_quotes}PKI{close_quotes}) was adopted as a primary focus for the second workshop. The Second Joint Workshop covered a range of DOE security research and deployment efforts, as well as summaries of the state of the art in various areas relating to public-key technologies. Key findings were that a broad range of DOE applications can benefit from security architectures and technologies built on a robust, flexible, widely deployed public-key infrastructure; that there exists a collection of specific requirements for missing or undeveloped PKI functionality, together with a preliminary assessment of how these requirements can be met; that, while commercial developments can be expected to provide many relevant security technologies, there are important capabilities that commercial developments will not address, due to the unique scale, performance, diversity, distributed nature, and sensitivity of DOE applications; that DOE should encourage and support research activities intended to increase understanding of security technology requirements, and to develop critical components not forthcoming from other sources in a timely manner.

  3. Secure Method Invocation in JASON

    OpenAIRE

    Brinkman, Richard; Hoepman, Jaap-Henk

    2002-01-01

    We describe the Secure Method Invocation (SMI) framework implemented for Jason, our Javacard As Secure Objects Networks platform. Jason realises the secure object store paradigm, that reconciles the card-as-storage-element and card-as-processing-element views. In this paradigm, smart cards are viewed as secure containers for objects, whose methods can be called straightforwardly and securely using SMI. Jason is currently being developed as a middleware layer that securely interconnects an arb...

  4. Agile IT Security Implementation Methodology

    CERN Document Server

    Laskowski, Jeff

    2011-01-01

    The book is a tutorial that goes from basic to professional level for Agile IT security. It begins by assuming little knowledge of agile security. Readers should hold a good knowledge of security methods and agile development. The book is targeted at IT security managers, directors, and architects. It is useful for anyone responsible for the deployment of IT security countermeasures. Security people with a strong knowledge of agile software development will find this book to be a good review of agile concepts.

  5. Security for multihop wireless networks

    CERN Document Server

    Khan, Shafiullah

    2014-01-01

    Security for Multihop Wireless Networks provides broad coverage of the security issues facing multihop wireless networks. Presenting the work of a different group of expert contributors in each chapter, it explores security in mobile ad hoc networks, wireless sensor networks, wireless mesh networks, and personal area networks.Detailing technologies and processes that can help you secure your wireless networks, the book covers cryptographic coprocessors, encryption, authentication, key management, attacks and countermeasures, secure routing, secure medium access control, intrusion detection, ep

  6. Smart grid security

    CERN Document Server

    Goel, Sanjay; Papakonstantinou, Vagelis; Kloza, Dariusz

    2015-01-01

    This book on smart grid security is meant for a broad audience from managers to technical experts. It highlights security challenges that are faced in the smart grid as we widely deploy it across the landscape. It starts with a brief overview of the smart grid and then discusses some of the reported attacks on the grid. It covers network threats, cyber physical threats, smart metering threats, as well as privacy issues in the smart grid. Along with the threats the book discusses the means to improve smart grid security and the standards that are emerging in the field. The second part of the b

  7. Web Security, Privacy & Commerce

    CERN Document Server

    Garfinkel, Simson

    2011-01-01

    Since the first edition of this classic reference was published, World Wide Web use has exploded and e-commerce has become a daily part of business and personal life. As Web use has grown, so have the threats to our security and privacy--from credit card fraud to routine invasions of privacy by marketers to web site defacements to attacks that shut down popular web sites. Web Security, Privacy & Commerce goes behind the headlines, examines the major security risks facing us today, and explains how we can minimize them. It describes risks for Windows and Unix, Microsoft Internet Exp

  8. Transmission grid security

    CERN Document Server

    Haarla, Liisa; Hirvonen, Ritva; Labeau, Pierre-Etienne

    2011-01-01

    In response to the growing importance of power system security and reliability, ""Transmission Grid Security"" proposes a systematic and probabilistic approach for transmission grid security analysis. The analysis presented uses probabilistic safety assessment (PSA) and takes into account the power system dynamics after severe faults. In the method shown in this book the power system states (stable, not stable, system breakdown, etc.) are connected with the substation reliability model. In this way it is possible to: estimate the system-wide consequences of grid faults; identify a chain of eve

  9. Shipment security update - 2003

    International Nuclear Information System (INIS)

    At the 2002 RERTR, NAC reported on the interim measures taken by the U.S. Nuclear Regulatory Commission to enhance the security afforded to shipments of spent nuclear fuel. Since that time, there have been a number of additional actions focused on shipment security including training programs sponsored by the U.S. Department of Transportation and the Electric Power Research Council, investigation by the Government Accounting Office, and individual measures taken by shippers and transportation agents. The paper will present a status update regarding this dynamic set of events and provide an objective assessment of the cost, schedule and technical implications of the changing security landscape. (author)

  10. Android Applications Security

    Directory of Open Access Journals (Sweden)

    Paul POCATILU

    2011-01-01

    Full Text Available The use of smartphones worldwide is growing very fast and also the malicious attacks have increased. The mobile security applications development keeps the pace with this trend. The paper presents the vulnerabilities of mobile applications. The Android applications and devices are analyzed through the security perspective. The usage of restricted API is also presented. The paper also focuses on how users can prevent these malicious attacks and propose some prevention measures, including the architecture of a mobile security system for Android devices.

  11. Privacy vs security

    CERN Document Server

    Stalla-Bourdillon, Sophie; Ryan, Mark D

    2014-01-01

    Securing privacy in the current environment is one of the great challenges of today's democracies. Privacy vs. Security explores the issues of privacy and security and their complicated interplay, from a legal and a technical point of view. Sophie Stalla-Bourdillon provides a thorough account of the legal underpinnings of the European approach to privacy and examines their implementation through privacy, data protection and data retention laws. Joshua Philips and Mark D. Ryan focus on the technological aspects of privacy, in particular, on today's attacks on privacy by the simple use of today'

  12. Computer Security Handbook

    CERN Document Server

    Bosworth, Seymour; Whyne, Eric

    2012-01-01

    The classic and authoritative reference in the field of computer security, now completely updated and revised With the continued presence of large-scale computers; the proliferation of desktop, laptop, and handheld computers; and the vast international networks that interconnect them, the nature and extent of threats to computer security have grown enormously. Now in its fifth edition, Computer Security Handbook continues to provide authoritative guidance to identify and to eliminate these threats where possible, as well as to lessen any losses attributable to them. With seventy-seven chapter

  13. Wi-Fi Security

    OpenAIRE

    Vlach, Lukáš

    2011-01-01

    The thesis is focused on the problem of wireless networking and its security. The thesis is divided into two main parts, both parts builds on the bachelor thesis and some of its chapters are further extended and complemented by the issue. The theoretical part deals with the standards of IEEE organization and security policy of Wi-Fi networks with a focus on the distribution of wireless networks and its security. The practical part is focused on the survey of the Wi-Fi safety in selected...

  14. 75 FR 13258 - Announcing a Meeting of the Information Security and Privacy Advisory Board

    Science.gov (United States)

    2010-03-19

    ... --Health IT --OpenID --Pending Cyber Security Legislation --NIST Issues--research, key escrow, SCAP, common... National Institute of Standards and Technology Announcing a Meeting of the Information Security and Privacy... Security and Privacy Advisory Board (ISPAB) will meet Wednesday, April 7, 2010, from 9 a.m. until 5...

  15. Refined Method for Choosing a Security Solution for Mobile Application – Web Service Interactions

    OpenAIRE

    Silvia Trif; Adrian Visoiu

    2011-01-01

    This paper aims to present a refined algorithm for choosing the appropriate security implementation for mobile applications connecting to web services. Common security scenarios are presented. Each scenario has several characteristics associated. The correlations between these security scenarios characteristics are computed and selected only the characteristics that are less correlated. The proposed algorithm inventories the available scenarios, inventories the requirements and selects the se...

  16. Explanation and trust: what to tell the user in security and AI?

    NARCIS (Netherlands)

    Pieters, Wolter

    2010-01-01

    There is a common problem in artificial intelligence (AI) and information security. In AI, an expert system needs to be able to justify and explain a decision to the user. In information security, experts need to be able to explain to the public why a system is secure. In both cases, the goal of exp

  17. Accessing a Network using a Secure Android Application

    Directory of Open Access Journals (Sweden)

    Padmalatha Ragunathan

    2012-07-01

    Full Text Available Security plays a vital role in today’s mobile world. There are security issues like sniffing of data while accessing information through open channel. Proper security measures can help to deal with the common security threats faced by mobile phone users such as data protection, privacy, application and personal information security. Cryptographic techniques play an important role in protecting communication links and data, since access to data can be limited to those who hold the proper key. This paper discusses a method to securely access information in a network by an android mobile application using AES cryptographic technique. The paper describes a new key sharing algorithm, based on the symmetric key management, for faster and efficient encryption of data that is suitable for use in a mobile device.

  18. Smart Security Management in Secure Devices

    OpenAIRE

    Robisson, Bruno; Agoyan, Michel; Soquet, Patrick; Le Henaff, Sébastien; Wajsbürt, Franck; Bazargan-Sabet, Pirouz; Phan, Guillaume

    2015-01-01

    International audience Among other threats, secure components are subjected tophysical attacks whose aim is to recover the secret information theystore. Most of the work carried out to protect these components generally consists in developing protections (or countermeasures) taken one byone. But this “countermeasure-centered” approach drastically decreasesthe performance of the chip in terms of power, speed and availability.In order to overcome this limitation, we propose a complementary a...

  19. Tele-Lab IT-Security: an Architecture for an online virtual IT Security Lab

    Directory of Open Access Journals (Sweden)

    Christoph Meinel

    2008-05-01

    Full Text Available Recently, Awareness Creation in terms of IT security has become a big thing – not only for enterprises. Campaigns for pupils try to highlight the importance of IT security even in the user’s early years. Common practices in security education – as seen in computer science courses at universities – mainly consist of literature and lecturing. In the best case, the teaching facility offers practical courses in a dedicated isolated computer lab. Additionally, there are some more or less interactive e-learning applications around. Most existing offers can do nothing more than impart theoretical knowledge or basic information. They all lack of possibilities to provide practical experience with security software or even hacker tools in a realistic environment. The only exceptions are the expensive and hard-to-maintain dedicated computer security labs. Those can only be provided by very few organizations. Tele-Lab IT-Security was designed to offer hands-on experience exercises in IT security without the need of additional hardware or maintenance expenses. The existing implementation of Tele-Lab even provides access to the learning environment over the Internet – and thus can be used anytime and anywhere. The present paper describes the extended architecture on which the current version of the Tele-Lab server is built.

  20. To The Question Of The Concepts "National Security", "Information Security", "National Information Security" Meanings

    OpenAIRE

    Alexander A. Galushkin

    2015-01-01

    In the present article author analyzes value of the concepts "national security", "information security", "national information security". Author gives opinions of scientists-jurists, definitions given by legislators and normotvorets in various regulations.

  1. Commonly missed orthopedic problems.

    Science.gov (United States)

    Ballas, M T; Tytko, J; Mannarino, F

    1998-01-15

    When not diagnosed early and managed appropriately, common musculoskeletal injuries may result in long-term disabling conditions. Anterior cruciate ligament tears are some of the most common knee ligament injuries. Slipped capital femoral epiphysis may present with little or no hip pain, and subtle or absent physical and radiographic findings. Femoral neck stress fractures, if left untreated, may result in avascular necrosis, refractures and pseudoarthrosis. A delay in diagnosis of scaphoid fractures may cause early wrist arthrosis if nonunion results. Ulnar collateral ligament tears are a frequently overlooked injury in skiers. The diagnosis of Achilles tendon rupture is missed as often as 25 percent of the time. Posterior tibial tendon tears may result in fixed bony planus if diagnosis is delayed, necessitating hindfoot fusion rather than simple soft tissue repair. Family physicians should be familiar with the initial assessment of these conditions and, when appropriate, refer patients promptly to an orthopedic surgeon. PMID:9456991

  2. Common tester platform concept.

    Energy Technology Data Exchange (ETDEWEB)

    Hurst, Michael James

    2008-05-01

    This report summarizes the results of a case study on the doctrine of a common tester platform, a concept of a standardized platform that can be applicable across the broad spectrum of testing requirements throughout the various stages of a weapons program, as well as across the various weapons programs. The common tester concept strives to define an affordable, next-generation design that will meet testing requirements with the flexibility to grow and expand; supporting the initial development stages of a weapons program through to the final production and surveillance stages. This report discusses a concept investing key leveraging technologies and operational concepts combined with prototype tester-development experiences and practical lessons learned gleaned from past weapons programs.

  3. Jakarta Commons Validator

    Institute of Scientific and Technical Information of China (English)

    刘兵

    2004-01-01

    本文介绍Jakarta Commons Validator的概念,优点,安装以及配置,最后结合一个具体的示例介绍怎样定义校验规则,怎样实现校验规则,以及怎样应用在实际的系统中。

  4. Ethnoscience: examining common sense.

    OpenAIRE

    Nuti, M.

    2003-01-01

    In this thesis I trace ideas about naturalistic inquiry into commonsense understanding through Chomsky's work. I argue that the resulting picture significantly illuminates both the nature of `common sense' and existing interdisciplinary debates surrounding it. Specifically, I claim that progress in investigating the nature of humans' commonsense understanding of psychology (folk psychology) has been hampered by the same kind of methodological dualism which for so long haunted s...

  5. Common sense codified

    CERN Multimedia

    CERN Bulletin

    2010-01-01

    At CERN, people of more than a hundred different nationalities and hundreds of different professions work together towards a common goal. The new Code of Conduct is a tool that has been designed to help us keep our workplace pleasant and productive through common standards of behaviour. Its basic principle is mutual respect and common sense. This is only natural, but not trivial…  The Director-General announced it in his speech at the beginning of the year, and the Bulletin wrote about it immediately afterwards. "It" is the new Code of Conduct, the document that lists our Organization's values and describes the basic standards of behaviour that we should both adopt and expect from others. "The Code of Conduct is not going to establish new rights or new obligations," explains Anne-Sylvie Catherin, Head of the Human Resources Department (HR). But what it will do is provide a framework for our existing rights and obligations." The aim of a co...

  6. 'Historicising common sense'.

    Science.gov (United States)

    Millstone, Noah

    2012-12-01

    This essay is an expanded set of comments on the social psychology papers written for the special issue on History and Social Psychology. It considers what social psychology, and particularly the theory of social representations, might offer historians working on similar problems, and what historical methods might offer social psychology. The social history of thinking has been a major theme in twentieth and twenty-first century historical writing, represented most recently by the genre of 'cultural history'. Cultural history and the theory of social representations have common ancestors in early twentieth-century social science. Nevertheless, the two lines of research have developed in different ways and are better seen as complementary than similar. The theory of social representations usefully foregrounds issues, like social division and change over time, that cultural history relegates to the background. But for historians, the theory of social representations seems oddly fixated on comparing the thought styles associated with positivist science and 'common sense'. Using historical analysis, this essay tries to dissect the core opposition 'science : common sense' and argues for a more flexible approach to comparing modes of thought.

  7. Social Security Umbrella Expanded

    Institute of Scientific and Technical Information of China (English)

    2009-01-01

    The government issues a draft law to improve the country’s social security system Zhao Yanfang, 25, is an engineer at a designing institute in Beijing.After she graduated from a university in Jiangsu Province in 2005,

  8. SECURITY MECHANISM FOR MANETS

    Directory of Open Access Journals (Sweden)

    YASIR ABDELGADIR MOHAMED

    2009-06-01

    Full Text Available Be short of well-defined networks boundaries, shared medium, collaborative services, and dynamic nature, all are representing some of the key characteristics that distinguish mobile ad hoc networks from the conventional ones. Besides, each node is a possible part of the essential support infrastructure, cooperate with each other to make basic communication services available. Forwarding packets or participating in routing process, either of each can directly affect the network security state. Nevertheless, ad hoc networks are suspectable to the same vulnerabilities and prone to the same types of failures as conventional networks. Even though immune-inspired approaches aren’t essentially new to the research domain, the percentage of applying immune features in solving security problems fluctuates. In this paper, security approach based on both immunity and multi-agent paradigm is presented. Distributability, second response, and self recovery, are the hallmarks of the proposed security model which put a consideration on high nodes mobility.

  9. Media and Security Team

    Data.gov (United States)

    Federal Laboratory Consortium — The Media And Security Team led by Prof. Min Wu was established in Fall 2001 at University of Maryland, College Park. A number of research and education activities...

  10. Gaming security by obscurity

    CERN Document Server

    Pavlovic, Dusko

    2011-01-01

    Shannon sought security against the attacker with unlimited computational powers: *if an information source conveys some information, then Shannon's attacker will surely extract that information*. Diffie and Hellman refined Shannon's attacker model by taking into account the fact that the real attackers are computationally limited. This idea became one of the greatest new paradigms in computer science, and led to modern cryptography. Shannon also sought security against the attacker with unlimited logical and observational powers, expressed through the maxim that "the enemy knows the system". This view is still endorsed in cryptography. The popular formulation, going back to Kerckhoffs, is that "there is no security by obscurity", meaning that the algorithms cannot be kept obscured from the attacker, and that security should only rely upon the secret keys. In fact, modern cryptography goes even further than Shannon or Kerckhoffs in tacitly assuming that *if there is an algorithm that can break the system, the...

  11. NGO field security

    Directory of Open Access Journals (Sweden)

    Randolph Martin

    1999-04-01

    Full Text Available In an environment of increased exposure, deterioration in the rules of war and loss of perceived neutrality, the community of NGOs operating incomplex emergencies is facing significantly increased risks to staff safety and security.

  12. VMware vsphere security cookbook

    CERN Document Server

    Greer, Mike

    2014-01-01

    This book is intended for virtualization professionals who are experienced with the setup and configuration of VMware vSphere, but didn't get the opportunity to learn how to secure the environment properly.

  13. Cognitive Computing for Security.

    Energy Technology Data Exchange (ETDEWEB)

    Debenedictis, Erik [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Rothganger, Fredrick [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Aimone, James Bradley [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Marinella, Matthew [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Evans, Brian Robert [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Warrender, Christina E. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Mickel, Patrick [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2015-12-01

    Final report for Cognitive Computing for Security LDRD 165613. It reports on the development of hybrid of general purpose/ne uromorphic computer architecture, with an emphasis on potential implementation with memristors.

  14. Banking Software Applications Security

    Directory of Open Access Journals (Sweden)

    Ioan Alexandru Bubu

    2015-03-01

    Full Text Available Computer software products are among the most complex artifacts, if not the most complex artifacts mankind has created. Securing those artifacts against intelligent attackers who try to exploit flaws in software design and construct is a great challenge too.The purpose of this paper is to introduce a secure alternative to banking software applications that are currently in use. This new application aims to cover most of the well-known vulnerabilities that plague the majority of current software.First we will take a quick look at current security methods that are in use, and a few known vulnerabilities. After this, we will discuss the security measures implemented in my application, and finally, we will the results of implementing them.

  15. Railway infrastructure security

    CERN Document Server

    Sforza, Antonio; Vittorini, Valeria; Pragliola, Concetta

    2015-01-01

    This comprehensive monograph addresses crucial issues in the protection of railway systems, with the objective of enhancing the understanding of railway infrastructure security. Based on analyses by academics, technology providers, and railway operators, it explains how to assess terrorist and criminal threats, design countermeasures, and implement effective security strategies. In so doing, it draws upon a range of experiences from different countries in Europe and beyond. The book is the first to be devoted entirely to this subject. It will serve as a timely reminder of the attractiveness of the railway infrastructure system as a target for criminals and terrorists and, more importantly, as a valuable resource for stakeholders and professionals in the railway security field aiming to develop effective security based on a mix of methodological, technological, and organizational tools. Besides researchers and decision makers in the field, the book will appeal to students interested in critical infrastructur...

  16. Data Security : An Analysis

    Directory of Open Access Journals (Sweden)

    Dr.S.B.Thorat

    2010-07-01

    Full Text Available There is intense of cyber attach through electronic media, so it calls for data security practice. Internet technology becomes very pervasive to exchange data through online. Various Government and private sectors mostly depends on Information Technology and facing problem of security breach. The precious thing on internet is the data. This data need to be protected from any damage and errors. The first step in protecting yourself is to recognize the risks and become familiar with some of the terminology associated with them. There are many way to protect from the cyber space. The data can be protected using various techniques such as Anti-viruses, antimalware,spyware, encryption, access control, physical security, keep backup of data regularly, and good security habit.

  17. A Secure Electronic Transaction Payment Protocol Design and Implementation

    Directory of Open Access Journals (Sweden)

    Houssam El Ismaili

    2014-06-01

    Full Text Available Electronic payment is the very important step of the electronic business system, and its security must be ensured. SSL/TLS and SET are two widely discussed means of securing online credit card payments. Because of implementation issues, SET has not really been adopted by e-commerce participants, whereas, despite the fact that it does not address all security issues, SSL/TLS is commonly used for Internet e-commerce security. The three-domain (3D security schemes, including 3-D Secure and 3D SET have recently been proposed as ways of improving ecommerce transaction security. Based on our research about SSL, SET, 3D security schemes and the requirements of electronic payment, we designed a secure and efficient E-Payment protocol. The new protocol offers an extra layer of protection for cardholders and merchants. Customers are asked to enter an additional password after checkout completion to verify they are truly the cardholder, the authentication is done directly between the cardholder and card issuer using the issuer security certificate and without involving the third party (Visa, MasterCard.

  18. Cities and human security

    OpenAIRE

    Szpak, Agnieszka

    2016-01-01

    Cities have been researched mostly in terms of their economic, technological, and social value and significance. Despite some changes in this respect there is still a need to research cities as a fascinating phenomenon, also in respect of its capabilities to increase human security on a local and global scale. The article examines the role of cities for human security in the selected and representative fields such as sustainable development, human rights and environmental protection which are...

  19. Evolving concepts of security

    OpenAIRE

    Jovanovic, Milos; Sweijs, Tim

    2015-01-01

    This volume looks into the challenges of formulating and implementing a comprehensive approach to security while taking into account the perceptions of variety of stakeholders. It includes studies on the Syrian asylum seekers in view of the concept of human security, CBRN crisis management frameworks, and national case studies on Bulgaria, Serbia, and Turkey. The volume reflects findings from the FP7 EvoCS project (link is external), as well as related contributions from researchers outside t...

  20. Security, insecurity and health

    OpenAIRE

    Coupland, Robin

    2007-01-01

    An examination of the nexus of security, insecurity and health shows that security is a prerequisite for health. The many and varied ways that armed violence — including threats of armed violence — can affect people’s health can be documented by formal studies; however, valuable data also exist in other reports, such as media reports. The health community needs to recognize that people’s insecurity is a massive global health issue. The foreign policies of donor governments should incorporate ...

  1. CLOUD COMPUTING SECURITY

    Directory of Open Access Journals (Sweden)

    DANISH JAMIL,

    2011-04-01

    Full Text Available It is no secret that cloud computing is becoming more and more popular today and is ever increasing inpopularity with large companies as they share valuable resources in a cost effective way. Due to this increasingdemand for more clouds there is an ever growing threat of security becoming a major issue. This paper shalllook at ways in which security threats can be a danger to cloud computing and how they can be avoided.

  2. Security in Internet

    Directory of Open Access Journals (Sweden)

    Felician ALECU

    2006-01-01

    Full Text Available A very good method that can be used to protect a private network is the implementation of a firewall between Internet and Intranet. This firewall will filter the packets that transit the network according with the security policy defined at the system level. The SSL protocol allows verifying the identity of a WEB server based on a digital certificate issued by a certification authority. Secure data transport over the Internet is done by using encryption methods.

  3. Lemnos Interoperable Security Program

    Energy Technology Data Exchange (ETDEWEB)

    Stewart, John [Tennessee Valley Authority, Knoxville, TN (United States); Halbgewachs, Ron [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Chavez, Adrian [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Smith, Rhett [Schweitzer Engineering Laboratories, Chattanooga, TN (United States); Teumim, David [Teumim Technical, Allentown, PA (United States)

    2012-01-31

    The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relating to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or tunnels , to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock

  4. Analysis of Docker Security

    OpenAIRE

    Bui, Thanh

    2015-01-01

    Over the last few years, the use of virtualization technologies has increased dramatically. This makes the demand for efficient and secure virtualization solutions become more obvious. Container-based virtualization and hypervisor-based virtualization are two main types of virtualization technologies that have emerged to the market. Of these two classes, container-based virtualization is able to provide a more lightweight and efficient virtual environment, but not without security concerns. I...

  5. Secure Fractal Image Coding

    OpenAIRE

    Lian, Shiguo

    2007-01-01

    In recent work, various fractal image coding methods are reported, which adopt the self-similarity of images to compress the size of images. However, till now, no solutions for the security of fractal encoded images have been provided. In this paper, a secure fractal image coding scheme is proposed and evaluated, which encrypts some of the fractal parameters during fractal encoding, and thus, produces the encrypted and encoded image. The encrypted image can only be recovered by the correct ke...

  6. Data port security lock

    Science.gov (United States)

    Quinby, Joseph D.; Hall, Clarence S.

    2008-06-24

    In a security apparatus for securing an electrical connector, a plug may be fitted for insertion into a connector receptacle compliant with a connector standard. The plug has at least one aperture adapted to engage at least one latch in the connector receptacle. An engagement member is adapted to partially extend through at least one aperture and lock to at least one structure within the connector receptacle.

  7. Towards Secure Distance Bounding

    OpenAIRE

    Boureanu, Ioana; Mitrokotsa, Aikaterini; Vaudenay, Serge

    2013-01-01

    Relay attacks (and, more generally, man-in-the-middle attacks) are a serious threat against many access control and payment schemes. In this work, we present distance-bounding protocols, how these can deter relay attacks, and the security models formalizing these protocols. We show several pitfalls making existing protocols insecure (or at least, vulnerable, in some cases). Then, we introduce the SKI protocol which enjoys resistance to all popular attack-models and features provable security....

  8. Securing Online Advertising

    OpenAIRE

    Vratonjic, Nevena; Freudiger, Julien; Felegyhazi, Mark; Hubaux, Jean-Pierre

    2008-01-01

    Online advertisement is a major source of revenues in the Internet. In this paper, we identify a number of vulnerabilities of current ad serving systems. We describe how an adversary can exploit these vulnerabilities to divert part of the ad revenue stream for its own benefit. We propose a scalable, secure ad serving scheme to fix this problem. We also explain why the deployment of this solution would benefit the Web browsing security in general.

  9. The common European flexicurity principles

    DEFF Research Database (Denmark)

    Mailand, Mikkel

    2010-01-01

    were instrumental in this regard. However, the critics succeeded in weakening the initially strong focus on the transition from job security to employment security and the divisions between insiders and outsiders in the labour market. In contrast to some decision-making on the European Employment...

  10. Secure Web Development Based on Vulnerabilities

    Directory of Open Access Journals (Sweden)

    Ms. Daljit Kaur Dr. Parminder Kaur

    2012-02-01

    Full Text Available This paper is an effort to develop secure web applications based on known vulnerabilities. It has been seen that in the rapid race of developing web applications in minimum time and budget, security is given least importance as consequence of which web applications are developed and hosted with number of vulnerabilities in them. And in this race, one thing is constant that attackers take advantage of weaknesses existing in technology for financial gain and theft of intellectual property. In this proposed method of secure web development, most common vulnerabilities and their occurrence in development process is discussed. Mapping vulnerabilities to the actions needed to take during development process may help developers to understand vulnerability and avoid vulnerabilities in application.

  11. Radiological Security: An Evolving Strategic Priority

    International Nuclear Information System (INIS)

    The theme of this conference is how we need to formulate shared, consensual strategies on radiological safety/security issues to maximize the protection of people and the environment. Within the context of this conference, the comparative significance of safety and security is to be discussed. What do these two concepts mean? How do they differ? The problem that appears within the area of safety and security is the inability of decision makers to define aims, objectives and policy, given that members have different interests, ideologies and visions of the world. The objective of strategy is to understand existing conflicts and define courses of action to solve them. A good strategy requires a clear and shared purpose, committed leadership executed by credible organizations and a fundamental communication mechanism that features a logical and consented common language which allows us to understand and make ourselves understood. (author)

  12. CHANGES IN THE SECURITY AGENDA: CRITICAL SECURITY STUDIES AND HUMAN SECURITY. THE CASE OF CHINA

    Directory of Open Access Journals (Sweden)

    Nguyen THI THUY HANG

    2012-06-01

    Full Text Available Since the end of the Cold War the meaning of security has fundamentally changed. Issues which are labeled as non-traditional security namely human development, economic crises, environmental degradation, natural disaster, poverty, epidemics… have become a crucial part of the security agenda. These changes have been intensified with the development of the two approaches: Critical Security Studies and Human Security. This article explores how the meaning of security has changed and how the boundaries between traditional and non-traditional security have become blurred. The case of China is taken as empirical evidence to support the assertion that security has evolved beyond its traditional focus on the state.

  13. [Food security in Mexico].

    Science.gov (United States)

    Urquía-Fernández, Nuria

    2014-01-01

    An overview of food security and nutrition in Mexico is presented, based on the analysis of the four pillars of food security: availability, access, utilization of food, and stability of the food supply. In addition, the two faces of malnutrition in Mexico were analyzed: obesity and undernourishment. Data were gathered from the food security indicators of the United Nations's Food and Agriculture Organization, from the Mexican Scale of Food Security, and from the National Health and Nutrition Survey. Mexico presents an index of availability of 3 145 kilocalories per person per day, one of the highest indexes in the world, including both food production and imports. In contrast, Mexico is affected by a double burden of malnutrition: whereas children under five present 14% of stunt, 30% of the adult population is obese. Also, more than 18% of the population cannot afford the basic food basket (food poverty). Using perception surveys, people reports important levels of food insecurity, which concentrates in seven states of the Mexican Federation. The production structure underlying these indicators shows a very heterogeneous landscape, which translates in to a low productivity growth across the last years. Food security being a multidimensional concept, to ensure food security for the Mexican population requires a revision and redesign of public productive and social policies, placing a particular focus on strengthening the mechanisms of institutional governance. PMID:25649459

  14. Security systems engineering overview

    International Nuclear Information System (INIS)

    Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at $70 billion in direct costs and up to $300 billion in indirect costs. Health insurance fraud alone is estimated to cost American businesses $100 billion. Theft, warranty fraud, and counterfeiting of computer hardware totaled $3 billion in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies (counterfeit currency, cellular phone billing, credit card fraud, health care fraud, passport, green cards, and questionable documents); industrial espionage detection and prevention (intellectual property, computer chips, etc.); and security barrier technology (creation of delay such as gates, vaults, etc.)

  15. Threats or threads: from usable security to secure experience

    DEFF Research Database (Denmark)

    Bødker, Susanne; Mathiasen, Niels Raabjerg

    2008-01-01

    mainly on adjusting user behavior to behave securely. With our background in newer HCI perspectives we address secure interaction from the perspective of security technology as experience. We analyze a number of collected user stories to understand what happens when everyday users encounter security...

  16. Security through obscurity: a review of a few of FreeBSD's lesser known security capabilities

    OpenAIRE

    Malone, David

    2005-01-01

    In this article I'm going to look at some less well known security features of FreeBSD. Some of these features are common to all the BSDs. Others are FreeBSD specific or have been extended in some way in FreeBSD. The features that I will be discussing are available in FreeBSD

  17. Three Perspectives on DSEEP and Security : Training Goals, Use Cases and the Selection of Security Measures

    NARCIS (Netherlands)

    Möller, B.; Croom-Johnson, S.; Huiskamp, W.

    2013-01-01

    As joint, combined and Civil-Military exercises are becoming increasingly common, the need for security in collective mission simulation is growing. SISO has developed the Distributed Simulation Engineering and Execution Process (DSEEP) standard that provides a recommended process for development, i

  18. Security patterns in practice designing secure architectures using software patterns

    CERN Document Server

    Fernandez-Buglioni, Eduardo

    2013-01-01

    Learn to combine security theory and code to produce secure systems Security is clearly a crucial issue to consider during the design and implementation of any distributed software architecture. Security patterns are increasingly being used by developers who take security into serious consideration from the creation of their work. Written by the authority on security patterns, this unique book examines the structure and purpose of security patterns, illustrating their use with the help of detailed implementation advice, numerous code samples, and descriptions in UML. Provides

  19. Database and applications security integrating information security and data management

    CERN Document Server

    Thuraisingham, Bhavani

    2005-01-01

    This is the first book to provide an in-depth coverage of all the developments, issues and challenges in secure databases and applications. It provides directions for data and application security, including securing emerging applications such as bioinformatics, stream information processing and peer-to-peer computing. Divided into eight sections, each of which focuses on a key concept of secure databases and applications, this book deals with all aspects of technology, including secure relational databases, inference problems, secure object databases, secure distributed databases and emerging

  20. Best Practices for the Security of Radioactive Materials

    International Nuclear Information System (INIS)

    This work is funded under a grant provided by the US Department of Health and Human Services, Centers for Disease Control. The Department of Health and Mental Hygiene (DOHMH) awarded a contract to Brookhaven National Laboratory (BNL) to develop best practices guidance for Office of Radiological Health (ORH) licensees to increase on-site security to deter and prevent theft of radioactive materials (RAM). The purpose of this document is to describe best practices available to manage the security of radioactive materials in medical centers, hospitals, and research facilities. There are thousands of such facilities in the United States, and recent studies suggest that these materials may be vulnerable to theft or sabotage. Their malevolent use in a radiological-dispersion device (RDD), viz., a dirty bomb, can have severe environmental- and economic- impacts, the associated area denial, and potentially large cleanup costs, as well as other effects on the licensees and the public. These issues are important to all Nuclear Regulatory Commission and Agreement State licensees, and to the general public. This document outlines approaches for the licensees possessing these materials to undertake security audits to identify vulnerabilities in how these materials are stored or used, and to describe best practices to upgrade or enhance their security. Best practices can be described as the most efficient (least amount of effort/cost) and effective (best results) way of accomplishing a task and meeting an objective, based on repeatable procedures that have proven themselves over time for many people and circumstances. Best practices within the security industry include information security, personnel security, administrative security, and physical security. Each discipline within the security industry has its own 'best practices' that have evolved over time into common ones. With respect to radiological devices and radioactive-materials security, industry best practices encompass

  1. Best Practices for the Security of Radioactive Materials

    Energy Technology Data Exchange (ETDEWEB)

    Coulter, D.T.; Musolino, S.

    2009-05-01

    This work is funded under a grant provided by the US Department of Health and Human Services, Centers for Disease Control. The Department of Health and Mental Hygiene (DOHMH) awarded a contract to Brookhaven National Laboratory (BNL) to develop best practices guidance for Office of Radiological Health (ORH) licensees to increase on-site security to deter and prevent theft of radioactive materials (RAM). The purpose of this document is to describe best practices available to manage the security of radioactive materials in medical centers, hospitals, and research facilities. There are thousands of such facilities in the United States, and recent studies suggest that these materials may be vulnerable to theft or sabotage. Their malevolent use in a radiological-dispersion device (RDD), viz., a dirty bomb, can have severe environmental- and economic- impacts, the associated area denial, and potentially large cleanup costs, as well as other effects on the licensees and the public. These issues are important to all Nuclear Regulatory Commission and Agreement State licensees, and to the general public. This document outlines approaches for the licensees possessing these materials to undertake security audits to identify vulnerabilities in how these materials are stored or used, and to describe best practices to upgrade or enhance their security. Best practices can be described as the most efficient (least amount of effort/cost) and effective (best results) way of accomplishing a task and meeting an objective, based on repeatable procedures that have proven themselves over time for many people and circumstances. Best practices within the security industry include information security, personnel security, administrative security, and physical security. Each discipline within the security industry has its own 'best practices' that have evolved over time into common ones. With respect to radiological devices and radioactive-materials security, industry best practices

  2. Austerity, Discipline and Social Security

    Directory of Open Access Journals (Sweden)

    Asja Hrvatin

    2013-03-01

    Full Text Available One of the manifestations of the global crisis of financial capitalism and the policies arising from it was the imposition of austerity measures, which not only resulted in privatization of the commons and general expropriation of the people, but also managed to introduce new mechanisms of discipline and punishment. Debt, being the fundament of relations in society, forced itself into the system of social security: new legislation, regulating welfare benefits, has now shifted to a method for the criminalization of poverty, deepening class differences and transforming social workers (and the system of social security as a whole into a moralizing, bureaucratic machine for disciplining the population. The new legislation also shows a lack of reflection on the changes that need to be made to the welfare state in order to create social services that meet the needs and desires of individuals. Instead of improvements that provide decent living conditions and a new system of social rights (to deal with the problems resulting from precarious working conditions, people are faced with depersonalization, humiliation and increased hate speech and other fascist practices. The effect of austerity measures on the social security system does not end with the devastation of service users’ lives and their communities, which are slowly becoming exhausted, individualized and devoid of solidarity. It also means a big step backwards for the core ethics and principles of social work. Social workers are increasingly alienated from their clients and the communities they live in. They function more in the service of the government and its policies rather than as advocates of people’s rights.

  3. English for common entrance

    CERN Document Server

    Kossuth, Kornel

    2013-01-01

    Succeed in the exam with this revision guide, designed specifically for the brand new Common Entrance English syllabus. It breaks down the content into manageable and straightforward chunks with easy-to-use, step-by-step instructions that should take away the fear of CE and guide you through all aspects of the exam. - Gives you step-by-step guidance on how to recognise various types of comprehension questions and answer them. - Shows you how to write creatively as well as for a purpose for the section B questions. - Reinforces and consolidates learning with tips, guidance and exercises through

  4. Common Influence Join

    DEFF Research Database (Denmark)

    Yiu, Man Lung; Mamoulis, Nikos; Karras, Panagiotis

    2008-01-01

    We identify and formalize a novel join operator for two spatial pointsets P and Q. The common influence join (CIJ) returns the pairs of points (p,q),p isin P,q isin Q, such that there exists a location in space, being closer to p than to any other point in P and at the same time closer to q than ......-demand, is very efficient in practice, incurring only slightly higher I/O cost than the theoretical lower bound cost for the problem....

  5. Roadmap on optical security

    Science.gov (United States)

    Javidi, Bahram; Carnicer, Artur; Yamaguchi, Masahiro; Nomura, Takanori; Pérez-Cabré, Elisabet; Millán, María S.; Nishchal, Naveen K.; Torroba, Roberto; Fredy Barrera, John; He, Wenqi; Peng, Xiang; Stern, Adrian; Rivenson, Yair; Alfalou, A.; Brosseau, C.; Guo, Changliang; Sheridan, John T.; Situ, Guohai; Naruse, Makoto; Matsumoto, Tsutomu; Juvells, Ignasi; Tajahuerce, Enrique; Lancis, Jesús; Chen, Wen; Chen, Xudong; Pinkse, Pepijn W. H.; Mosk, Allard P.; Markman, Adam

    2016-08-01

    Information security and authentication are important challenges facing society. Recent attacks by hackers on the databases of large commercial and financial companies have demonstrated that more research and development of advanced approaches are necessary to deny unauthorized access to critical data. Free space optical technology has been investigated by many researchers in information security, encryption, and authentication. The main motivation for using optics and photonics for information security is that optical waveforms possess many complex degrees of freedom such as amplitude, phase, polarization, large bandwidth, nonlinear transformations, quantum properties of photons, and multiplexing that can be combined in many ways to make information encryption more secure and more difficult to attack. This roadmap article presents an overview of the potential, recent advances, and challenges of optical security and encryption using free space optics. The roadmap on optical security is comprised of six categories that together include 16 short sections written by authors who have made relevant contributions in this field. The first category of this roadmap describes novel encryption approaches, including secure optical sensing which summarizes double random phase encryption applications and flaws [Yamaguchi], the digital holographic encryption in free space optical technique which describes encryption using multidimensional digital holography [Nomura], simultaneous encryption of multiple signals [Pérez-Cabré], asymmetric methods based on information truncation [Nishchal], and dynamic encryption of video sequences [Torroba]. Asymmetric and one-way cryptosystems are analyzed by Peng. The second category is on compression for encryption. In their respective contributions, Alfalou and Stern propose similar goals involving compressed data and compressive sensing encryption. The very important area of cryptanalysis is the topic of the third category with two sections

  6. Environmental Performance of East Asia Summit Countries from the Perspective of Energy Security

    OpenAIRE

    Masaru Nakano; Yudha Prambudia

    2012-01-01

    Energy security is an increasingly important issue for East Asia Summit (EAS) countries. The Cebu declaration on East Asia Energy Security provides a common ground towards improving energy security. However, EAS countries are in a different situation and face different challenges. This leads to varying policies in dealing with energy security. This study provides an analysis of future environmental performance of three EAS countries with distinct socioeconomic and energy conditions from an en...

  7. A Portable Computer Security Workshop

    Science.gov (United States)

    Wagner, Paul J.; Phillips, Andrew T.

    2006-01-01

    We have developed a computer security workshop designed to instruct post-secondary instructors who want to start a course or laboratory exercise sequence in computer security. This workshop has also been used to provide computer security education to IT professionals and students. It is effective in communicating basic computer security principles…

  8. Considerations for Cloud Security Operations

    OpenAIRE

    Cusick, James

    2016-01-01

    Information Security in Cloud Computing environments is explored. Cloud Computing is presented, security needs are discussed, and mitigation approaches are listed. Topics covered include Information Security, Cloud Computing, Private Cloud, Public Cloud, SaaS, PaaS, IaaS, ISO 27001, OWASP, Secure SDLC.

  9. Security Planning in IT Systems

    OpenAIRE

    Radu CONSTANTINESCU

    2006-01-01

    Security planning is a necessity nowadays. Planning involves policies, controls, timetable and a continuing attention. Policies are the foundation of effective information security. Security policies challenge users to change the way they think about their own responsibility for protecting corporate information. The paper presents the compulsive elements of security planning.

  10. Secure Sessions for Web Services

    NARCIS (Netherlands)

    Bhargavan, K.; Corin, R.J.; Fournet, C.; Gordon, A.D.; Reiter, M.

    2007-01-01

    We address the problem of securing sequences of SOAP messages exchanged between web services and their clients. The WS-Security standard defines basic mechanisms to secure SOAP traffic, one message at a time. For typical web services, however, using WS-Security independently for each message is rath

  11. Secure Sessions for Web Services

    NARCIS (Netherlands)

    Bhargavan, K.; Corin, R.J.; Fournet, C.; Gordon, A.D.

    2004-01-01

    WS-Security provides basic means to secure SOAP traffic, one envelope at a time. For typical web services, however, using WS-Security independently for each message is rather inefficient; besides, it is often important to secure the integrity of a whole session, as well as each message. To this end,

  12. Modified Small Business Network Security

    Directory of Open Access Journals (Sweden)

    Md. Belayet Ali

    2012-02-01

    Full Text Available This paper covers some likely threats and effectivesteps for a secure small business. It also involves a flowchart tocomprehend the overall small business network security easilyand we identify a set of security issues and applyappropriate techniques to satisfy the correspondingsecurity requirements. In respect of all, this document isstrong enough for any small business network security.

  13. Knowing What Others Know: Common Knowledge, Accounting, and Capital Markets

    OpenAIRE

    Shyam Sunder

    2001-01-01

    The concept of common knowledge concerning higher orders of knowledge has seen exciting new developments in the fields of philosophy, game theory, statistics, economics and cognitive science in the recent decades. Even though information lies at the heart of accounting and capital markets research, these new developments have remained at the periphery of these fields. Common knowledge thinking may significantly advance our understanding of financial reporting, analysis, securities valuation, ...

  14. COMMON SENSE BIBLICAL HERMENEUTICS

    Directory of Open Access Journals (Sweden)

    Michael B. Mangini

    2014-12-01

    Full Text Available Since the noetics of moderate realism provide a firm foundation upon which to build a hermeneutic of common sense, in the first part of his paper the author adopts Thomas Howe’s argument that the noetical aspect of moderate realism is a necessary condition for correct, universally valid biblical interpretation, but he adds, “insofar as it gives us hope in discovering the true meaning of a given passage.” In the second part, the author relies on John Deely’s work to show how semiotics may help interpreters go beyond meaning and seek the significance of the persons, places, events, ideas, etc., of which the meaning of the text has presented as objects to be interpreted. It is in significance that the unity of Scripture is found. The chief aim is what every passage of the Bible signifies. Considered as a genus, Scripture is composed of many parts/species that are ordered to a chief aim. This is the structure of common sense hermeneutics; therefore in the third part the author restates Peter Redpath’s exposition of Aristotle and St. Thomas’s ontology of the one and the many and analogously applies it to the question of how an exegete can discern the proper significance and faithfully interpret the word of God.

  15. True and common balsams

    Directory of Open Access Journals (Sweden)

    Dayana L. Custódio

    2012-12-01

    Full Text Available Balsams have been used since ancient times, due to their therapeutic and healing properties; in the perfume industry, they are used as fixatives, and in the cosmetics industry and in cookery, they are used as preservatives and aromatizers. They are generally defined as vegetable material with highly aromatic properties that supposedly have the ability to heal diseases, not only of the body, but also of the soul. When viewed according to this concept, many substances can be considered balsams. A more modern concept is based on its chemical composition and origin: a secretion or exudate of plants that contain cinnamic and benzoic acids, and their derivatives, in their composition. The most common naturally-occurring balsams (i.e. true balsams are the Benzoins, Liquid Storaque and the Balsams of Tolu and Peru. Many other aromatic exudates, such as Copaiba Oil and Canada Balsam, are wrongly called balsam. These usually belong to other classes of natural products, such as essential oils, resins and oleoresins. Despite the understanding of some plants, many plants are still called balsams. This article presents a chemical and pharmacological review of the most common balsams.

  16. Common pediatric epilepsy syndromes.

    Science.gov (United States)

    Park, Jun T; Shahid, Asim M; Jammoul, Adham

    2015-02-01

    Benign rolandic epilepsy (BRE), childhood idiopathic occipital epilepsy (CIOE), childhood absence epilepsy (CAE), and juvenile myoclonic epilepsy (JME) are some of the common epilepsy syndromes in the pediatric age group. Among the four, BRE is the most commonly encountered. BRE remits by age 16 years with many children requiring no treatment. Seizures in CAE also remit at the rate of approximately 80%; whereas, JME is considered a lifelong condition even with the use of antiepileptic drugs (AEDs). Neonates and infants may also present with seizures that are self-limited with no associated psychomotor disturbances. Benign familial neonatal convulsions caused by a channelopathy, and inherited in an autosomal dominant manner, have a favorable outcome with spontaneous resolution. Benign idiopathic neonatal seizures, also referred to as "fifth-day fits," are an example of another epilepsy syndrome in infants that carries a good prognosis. BRE, CIOE, benign familial neonatal convulsions, benign idiopathic neonatal seizures, and benign myoclonic epilepsy in infancy are characterized as "benign" idiopathic age-related epilepsies as they have favorable implications, no structural brain abnormality, are sensitive to AEDs, have a high remission rate, and have no associated psychomotor disturbances. However, sometimes selected patients may have associated comorbidities such as cognitive and language delay for which the term "benign" may not be appropriate.

  17. Black Sea Energy Security - Present and Future

    Directory of Open Access Journals (Sweden)

    Florinel Iftode

    2011-05-01

    Full Text Available We chose this theme to highlight the need for continuous and sustained human society to secure energy resources needed to survive, needs reflected in an increasingly in recent years in the strategies adopted at both states, as at the level of international organizations. Achieving security and stability in the wider Black Sea area has been among the priorities of each country's interests in this region. In this context, state and non-state actors were being called to come up with new solutions to achieve those interests. Certainly not in all cases the negotiations were completed or not yet found a generally accepted formula for others to apply, but most of them show off their values. The main environmental threats to security environment in the Black Sea region are represented by ethnic conflicts and territorial secessionism. A significant contribution to the security environment of the Black Sea region has the phenomenon of globalization, which in this region is manifested by a steady increase in traffic and volume of shipping passage of communication, which largely affects the security in the region. Globalization and the need for energy resources in the Black Sea was an important area not only as energy transport route, but as a potential supplier of material energy (oil and natural gas. Black Sea Basin can be stabilized and secured only by the will and input from all States and interested international organizations in pragmatic and effective institutional frameworks, meant to promote and protect the common interests of countries decided to participate in actions aimed at ensuring a stable environment security.

  18. Securing Web Services using Service Token Security

    Directory of Open Access Journals (Sweden)

    Stelian Dumitra

    2014-06-01

    Full Text Available Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 Web services are distributed components that enable interaction of software componentsacross organizational boundaries. The main advantages of web services are related to the flexibility and versatility: they support a variety of architectures and are independent of platforms and models. Also, they can expose valuable data, applications and systems of organizations to a variety of external threats. Securing web services is one of the most important topics related to them. This paper describes the core web services specifications, the top threats facing web services and the security fundamentals. At the end of the paper is presented a custom authentication and authorization model (brokered authentication to ensure a robust protection, a model that shows how to authenticate and authorize callers to perform operations and how to access resources. This model uses the following frameworks/standards: Windows Identity Foundation (WIF to apply the principles of claims-based identity, Windows Communication Foundation (WCF, to develop services/client services and integrate with WIF, and Service Token Security (STS, to issue security tokens.The conclusions and the future proposed developments are presented in the end of the paper. /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso

  19. Securing Sovereignty by Governing Security through Markets

    OpenAIRE

    Leander, Anna

    2008-01-01

    On September 16 2007 the employees of the U.S. security firm Blackwater became involved in a shooting incidence in the Nisour Square in Baghdad. They were escorting a U.S. State Department delegation, which according to the firm, came under attack. According to by-standers, the Blackwater employees opened fire unprovoked, shooting in all directions and seemingly at anyone moving, including those trying to flee or help those wounded. 17 Iraqis civilians died in the incidence and at least twice...

  20. CLOUD COMPUTING SECURITY THROUGH SYMMETRIC CIPHER MODEL

    Directory of Open Access Journals (Sweden)

    Subramanian Anbazhagan

    2014-10-01

    Full Text Available Cloud computing can be defined as an application and services which runs on distributed network using virtualized and it is accessed through internet protocols and networking. Cloud computing resources and virtual and limitless and information’s of the physical systems on which software running are abstracted from the user. Cloud Computing is a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or control over the technology infrastructure in the "cloud" that supports them. To satisfy the needs of the users the concept is to incorporate technologies which have the common theme of reliance on the internet Software and data are stored on the servers whereas cloud computing services are provided through applications online which can be accessed from web browsers. Lack of security and access control is the major drawback in the cloud computing as the users deal with sensitive data to public clouds .Multiple virtual machine in cloud can access insecure information flows as service provider; therefore to implement the cloud it is necessary to build security. Therefore the main aim of this paper is to provide cloud computing security through symmetric cipher model. This article proposes symmetric cipher model in order to implement cloud computing security so that data can accessed and stored securely.

  1. Nuclear Security on the Frontline

    International Nuclear Information System (INIS)

    Port Klang, on the Straits of Malacca outside Kuala Lumpur, the twelfth largest port in the world, handles over 18000 containers daily. Bustling around the clock, Port Klang is strategically located at a crossroads of trade routes in South East Asia and is a major trans- shipment hub for cargo moving from sea to land and air. Cargo of all types passes through Port Klang. All of these goods are carefully monitored by the national authorities to detect radioactive signatures. The diversity of products causes daily challenges for nuclear security. False alarms for radioactivity can be triggered by commonly traded goods, including building materials like sandstone, and cement, food stuffs like bananas and coffee, and household items like TVs and smoke detectors. However, similar cargo can also contain nuclear and other radioactive material that may be illegally trafficked through ports, which are a prime transport pathway used by smugglers to move such materials around the world. (author)

  2. Asset protection through security awareness

    CERN Document Server

    Speed, Tyler Justin

    2011-01-01

    Introduction: What Is Information Security? Creating a Culture of Security Awareness Protecting Corporate Assets Protective MeasuresA Culture of Security AwarenessRemaining DynamicOverview of Security Awareness Categories Overview Industry StandardsPrivacy ConcernsPassword Management Credit Card Compliance (PCI) General File ManagementExamples of Security Regulations and LawsWho Is an IS Professional?Introduction Empowering Security Professionals Top-Down ApproachDiplomacyThe People Portion of Information SecurityThe IS SpecialistDiplomacy-The IS Professional's Best FriendEnd Users Are Great N

  3. Security planning an applied approach

    CERN Document Server

    Lincke, Susan

    2015-01-01

    This book guides readers through building an IT security plan. Offering a template, it helps readers to prioritize risks, conform to regulation, plan their defense and secure proprietary/confidential information. The process is documented in the supplemental online security workbook. Security Planning is designed for the busy IT practitioner, who does not have time to become a security expert, but needs a security plan now. It also serves to educate the reader of a broader set of concepts related to the security environment through the Introductory Concepts and Advanced sections. The book serv

  4. Extended eTVRA vs. Security Checklist: Experiences in a Value-Web

    NARCIS (Netherlands)

    Morali, Ayse; Zambon, Emmanuele; Houmb, Siv Hilde; Sallhammar, Karin; Etalle, Sandro

    2008-01-01

    Security evaluation according to ISO 15408 (Common Criteria) is a resource and time demanding activity, as well as being costly. For this reason, only few companies take their products through a Common Criteria evaluation. To support security evaluation, the European Telecommunications Standards Ins

  5. IT Security Standards and Legal Metrology - Transfer and Validation

    Science.gov (United States)

    Thiel, F.; Hartmann, V.; Grottker, U.; Richter, D.

    2014-08-01

    Legal Metrology's requirements can be transferred into the IT security domain applying a generic set of standardized rules provided by the Common Criteria (ISO/IEC 15408). We will outline the transfer and cross validation of such an approach. As an example serves the integration of Legal Metrology's requirements into a recently developed Common Criteria based Protection Profile for a Smart Meter Gateway designed under the leadership of the Germany's Federal Office for Information Security. The requirements on utility meters laid down in the Measuring Instruments Directive (MID) are incorporated. A verification approach to check for meeting Legal Metrology's requirements by their interpretation through Common Criteria's generic requirements is also presented.

  6. Security Dynamics of Cloud Computing

    OpenAIRE

    Khaled M. Khan

    2009-01-01

    This paper explores various dimensions of cloud computing security. It argues that security concerns of cloud computing need to be addressed from the perspective of individual stakeholder. Security focuses of cloud computing are essentially different in terms of its characteristics and business model. Conventional way of viewing as well as addressing security such as ‘bolting-in’ on the top of cloud computing may not work well. The paper attempts to portray the security spectrum necessary for...

  7. VMware vCloud security

    CERN Document Server

    Sarkar, Prasenjit

    2013-01-01

    VMware vCloud Security provides the reader with in depth knowledge and practical exercises sufficient to implement a secured private cloud using VMware vCloud Director and vCloud Networking and Security.This book is primarily for technical professionals with system administration and security administration skills with significant VMware vCloud experience who want to learn about advanced concepts of vCloud security and compliance.

  8. Do job security guarantees work?

    OpenAIRE

    Bryson, Alex; Cappellari, Lorenzo; Lucifora, Claudio

    2004-01-01

    We investigate the effect of employer job security guarantees on employee perceptions of job security. Using linked employer-employee data from the 1998 British Workplace Employee Relations Survey, we find job security guarantees reduce employee perceptions of job insecurity. This finding is robust to endogenous selection of job security guarantees by employers engaging in organisational change and workforce reductions. Furthermore, there is no evidence that increased job security through job...

  9. Protecting intellectual property in space; Proceedings of the Aerospace Computer Security Conference, McLean, VA, March 20, 1985

    Science.gov (United States)

    1985-01-01

    The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.

  10. Telematics Based Security System

    Directory of Open Access Journals (Sweden)

    A.V.Prabu

    2011-05-01

    Full Text Available This paper describes a new way of providing security for objects; the object can either bea file or an automotive like car, etc. The method used for providing security to objects is by creating avirtual fence around the object in such a way that whenever the object is moved out of the fence it isconsidered as an event and the event is notified to the user. Encryption is one of the techniques forproviding security to objects, and the key used for encryption plays major role in providing security. Thispaper explains a new way of key generation which makes the file to be decrypted at the same location andby the same person (who knows the password where it is encrypted, and the decrypted file is deletedwhenever the fence is exited. This paper also explains a method for providing security to automobile bycreating a fence around the vehicle. The engine automatically locks whenever the fence is exited and whenthe vehicle is used by an unauthorized person.

  11. Security bingo for administrators

    CERN Multimedia

    Computer Security Team

    2011-01-01

    Have you ever thought about the security of your service(s) or system(s)? Show us and win one of three marvellous books on computer security! Just print out this page, mark which of the 25 good practices below you already follow, and send the sheet back to us at Computer.Security@cern.ch or P.O. Box G19710, by November 14th 2011.   Winners[1] must show us that they follow at least five good practices in a continuous horizontal row, vertical column or diagonal. For details on CERN Computer Security, please consult http://cern.ch/security. My service or system…   …is following a software development life-cycle. …is patched in an automatic and timely fashion. …runs a tightened local ingress/egress firewall. …uses CERN Single-Sign-On (SSO). …has physical access protections in place. …runs all processes / services / applications with least privileges. …has ...

  12. Energy and national security.

    Energy Technology Data Exchange (ETDEWEB)

    Karas, Thomas H.

    2003-09-01

    On May 19 and 20, 2003, thirty-some members of Sandia staff and management met to discuss the long-term connections between energy and national security. Three broad security topics were explored: I. Global and U.S. economic dependence on oil (and gas); II. Potential security implications of global climate change; and III. Vulnerabilities of the U.S. domestic energy infrastructure. This report, rather than being a transcript of the workshop, represents a synthesis of background information used in the workshop, ideas that emerged in the discussions, and ex post facto analysis of the discussions. Each of the three subjects discussed at this workshop has significant U.S. national security implications. Each has substantial technology components. Each appears a legitimate area of concern for a national security laboratory with relevant technology capabilities. For the laboratory to play a meaningful role in contributing to solutions to national problems such as these, it needs to understand the political, economic, and social environments in which it expects its work to be accepted and used. In addition, it should be noted that the problems of oil dependency and climate change are not amenable to solution by the policies of any one nation--even the one that is currently the largest single energy consumer. Therefore, views, concerns, policies, and plans of other countries will do much to determine which solutions might work and which might not.

  13. Indicators for energy security

    International Nuclear Information System (INIS)

    The concept of energy security is widely used, yet there is no consensus on its precise interpretation. In this research, we have provided an overview of available indicators for long-term security of supply (SOS). We distinguished four dimensions of energy security that relate to the availability, accessibility, affordability and acceptability of energy and classified indicators for energy security according to this taxonomy. There is no one ideal indicator, as the notion of energy security is highly context dependent. Rather, applying multiple indicators leads to a broader understanding. Incorporating these indicators in model-based scenario analysis showed accelerated depletion of currently known fossil resources due to increasing global demand. Coupled with increasing spatial discrepancy between consumption and production, international trade in energy carriers is projected to have increased by 142% in 2050 compared to 2008. Oil production is projected to become increasingly concentrated in a few countries up to 2030, after which production from other regions diversifies the market. Under stringent climate policies, this diversification may not occur due to reduced demand for oil. Possible benefits of climate policy include increased fuel diversity and slower depletion of fossil resources.

  14. Biological and Chemical Security

    Energy Technology Data Exchange (ETDEWEB)

    Fitch, P J

    2002-12-19

    The LLNL Chemical & Biological National Security Program (CBNP) provides science, technology and integrated systems for chemical and biological security. Our approach is to develop and field advanced strategies that dramatically improve the nation's capabilities to prevent, prepare for, detect, and respond to terrorist use of chemical or biological weapons. Recent events show the importance of civilian defense against terrorism. The 1995 nerve gas attack in Tokyo's subway served to catalyze and focus the early LLNL program on civilian counter terrorism. In the same year, LLNL began CBNP using Laboratory-Directed R&D investments and a focus on biodetection. The Nunn-Lugar-Domenici Defense Against Weapons of Mass Destruction Act, passed in 1996, initiated a number of U.S. nonproliferation and counter-terrorism programs including the DOE (now NNSA) Chemical and Biological Nonproliferation Program (also known as CBNP). In 2002, the Department of Homeland Security was formed. The NNSA CBNP and many of the LLNL CBNP activities are being transferred as the new Department becomes operational. LLNL has a long history in national security including nonproliferation of weapons of mass destruction. In biology, LLNL had a key role in starting and implementing the Human Genome Project and, more recently, the Microbial Genome Program. LLNL has over 1,000 scientists and engineers with relevant expertise in biology, chemistry, decontamination, instrumentation, microtechnologies, atmospheric modeling, and field experimentation. Over 150 LLNL scientists and engineers work full time on chemical and biological national security projects.

  15. Medical Information Security

    Directory of Open Access Journals (Sweden)

    William C. Figg, Ph.D.

    2011-05-01

    Full Text Available Modern medicine is facing a complex environment, not from medical technology but rather governmentregulations and information vulnerability. HIPPA is the government’s attempt to protect patient’sinformation yet this only addresses traditional record handling. The main threat is from the evolvingsecurity issues. Many medical offices and facilities have multiple areas of information security concerns.Physical security is often weak, office personnel are not always aware of security needs and applicationsecurity and transmission protocols are not consistently maintained.Health insurance needs and general financial opportunity has created an emerging market in medicalidentity theft. Medical offices have the perfect storm of information collection, personal, credit, banking,health, and insurance. Thieves have realized that medical facilities have as much economic value asbanks and the security is much easier to crack. Mostly committed by insiders, medical identity theft is awell-hidden information crime. In spite of its covert nature, the catastrophic ramification to the victims isovert. This information crime involves stealing patients’ records to impersonate the patients in an effort ofobtaining health care services or claiming Medicare on the patients’ behalf. Unlike financial identity theft,there is a lack of recourse for the victims to recover from damages. Medical identity theft undermines thequality of health care information systems and enervates the information security of electronic patientrecord.

  16. Common Ground and Delegation

    DEFF Research Database (Denmark)

    Dobrajska, Magdalena; Foss, Nicolai Juul; Lyngsie, Jacob

    preconditions of increasing delegation. We argue that key HR practices?namely, hiring, training and job-rotation?are associated with delegation of decision-making authority. These practices assist in the creation of shared knowledge conditions between managers and employees. In turn, such a ?common ground......Much recent research suggests that firms need to increase their level of delegation to better cope with, for example, the challenges introduced by dynamic rapid environments and the need to engage more with external knowledge sources. However, there is less insight into the organizational......? influences the confidence with which managers delegate decision authority to employees, as managers improve their knowledge of the educational background, firm-specific knowledge, and perhaps even the possible actions of those to whom they delegate such authority. To test these ideas, we match a large...

  17. Computer Security: professionalism in security, too

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    At CERN, we apply a great deal of dedication and professionalism to all the work we do. This is necessary because of the complexity and sophistication of the devices we deal with. However, when it comes to computer security, we can all agree that there is room for improvement.   In some cases, we’ve observed devices that are connected to our Intranet networks without the adequate level of protection. Also, in order to allow it to be disseminated easily with peers, information is often disclosed on public webpages, sometimes without appropriate consideration of important security-related aspects. Program code is lost due to a lack of proper version control or the use of central storage systems. Systems are brought down by “finger trouble”, confusing the right and wrong IP addresses. Software or system development is done directly on production devices, impinging on their proper operation up to the point where the system grinds to a halt. Applications full of useful fe...

  18. Maritime security laboratory for maritime security research

    Science.gov (United States)

    Bunin, Barry J.; Sutin, Alexander; Bruno, Michael S.

    2007-04-01

    Stevens Institute of Technology has established a new Maritime Security Laboratory (MSL) to facilitate advances in methods and technologies relevant to maritime security. MSL is designed to enable system-level experiments and data-driven modeling in the complex environment of an urban tidal estuary. The initial focus of the laboratory is on the threats posed by divers and small craft with hostile intent. The laboratory is, however, evolvable to future threats as yet unidentified. Initially, the laboratory utilizes acoustic, environmental, and video sensors deployed in and around the Hudson River estuary. Experimental data associated with boats and SCUBA divers are collected on a computer deployed on board a boat specifically designed and equipped for these experiments and are remotely transferred to a Visualization Center on campus. Early experiments utilizing this laboratory have gathered data to characterize the relevant parameters of the estuary, acoustic signals produced by divers, and water and air traffic. Hydrophones were deployed to collect data to enable the development of passive acoustic methodologies for maximizing SCUBA diver detection distance. Initial results involving characteristics of the estuary, acoustic signatures of divers, ambient acoustic noise in an urban estuary, and transmission loss of acoustic signals in a wide frequency band are presented. These results can also be used for the characterization of abnormal traffic and improvement of underwater communication in a shallow water estuary.

  19. Secure Key Exchange using Neural Network

    OpenAIRE

    Vineeta Soni

    2014-01-01

    Any cryptographic system is used to exchange confidential information securely over the public channel without any leakage of information to the unauthorized users. Neural networks can be used to generate a common secret key because the processes involve in Cryptographic system requires large computational power and very complex. Moreover Diffi hellman key exchange is suffered from man-in –the middle attack. For overcome this problem neural networks can be used.Two neural netwo...

  20. Food security and sustainable resource management

    OpenAIRE

    McLaughlin, Dennis; Kinzelbach, Wolfgang

    2015-01-01

    The projected growth in global food demand until mid-century will challenge our ability to continue recent increases in crop yield and will have a significant impact on natural resources. The water and land requirements of current agriculture are significantly less than global reserves but local shortages are common and have serious impacts on food security. Recent increases in global trade have mitigated some of the effects of spatial and temporal variability. However, trade has a limited im...

  1. BitTorrent's Mainline DHT Security Assessment

    OpenAIRE

    Timpanaro, Juan Pablo; Cholez, Thibault; Chrisment, Isabelle; Festor, Olivier

    2011-01-01

    BitTorrent is a widely deployed P2P file sharing protocol, extensively used to distribute digital content and software updates, among others. Recent actions against torrent and tracker repositories have fostered the move towards a fully distributed solution based on a distributed hash table to support both torrent search and tracker implementation. In this paper we present a security study of the main decentralized tracker in BitTorrent, commonly known as the Mainline DHT.We show that the lac...

  2. Does Financial Literacy Contribute to Food Security?

    Science.gov (United States)

    Carman, Katherine G.; Zamarro, Gema

    2016-01-01

    Food insecurity, not having consistent access to adequate food for active, healthy lives for all household members, is most common among low income households. However, income alone is not sufficient to explain who experiences food insecurity. This study investigates the relationship between financial literacy and food security. We find that low income households who exhibit financial literacy are less likely to experience food insecurity. PMID:26949563

  3. Design of secure operating systems with high security levels

    Institute of Scientific and Technical Information of China (English)

    QING SiHan; SHEN ChangXiang

    2007-01-01

    Numerous Internet security incidents have shown that support from secure operating systems is paramount to fighting threats posed by modern computing environments. Based on the requirements of the relevant national and international standards and criteria, in combination with our experience in the design and development of the ANSHENG v4.0 secure operating system with high security level (hereafter simply referred to as ANSHENG OS), this paper addresses the following key issues in the design of secure operating systems with high security levels: security architecture, security policy models, and covert channel analysis. The design principles of security architecture and three basic security models: confidentiality,integrity, and privilege control models are discussed, respectively. Three novel security models and new security architecture are proposed. The prominent features of these proposals, as well as their applications to the ANSHENG OS, are elaborated.Cover channel analysis (CCA) is a well-known hard problem in the design of secure operating systems with high security levels since to date it lacks a sound theoretical basis and systematic analysis approach. In order to resolve the fundamental difficulties of CCA, we have set up a sound theoretical basis for completeness of covert channel identification and have proposed a unified framework for covert channel identification and an efficient backward tracking search method. The successful application of our new proposals to the ANSHENG OS has shown that it can help ease and speedup the entire CCA process.

  4. Machine Learning for Security

    CERN Document Server

    CERN. Geneva

    2015-01-01

    Applied statistics, aka ‘Machine Learning’, offers a wealth of techniques for answering security questions. It’s a much hyped topic in the big data world, with many companies now providing machine learning as a service. This talk will demystify these techniques, explain the math, and demonstrate their application to security problems. The presentation will include how-to’s on classifying malware, looking into encrypted tunnels, and finding botnets in DNS data. About the speaker Josiah is a security researcher with HP TippingPoint DVLabs Research Group. He has over 15 years of professional software development experience. Josiah used to do AI, with work focused on graph theory, search, and deductive inference on large knowledge bases. As rules only get you so far, he moved from AI to using machine learning techniques identifying failure modes in email traffic. There followed digressions into clustered data storage and later integrated control systems. Current ...

  5. Unfalsifiability of security claims.

    Science.gov (United States)

    Herley, Cormac

    2016-06-01

    There is an inherent asymmetry in computer security: Things can be declared insecure by observation, but not the reverse. There is no observation that allows us to declare an arbitrary system or technique secure. We show that this implies that claims of necessary conditions for security (and sufficient conditions for insecurity) are unfalsifiable. This in turn implies an asymmetry in self-correction: Whereas the claim that countermeasures are sufficient is always subject to correction, the claim that they are necessary is not. Thus, the response to new information can only be to ratchet upward: Newly observed or speculated attack capabilities can argue a countermeasure in, but no possible observation argues one out. Further, when justifications are unfalsifiable, deciding the relative importance of defensive measures reduces to a subjective comparison of assumptions. Relying on such claims is the source of two problems: once we go wrong we stay wrong and errors accumulate, and we have no systematic way to rank or prioritize measures.

  6. Secure medical digital libraries.

    Science.gov (United States)

    Papadakis, I; Chrissikopoulos, V; Polemi, D

    2001-12-01

    In this paper, a secure medical digital library is presented. It is based on the CORBA specifications for distributed systems. The described approach relies on a three-tier architecture. Interaction between the medical digital library and its users is achieved through a Web server. The choice of employing Web technology for the dissemination of medical data has many advantages compared to older approaches, but also poses extra requirements that need to be fulfilled. Thus, special attention is paid to the distinguished nature of such medical data, whose integrity and confidentiality should be preserved at all costs. This is achieved through the employment of Trusted Third Parties (TTP) technology for the support of the required security services. Additionally, the proposed digital library employs smartcards for the management of the various security tokens that are used from the above services.

  7. Dying for security

    Directory of Open Access Journals (Sweden)

    Buchan, Bruce

    2011-01-01

    Full Text Available If political statements and media coverage are any guide, it seems Australians today are dying for security. At no other moment in our history has the spectre of war and terrorism so haunted popular, political and scholarly perceptions of Australia’s colonial past and of its geopolitical future. And yet, debates over colonial war or genocide and contemporary terrorism have been conducted in more or less complete isolation. In this article I argue that our contemporary obsession with ‘security’ is premised on the perennial threat of ‘insecurity’. This is the problem of in/security, and it has played a central role in the development of Western political thought. More importantly, its formulation in Western political thought provided a powerful justification for the violence of the early decades of Australia’s colonisation during which Indigenous Australians could also be said to have been dying for security.

  8. Dying for Security

    Directory of Open Access Journals (Sweden)

    Bruce Buchan

    2011-03-01

    Full Text Available If political statements and media coverage are any guide, it seems Australians today are dying for security. At no other moment in our history has the spectre of war and terrorism so haunted popular, political and scholarly perceptions of Australia’s colonial past and of its geopolitical future. And yet, debates over colonial war or genocide and contemporary terrorism have been conducted in more or less complete isolation. In this article I argue that our contemporary obsession with ‘security’ is premised on the perennial threat of ‘insecurity’. This is the problem of in/security, and it has played a central role in the development of Western political thought. More importantly, its formulation in Western political thought provided a powerful justification for the violence of the early decades of Australia’s colonisation during which Indigenous Australians could also be said to have been dying for security.

  9. What Price Security?

    Directory of Open Access Journals (Sweden)

    Donald C. Masters

    2009-01-01

    Full Text Available This article presents a critique of the Copenhagen Consensus Center's(CCC exhaustive study on transnational terrorism, published in 2008.The implications of this study are controversial, yet highly relevant in today's economic environment. The Obama administration must come toterms with fiscal realities that will challenge budget priorities and invigorate what will undoubtedly prove to be tough negotiations on Capitol Hill for homeland security dollars. It is proposed here that standard economic tools such as benefit cost analysis, cost effectiveness criteria, and simulation models can help identify areas where security can be either extended or improved using fewer resources. Greater movement towards competitive procurement practices will also result in lower costs and higher returns on security investments.

  10. FOOD SECURITY IN ROMANIA

    Directory of Open Access Journals (Sweden)

    Silviu STANCIU

    2015-12-01

    Full Text Available The increasing world population, the limitation of the natural availability for food production, the climate issues and the food consumption need for modification imposed a continuous updating of the food security concept. Although Romania has sufficient natural resources, which may ensure, by means of proper exploitation, the population’s food needs, the lack of a unitary approach at the government level, materialized in the dependence on imports and in fluctuations in the agro-food production, leads to a re-evaluation of national food needs. National food security may be affected by a series of risks and threats, which appeared due to an imbalance connected with the availability, the utility and the stability of the agro-food sector, interdependent elements that must be functional. The present article proposes an analysis of food security in Romania, with a short presentation of the concept in an international context.

  11. Measuring the security of energy exports demand in OPEC economies

    International Nuclear Information System (INIS)

    One of the objectives of OPEC is the security of demand for the crude oil exports of its members. Achieving this objective is imperative with the projected decline in OECD countries' crude oil demand among other crude oil demand shocks. This paper focuses on determining the external crude oil demand security risks of OPEC member states. In assessing these risks, this study introduces two indexes. The first index, Risky Energy Exports Demand (REED), indicates the level of energy export demand security risks for OPEC members. It combines measures of export dependence, economic dependence, monopsony risk and transportation risk. The second index, Contribution to OPEC Risk Exposure (CORE), indicates the individual contribution of the OPEC members to OPEC's risk exposure. This study utilises the disaggregated index approach in measuring energy demand security risks for crude oil and natural gas and involves a country level analysis. With the disaggregated approach, the study shows that OPEC's energy export demand security risks differ across countries and energy types. - Highlights: • REED and CORE indexes are suitable measures for energy exports demand security risk. • The indexes show that energy demand security risk is different for each OPEC country. • The countries contribution to OPEC's energy demand security risk is also different. • The outcome is necessary for OPEC's common energy and climate change policies. • The outcome makes a case for oil demand security as a topical issue in the literature

  12. Cyber Security Evaluation Tool

    Energy Technology Data Exchange (ETDEWEB)

    2009-08-03

    CSET is a desktop software tool that guides users through a step-by-step process to assess their control system network security practices against recognized industry standards. The output from CSET is a prioritized list of recommendations for improving the cyber security posture of your organization’s ICS or enterprise network. CSET derives the recommendations from a database of cybersecurity standards, guidelines, and practices. Each recommendation is linked to a set of actions that can be applied to enhance cybersecurity controls.

  13. Security electronics circuits manual

    CERN Document Server

    MARSTON, R M

    1998-01-01

    Security Electronics Circuits Manual is an invaluable guide for engineers and technicians in the security industry. It will also prove to be a useful guide for students and experimenters, as well as providing experienced amateurs and DIY enthusiasts with numerous ideas to protect their homes, businesses and properties.As with all Ray Marston's Circuits Manuals, the style is easy-to-read and non-mathematical, with the emphasis firmly on practical applications, circuits and design ideas. The ICs and other devices used in the practical circuits are modestly priced and readily available ty

  14. E-commerce security

    OpenAIRE

    Giri, Bimal

    2013-01-01

    With the ever increasing cyber threats and the rapid expansion of e-commerce globally, the security of the Internet and e-commerce in general will become more paramount. The aim of the thesis is to find out the current e-commerce user perception regarding online transaction and security issues in e-commerce from the user’s perspective. The research is divided into two parts. Firstly, the research tries to find out current e-commerce user’s perception. The social media (Facebook) has been appl...

  15. Social Influence for Security

    Directory of Open Access Journals (Sweden)

    Florin Iftode

    2014-08-01

    Full Text Available The main aim of this work marks the reveling of scientific premises intended to structure the issue of social influence for security. The approach has as aim the identification of those elements that define and characterize the social influence in order to manage conflict, from the perspective of public communication. The proposed approach establishes some synthetic, clear boundaries through the method of research and analysis of the concept of security, social influence, revealing the specifics of public communication in conflict management.

  16. Security of sensor networks

    OpenAIRE

    Teo, Hong-Siang

    2006-01-01

    This thesis discusses the security of sensor networks. First, an overview of the security architectures of two dominant implementations of sensor networks in the market today is presented: the TinyOS stack and the IEEE 802.15.4 stack. Their similarities and differences are explored and their strength and limitations are discussed. Where applicable, comparisons are made with IEEE 802.11 Wireless LAN to highlight improvements and lessons learned. It is pointed out that in general, IEEE 802.15.4...

  17. Drones InSecurity

    OpenAIRE

    Kramer, Manuel; Schmeisser, Martin

    2015-01-01

    This project is about testing the security of casual/commercial drones. For this, we tested drones from the company Parrot, but the conclusions apply to all drones based on WiFi controllers. To test drones security, the project was divided in two parts. The first part is stream sniffing. This means capturing the video stream that a drone transmits to its connected user and afterwards reconstructing it, to see the actual video footage. The second part of the project is the hi- jacking of drone...

  18. Secure cloud computing

    CERN Document Server

    Jajodia, Sushil; Samarati, Pierangela; Singhal, Anoop; Swarup, Vipin; Wang, Cliff

    2014-01-01

    This book presents a range of cloud computing security challenges and promising solution paths. The first two chapters focus on practical considerations of cloud computing. In Chapter 1, Chandramouli, Iorga, and Chokani describe the evolution of cloud computing and the current state of practice, followed by the challenges of cryptographic key management in the cloud. In Chapter 2, Chen and Sion present a dollar cost model of cloud computing and explore the economic viability of cloud computing with and without security mechanisms involving cryptographic mechanisms. The next two chapters addres

  19. Towards Sustainable Nuclear Security

    International Nuclear Information System (INIS)

    The paper has three parts. It will first of all briefly trace the development of the current threat of nuclear terrorism that has created the need for a global capability in nuclear security, focusing on radioactive sources. It will then briefly assess the work that has been done internationally, by the IAEA, States and others to meet the threat. Having outlined the need for security of radioactive sources, the final and main part will propose ways of ensuring that the global capability can be assured into the future. (author)

  20. Enterprise security IT security solutions : concepts, practical experiences, technologies

    CERN Document Server

    Fumy, Walter

    2013-01-01

    Addressing IT managers and staff, as well as CIOs and other executives dealing with corporate IT security, this book provides a broad knowledge on the major security issues affecting today's corporations and organizations, and presents state-of-the-art concepts and current trends for securing an enterprise.Areas covered include information security management, network and system security, identity and access management (IAM), authentication (including smart card based solutions and biometrics), and security certification. In-depth discussion of relevant technologies and standards (including cr

  1. Urban green commons: Insights on urban common property systems

    NARCIS (Netherlands)

    Colding, J.; Barthel, S.; Bendt, P.; Snep, R.P.H.; Knaap, van der W.G.M.; Ernstson, H.

    2013-01-01

    The aim of this paper is to shed new light on urban common property systems. We deal with urban commons in relation to urban green-space management, referring to them as urban green commons. Applying a property-rights analytic perspective, we synthesize information on urban green commons from three

  2. APME launches common method

    International Nuclear Information System (INIS)

    A common approach for carrying out ecological balances for commodity thermoplastics is due to be launched by the Association of Plastics Manufacturers in Europe (APME; Brussels) and its affiliate, The European Centre for Plastics in the Environment (PWMI) this week. The methodology report is the latest stage of a program started in 1990 that aims to describe all operations up to the production of polymer powder or granules at the plant gate. Information gathered will be made freely available to companies considering the use of polymers. An industry task force, headed by PWMI executive director Vince Matthews, has gathered information on the plastics production processes from oil to granule, and an independent panel of specialists, chaired by Ian Boustead of the U.K.'s Open University, devised the methodology and analysis. The methodology report stresses the need to define the system being analyzed and discusses how complex chemical processes can be analyzed in terms of consumption of fuels, energy, and raw materials, as well as solid, liquid, and gaseous emissions

  3. Web security a whitehat perspective

    CERN Document Server

    Wu, Hanqing

    2015-01-01

    MY VIEW OF THE SECURITY WORLDView of the IT Security WorldBrief History of Web SecurityBrief History of Chinese HackersDevelopment Process of Hacking TechniquesRise of Web SecurityBlack Hat, White HatBack to Nature: The Essence of Secret SecuritySuperstition: There Is No Silver BulletSecurity Is an Ongoing ProcessSecurity ElementsHow to Implement Safety AssessmentAsset ClassificationThreat AnalysisRisk AnalysisDesign of Security ProgramsArt of War of White HatPrinciples of Secure by DefaultBlacklist, WhitelistPrinciple of Least PrivilegePrinciple of Defense in DepthPrinciples of Data and Code

  4. Process Expression of Security Automaton

    Institute of Scientific and Technical Information of China (English)

    2007-01-01

    Security is an essential aspect for mobile systems. Usually, mobile system modeling and its security policies specification are realized in different techniques. So when constructed a mobile system using formal methods it is difficult to verify if the system comply with any given security policies. A method was introduced to express security automata which specifying enforceable security policies as processes in an extended π-calculus. In this extended π-calculus, an exception termination process was introduced, called bad. Any input which violating a security automaton will correspond to a step of transformation of the process that specifying the security automaton to exception termination process. Our method shows that any security automata which specifying enforceable security policies would decide a process in the extended π-calculus.

  5. Secure Storage Architectures

    Energy Technology Data Exchange (ETDEWEB)

    Aderholdt, Ferrol [Tennessee Technological University; Caldwell, Blake A [ORNL; Hicks, Susan Elaine [ORNL; Koch, Scott M [ORNL; Naughton, III, Thomas J [ORNL; Pogge, James R [Tennessee Technological University; Scott, Stephen L [Tennessee Technological University; Shipman, Galen M [ORNL; Sorrillo, Lawrence [ORNL

    2015-01-01

    The purpose of this report is to clarify the challenges associated with storage for secure enclaves. The major focus areas for the report are: - review of relevant parallel filesystem technologies to identify assets and gaps; - review of filesystem isolation/protection mechanisms, to include native filesystem capabilities and auxiliary/layered techniques; - definition of storage architectures that can be used for customizable compute enclaves (i.e., clarification of use-cases that must be supported for shared storage scenarios); - investigate vendor products related to secure storage. This study provides technical details on the storage and filesystem used for HPC with particular attention on elements that contribute to creating secure storage. We outline the pieces for a a shared storage architecture that balances protection and performance by leveraging the isolation capabilities available in filesystems and virtualization technologies to maintain the integrity of the data. Key Points: There are a few existing and in-progress protection features in Lustre related to secure storage, which are discussed in (Chapter 3.1). These include authentication capabilities like GSSAPI/Kerberos and the in-progress work for GSSAPI/Host-keys. The GPFS filesystem provides native support for encryption, which is not directly available in Lustre. Additionally, GPFS includes authentication/authorization mechanisms for inter-cluster sharing of filesystems (Chapter 3.2). The limitations of key importance for secure storage/filesystems are: (i) restricting sub-tree mounts for parallel filesystem (which is not directly supported in Lustre or GPFS), and (ii) segregation of hosts on the storage network and practical complications with dynamic additions to the storage network, e.g., LNET. A challenge for VM based use cases will be to provide efficient IO forwarding of the parallel filessytem from the host to the guest (VM). There are promising options like para-virtualized filesystems to

  6. A Learning-Based Approach to Reactive Security

    CERN Document Server

    Barth, Adam; Sundararajan, Mukund; Mitchell, John C; Song, Dawn; Bartlett, Peter L

    2009-01-01

    Despite the conventional wisdom that proactive security is superior to reactive security, we show that reactive security can be competitive with proactive security as long as the reactive defender learns from past attacks instead of myopically overreacting to the last attack. Our game-theoretic model follows common practice in the security literature by making worst-case assumptions about the attacker: we grant the attacker complete knowledge of the defender's strategy and do not require the attacker to act rationally. In this model, we bound the competitive ratio between a reactive defense algorithm (which is inspired by online learning theory) and the best fixed proactive defense. Additionally, we show that, unlike proactive defenses, this reactive strategy is robust to a lack of information about the attacker's incentives and knowledge.

  7. A Learning-Based Approach to Reactive Security

    Science.gov (United States)

    Barth, Adam; Rubinstein, Benjamin I. P.; Sundararajan, Mukund; Mitchell, John C.; Song, Dawn; Bartlett, Peter L.

    Despite the conventional wisdom that proactive security is superior to reactive security, we show that reactive security can be competitive with proactive security as long as the reactive defender learns from past attacks instead of myopically overreacting to the last attack. Our game-theoretic model follows common practice in the security literature by making worst-case assumptions about the attacker: we grant the attacker complete knowledge of the defender's strategy and do not require the attacker to act rationally. In this model, we bound the competitive ratio between a reactive defense algorithm (which is inspired by online learning theory) and the best fixed proactive defense. Additionally, we show that, unlike proactive defenses, this reactive strategy is robust to a lack of information about the attacker's incentives and knowledge.

  8. Securing smart grid technology

    Science.gov (United States)

    Chaitanya Krishna, E.; Kosaleswara Reddy, T.; Reddy, M. YogaTeja; Reddy G. M., Sreerama; Madhusudhan, E.; AlMuhteb, Sulaiman

    2013-03-01

    In the developing countries electrical energy is very important for its all-round improvement by saving thousands of dollars and investing them in other sector for development. For Growing needs of power existing hierarchical, centrally controlled grid of the 20th Century is not sufficient. To produce and utilize effective power supply for industries or people we should have Smarter Electrical grids that address the challenges of the existing power grid. The Smart grid can be considered as a modern electric power grid infrastructure for enhanced efficiency and reliability through automated control, high-power converters, modern communications infrastructure along with modern IT services, sensing and metering technologies, and modern energy management techniques based on the optimization of demand, energy and network availability and so on. The main objective of this paper is to provide a contemporary look at the current state of the art in smart grid communications as well as critical issues on smart grid technologies primarily in terms of information and communication technology (ICT) issues like security, efficiency to communications layer field. In this paper we propose new model for security in Smart Grid Technology that contains Security Module(SM) along with DEM which will enhance security in Grid. It is expected that this paper will provide a better understanding of the technologies, potential advantages and research challenges of the smart grid and provoke interest among the research community to further explore this promising research area.

  9. Miniatlas of Human Security

    OpenAIRE

    World Bank, (WB); Human Security Report Project

    2008-01-01

    An at-a-glance illustrated guide to global and regional trends in human insecurity, the miniAtlas provides a succinct introduction to today's most pressing security challenges. It maps political violence, the links between poverty and conflict, assaults on human rights including the use of child soldiers and the causes of war and peace.

  10. Today's School Security

    Science.gov (United States)

    Kennedy, Mike

    2012-01-01

    Outbreaks of violence at education institutions typically do not rise to the horrific levels of Virginia Tech, Columbine High School, or Oikos University. But incidents that threaten school security--bullying, hazing, online harassment--take place in every month of the year and may occur in any classroom or campus from coast to coast. Schools and…

  11. A network security monitor

    Energy Technology Data Exchange (ETDEWEB)

    Heberlein, L.T.; Dias, G.V.; Levitt, K.N.; Mukherjee, B.; Wood, J.; Wolber, D. (California Univ., Davis, CA (USA). Dept. of Electrical Engineering and Computer Science)

    1989-11-01

    The study of security in computer networks is a rapidly growing area of interest because of the proliferation of networks and the paucity of security measures in most current networks. Since most networks consist of a collection of inter-connected local area networks (LANs), this paper concentrates on the security-related issues in a single broadcast LAN such as Ethernet. Specifically, we formalize various possible network attacks and outline methods of detecting them. Our basic strategy is to develop profiles of usage of network resources and then compare current usage patterns with the historical profile to determine possible security violations. Thus, our work is similar to the host-based intrusion-detection systems such as SRI's IDES. Different from such systems, however, is our use of a hierarchical model to refine the focus of the intrusion-detection mechanism. We also report on the development of our experimental LAN monitor currently under implementation. Several network attacks have been simulated and results on how the monitor has been able to detect these attacks are also analyzed. Initial results demonstrate that many network attacks are detectable with our monitor, although it can surely be defeated. Current work is focusing on the integration of network monitoring with host-based techniques. 20 refs., 2 figs.

  12. Computer Science Security

    OpenAIRE

    Ocotlan Diaz-Parra; Ruiz-Vanoye, Jorge A.; Barrera-Cámara, Ricardo A.; Alejandro Fuentes-Penna; Natalia Sandoval

    2014-01-01

    Soft Systems Methodology (SSM) is a problem-solving methodology employing systems thinking. SSM has been applied to the management, planning, health and medical systems, information systems planning, human resource management, analysis of the logistics systems, knowledge management, project management, construction management and engineering, and development of expert systems. This paper proposes using SSM for strategic planning of Enterprise Computer Security.

  13. CYBER SECURITY FOR AIRPORTS

    Directory of Open Access Journals (Sweden)

    Kasthurirangan Gopalakrishnan

    2013-12-01

    Full Text Available In today’s information age, government organizations and business enterprises are heavily relying on interconnected computer systems to manage a variety of public services including energy, transportation, water, etc. While this increased connectivity has many operational advantages benefitting the public, they have also become vulnerable to cyber attacks such as Corporate Security Breaches, Spear Phishing, and Social Media Fraud. The aviation sector is one the critical infrastructure systems that is not only vulnerable to physical threats, but also cyber threats, especially with the increased use of Bring Your Own Device (BYOD at airports. It has been recognized that there is currently no cyber security standards established for airports in the United States as the existing standards have mainly focused on aircraft Control System (CS. This paper summarizes the need, background, ongoing developments and research efforts with respect to the establishment of cyber-security standards and best practices at U.S. airports with special emphasis on cyber security education and literacy.

  14. Politics, Security, Theory

    DEFF Research Database (Denmark)

    Wæver, Ole

    2011-01-01

    distinct from both the study of political practices of securitization and explorations of competing concepts of politics among security theories. It means tracking what kinds of analysis the theory can produce and whether such analysis systematically impacts real-life political struggles. Securitization...

  15. Gaming security by obscurity

    NARCIS (Netherlands)

    Pavlovic, Dusko

    2011-01-01

    Shannon sought security against the attacker with unlimited computational powers: if an information source conveys some information, then Shannon's attacker will surely extract that information. Diffie and Hellman refined Shannon's attacker model by taking into account the fact that the real attacke

  16. Gaming security by obscurity

    NARCIS (Netherlands)

    Pavlovic, Dusko

    2011-01-01

    Shannon [40] sought security against the attacker with unlimited computational powers: if an information source conveys some information, then Shannon’s attacker will surely extract that information. Diffie and Hellman [13] refined Shannon’s attacker model by taking into account the fact that the re

  17. Concepts of Human Security

    NARCIS (Netherlands)

    D.R. Gasper (Des)

    2011-01-01

    markdownabstract__Abstract__ Concepts of human security have been debated and disputed at length during the past twenty years or more. Many lists of definitions exist and various comparative analyses of definitions.1 These reveal not a single concept but a family with many variants, all of which mi

  18. Security Situation in Afghanistan

    Institute of Scientific and Technical Information of China (English)

    Fang Jinying

    2006-01-01

    @@ Since the beginning of 2006, the Taliban has intensified its attacks in Afghanistan in various forms, especially in the south.The U.S.-led coalition forces, the NATO-led International Security Assistance Force (ISAF) , and the Afghan Army found themselves constantly be the victims of ambushes, suicide bombings, and roadside blasts.

  19. Mastering Mobile Security

    Science.gov (United States)

    Panettieri, Joseph C.

    2007-01-01

    Without proper security, mobile devices are easy targets for worms, viruses, and so-called robot ("bot") networks. Hackers increasingly use bot networks to launch massive attacks against eCommerce websites--potentially targeting one's online tuition payment or fundraising/financial development systems. How can one defend his mobile systems against…

  20. Secured Ontology Mapping

    Directory of Open Access Journals (Sweden)

    Manjula Shenoy.K

    2012-11-01

    Full Text Available Today’s market evolution and high volatility of business requirements put an increasing emphasis on theability for systems to accommodate the changes required by new organizational needs while maintainingsecurity objectives satisfiability. This is all the more true in case of collaboration and interoperabilitybetween different organizations and thus between their information systems. Ontology mapping has beenused for interoperability and several mapping systems have evolved to support the same. Usual solutionsdo not take care of security. That is almost all systems do a mapping of ontologies which are unsecured.We have developed a system for mapping secured ontologies using graph similarity concept. Here we giveno importance to the strings that describe ontology concepts ,properties etc. Because these strings may beencrypted in the secured ontology. Instead we use the pure graphical structure to determine mappingbetween various concepts of given two secured ontologies. The paper also gives the measure of accuracyof experiment in a tabular form in terms of precision, recall and F-measure.

  1. Collusion Secure Fingerprint Watermarking

    OpenAIRE

    Schäfer, Marcel

    2016-01-01

    Identifying perpetrators via watermarking technology has proven of value in media copyright infringements. To enable tracing back unauthorizedly re-distributed media copies that were manipulated by a collusion attack, collusion secure fingerprinting codes are embedded into the copies via watermarking technology. Fingerprinting codes are mathematical codes designed to resist collusion attacks by means of probabilistically generated codewords and suitable tracing algorithms. However, embedd...

  2. Application Security Automation

    Science.gov (United States)

    Malaika, Majid A.

    2011-01-01

    With today's high demand for online applications and services running on the Internet, software has become a vital component in our lives. With every revolutionary technology comes challenges unique to its characteristics; for online applications, security is one huge concern and challenge. Currently, there are several schemes that address…

  3. Security for Mobility

    DEFF Research Database (Denmark)

    Nielson, Hanne Riis; Nielson, Flemming; Buchholtz, Mikael

    2004-01-01

    We show how to use static analysis to provide information about security issues related to mobility. First the syntax and semantics of Mobile Ambients is reviewed and we show how to obtain a so-called 0CFA analysis that can be implemented in polynomial time. Next we consider discretionary access...

  4. Macrosecuritization and Security Constellations

    DEFF Research Database (Denmark)

    Buzan, Barry; Wæver, Ole

    2009-01-01

    the middle and system levels, and asks whether there is not more of substance there than the existing Copenhagen school analyses suggests. It revisits the under-discussed concept of security constellations in Copenhagen school theory, and adds to it the idea of macrosecuritizations as ways of getting...

  5. Security for Mobility

    DEFF Research Database (Denmark)

    Nielson, Hanne Riis; Nielson, Flemming; Buchholtz, Mikael

    2002-01-01

    We show how to use static analysis to provide information about security issues related to mobility. First the syntax and semantics of Mobile Ambients is reviewed and we show how to obtain a so-called 0CFA analysis that can be implemented in polynomial time. Next we consider discretionary access...

  6. Transatlantic Homeland Security

    DEFF Research Database (Denmark)

    Dalgaard-Nielsen, Anja; Hamilton, Daniel

    This major new study presents both conceptual and practical guidance at a crucial time when intellectual and practical efforts to protect against the new terrorism should move beyond a purely domestic focus. Creating an effective and integrated national homeland security effort is a significant...

  7. Attachment Security and Pain

    DEFF Research Database (Denmark)

    Andersen, Tonny Elmose; Lahav, Yael; Defrin, Ruth;

    2015-01-01

    The present study assesses for the first time, the possible disruption effect of posttraumatic stress symptoms (PTSS) with regard to the protective role of attachment on pain, among ex-POWs. While secure attachment seems to serve as a buffer, decreasing the perception of pain, this function may...

  8. Metaphors for cyber security.

    Energy Technology Data Exchange (ETDEWEB)

    Moore, Judy Hennessey; Parrott, Lori K.; Karas, Thomas H.

    2008-08-01

    This report is based upon a workshop, called 'CyberFest', held at Sandia National Laboratories on May 27-30, 2008. Participants in the workshop came from organizations both outside and inside Sandia. The premise of the workshop was that thinking about cyber security from a metaphorical perspective could lead to a deeper understanding of current approaches to cyber defense and perhaps to some creative new approaches. A wide range of metaphors was considered, including those relating to: military and other types of conflict, biological, health care, markets, three-dimensional space, and physical asset protection. These in turn led to consideration of a variety of possible approaches for improving cyber security in the future. From the proposed approaches, three were formulated for further discussion. These approaches were labeled 'Heterogeneity' (drawing primarily on the metaphor of biological diversity), 'Motivating Secure Behavior' (taking a market perspective on the adoption of cyber security measures) and 'Cyber Wellness' (exploring analogies with efforts to improve individual and public health).

  9. Secure and Reliable Communications Solution for SCADA and PPDR Use

    OpenAIRE

    Ahokas, Jari

    2013-01-01

    Public Protection and Disaster Relief (PPDR) and Supervisory Control and Data Acquisition (SCADA) systems have similar needs for secured and reliable communications. All European PPDR organizations have similar requirements. A common network for both PPDR and SCADA creates synergy and makes interoperability within systems and cross borders possible. This report presents a highly redundant and secured communications network solution for both of the actors. The network level is shared between m...

  10. Mitigating Hardware Cyber-Security Risks in Error Correcting Decoders

    OpenAIRE

    Hemati, Saied

    2015-01-01

    This paper investigates hardware cyber-security risks associated with channel decoders, which are commonly acquired as a black box in semiconductor industry. It is shown that channel decoders are potentially attractive targets for hardware cyber-security attacks and can be easily embedded with malicious blocks. Several attack scenarios are considered in this work and suitable methods for mitigating the risks are proposed. These methods are based on randomizing the inputs of the channel decode...

  11. Induced Retirement, Social Security, and the Pyramid Mirage

    OpenAIRE

    Casey B. Mulligan

    2000-01-01

    Does Social Security redistribute across cohorts? Or is it a program for purchasing the jobs' of the elderly? I formalize both models, showing how they have some predictions in common the most important of which is that generational accounts have the appearance of a pyramid scheme.' I also derive important differences between the two interpretations, and compare those differences with data on the design and incidence of Social Security programs around the world. Since implicit and explicit ta...

  12. Study on Improving Web Security using SAML Token

    Directory of Open Access Journals (Sweden)

    Venkadesh.M

    2013-11-01

    Full Text Available Web service is the most important word which is most commonly used by all computer professionals. Web services are mainly used for communicating different platform within a network connection. Web services are created based on SOA architecture. SOA platform is most popularly used in distributed systems. When using in distributed system security becomes prominent. This study is carried out on improving web security using SAML tokens. SOA principles and SAML are used in this study

  13. A Comparison of Cross-Sector Cyber Security Standards

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2005-09-01

    This report presents a review and comparison (commonality and differences) of three cross-sector cyber security standards and an internationally recognized information technology standard. The comparison identifies the security areas covered by each standard and reveals where the standards differ in emphasis. By identifying differences in the standards, the user can evaluate which standard best meets their needs. For this report, only cross-sector standards were reviewed.

  14. Social Infrastructure for Hometown Security: Advancing the Homeland Security Paradigm

    OpenAIRE

    Bach, Robert; Kaufman, David J.

    2009-01-01

    This article appeared in Homeland Security Affairs (May 2009), v.5 no.2 The nation's homeland security strategy calls on federal, state, and local governments, businesses, communities and individuals across the country to work together to achieve a shared vision of a secure way of life. Yet true involvement on the part of individual citizens remains elusive, due largely to a misdiagnosis of the way the American people experience homeland security practices, inappropriate application of bor...

  15. The Extended Concept of Security and the Czech Security Practice

    OpenAIRE

    Libor Stejskal; Antonín Rašek; Miloš Balabán

    2008-01-01

    According to the extended concept of security, the nation state is no longer the sole privileged reference object of security. The traditional model of national security is developing from military terms to a broader concept which embraces the international, economic, social, environmental, and human rights dimensions of security. The meaning and relevance of the concept is being extended “upwards”, to international organisations, and “downwards”, to regional and local authorities, non-govern...

  16. Development and analysis of security policies in security enhanced Android

    OpenAIRE

    Rimando, Ryan A.

    2012-01-01

    This thesis examines Security Enhanced Android. Both its policy and its additional security features are explored. The policy is examined in depth, providing a better understanding of the security provided by SE Android. We analyze the default SE Android policy. We identify a potential weakness and change the policy to facilitate control over communication channels. A proof-of-concept set of applications is developed to demonstrate how SE Android can be used to improve application security. T...

  17. Security and Reliability Requirements for Advanced Security Event Management

    OpenAIRE

    RIEKE, Roland; COPPOLINO, Luigi; Hutchinson, Andrew; PRIETO, Elsa; Gaber, Chrystel

    2012-01-01

    This paper addresses security information management in complex application scenarios. Security Information and Event Management (SIEM) systems collect and examine security related events, with the goal of providing a unified view of the monitored systems' security status. While various SIEMs are in production, there is scope to extend the capability and resilience of these systems. The use of SIEM technology in four disparate scenario areas is used in this paper as a catalyst for the develop...

  18. Secure and Authenticated Data Communication in Wireless Sensor Networks.

    Science.gov (United States)

    Alfandi, Omar; Bochem, Arne; Kellner, Ansgar; Göge, Christian; Hogrefe, Dieter

    2015-01-01

    Securing communications in wireless sensor networks is increasingly important as the diversity of applications increases. However, even today, it is equally important for the measures employed to be energy efficient. For this reason, this publication analyzes the suitability of various cryptographic primitives for use in WSNs according to various criteria and, finally, describes a modular, PKI-based framework for confidential, authenticated, secure communications in which most suitable primitives can be employed. Due to the limited capabilities of common WSN motes, criteria for the selection of primitives are security, power efficiency and memory requirements. The implementation of the framework and the singular components have been tested and benchmarked in our testbed of IRISmotes.

  19. Job security or employment security : What's in a name?

    NARCIS (Netherlands)

    Zekic, Nuna

    2016-01-01

    The main aim of the article is to survey and conceptualize the place of employment security in labour law, and to explore a number of important legal questions relating to this concept. After scrutinizing the notion of employment security, the author endorses the view that job security that exists o

  20. Diagnosis concept for common rail engines; Diagnosekonzept fuer CommonRail Motoren

    Energy Technology Data Exchange (ETDEWEB)

    Staebler, D.; Lehle, W.; Kohler, B. [Robert Bosch GmbH, Stuttgart (Germany)

    2007-07-01

    The troubleshooting for diesel engines with modern CommonRail fuel injection systems requires a failure diagnosis system, which enables the workshop to detect the root cause fast and secure. This guided trouble shooting leads the mechanic to examine diagnosis functions depending on the situation. New tester based and ECU-based diagnosis functions were developed to detect the smallest changeable unit fast and clearly. Selected new diagnosis functions and their implementation in the guided trouble shooting will be presented in the following. Looking forward the focus goes to the use of software based diagnosis functionality in service. (orig.)

  1. Security in the transport of radioactive materials

    International Nuclear Information System (INIS)

    Full text: Adequate security is an essential concern in the transport of radioactive materials for all the stakeholders involved - the countries producing radioactive materials, the countries across which and to where the radioactive materials are transported, and the transport industry. Indeed, stringent security measures in the movement of radioactive materials have been in place for many years. Regulators have recognised that specific radioactive materials transported require special security controls and measures in order to prevent illicit use of such material. This need for protection is now even greater. No industry is subject to more stringent levels of security. The transport of radioactive materials has traditionally been subject to specific national protection measures, as shown for instance by a State reserving its right to oversee the security measures taken during the transport of such materials originating from or carried through its territory. To prevent theft of radioactive materials during transport, a wide range of protection measures, including access control, employee screening and coordination with local and national security authorities, involving security forces, have been developed. Some of these provisions have a direct and considerable impact on how transports are organised. While State sovereignty on security matters is appreciated, and since international transport of radioactive materials is a common practice, greater harmonisation of security measures within and between countries should be encouraged in the interest both of security and efficiency. For example, a security official at an international border crossing may interpret requirements on the ground in a different way from authorities at the centre. There appears to be a view among some potential transport service providers that the transport safety and security regulatory regimes are onerous or too complicated. It is the operator who experiences at first hand the differences

  2. International and European Security Law

    Directory of Open Access Journals (Sweden)

    Jonathan Herbach

    2012-02-01

    Full Text Available Security law, or more comprehensively conflict and security law, on the international level represents the intersection of three distinct but interrelated fields: international humanitarian law (the law of armed conflict, jus in bello, the law of collective security (most identified with the United Nations (UN system, jus ad bellum and arms control law (including non-proliferation. Security in this sense is multifaceted - interest security, military security and, as is often referred to in the context of the EU, human security. As such, the law covers a wide range of specific topics with respect to conflict, encompassing the use of force, including choice of weapons and fighting techniques, extending to the rules applicable in peacekeeping and peace enforcement, and yet also dictating obligations outside the context of conflict, such as safeguarding and securing dual-use materials (those with both peaceful and military applications to prevent malicious use.

  3. Model-Based Security Testing

    CERN Document Server

    Schieferdecker, Ina; Schneider, Martin; 10.4204/EPTCS.80.1

    2012-01-01

    Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST) is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing,...

  4. Secure key storage and distribution

    Science.gov (United States)

    Agrawal, Punit

    2015-06-02

    This disclosure describes a distributed, fault-tolerant security system that enables the secure storage and distribution of private keys. In one implementation, the security system includes a plurality of computing resources that independently store private keys provided by publishers and encrypted using a single security system public key. To protect against malicious activity, the security system private key necessary to decrypt the publication private keys is not stored at any of the computing resources. Rather portions, or shares of the security system private key are stored at each of the computing resources within the security system and multiple security systems must communicate and share partial decryptions in order to decrypt the stored private key.

  5. Fast Energy-Efficient Secure Dynamic Address Routing For Scalable WSNs

    Directory of Open Access Journals (Sweden)

    G. Ravi

    2012-03-01

    Full Text Available Secure Routing is one of the important issues in wireless sensor networks. A number of approaches have been proposed for secure routing in wireless sensor networks, but there is a lack of sufficient support for quick secure routing in large-scale sensor networks. We consider the dynamic address routing for wireless sensor networks. We consider two security algorithms namely RSA (Rivest, Shamir Adleman, Elliptic Curve Cryptography (ECC as an initial test for dynamic address routing protocol for wireless sensor networks. We consider five routing attacks such as Directory attack, Brutal attack, Wormhole attack, Sinkhole attack and Sybil attack against dynamic address routing in wireless sensor networks. In this paper, we propose a common key cryptographic security algorithm named Random Number Addressing Cryptography (RAC for providing energy efficient secure dynamic address routing protocol for scalable wireless sensor networks. RAC security algorithm works energy-efficiently and provides better security than RSA and ECC.

  6. Security for service oriented architectures

    CERN Document Server

    Williams, Walter

    2014-01-01

    Although integrating security into the design of applications has proven to deliver resilient products, there are few books available that provide guidance on how to incorporate security into the design of an application. Filling this need, Security for Service Oriented Architectures examines both application and security architectures and illustrates the relationship between the two. Supplying authoritative guidance on how to design distributed and resilient applications, the book provides an overview of the various standards that service oriented and distributed applications leverage, includ

  7. Security Information System Digital Simulation

    OpenAIRE

    Tao Kuang; Shanhong Zhu

    2015-01-01

    The study built a simulation model for the study of food security information system relay protection. MATLAB-based simulation technology can support the analysis and design of food security information systems. As an example, the food security information system fault simulation, zero-sequence current protection simulation and transformer differential protection simulation are presented in this study. The case studies show that the simulation of food security information system relay protect...

  8. Secure Storage Architectures

    Energy Technology Data Exchange (ETDEWEB)

    Aderholdt, Ferrol [Tennessee Technological University; Caldwell, Blake A [ORNL; Hicks, Susan Elaine [ORNL; Koch, Scott M [ORNL; Naughton, III, Thomas J [ORNL; Pogge, James R [Tennessee Technological University; Scott, Stephen L [Tennessee Technological University; Shipman, Galen M [ORNL; Sorrillo, Lawrence [ORNL

    2015-01-01

    The purpose of this report is to clarify the challenges associated with storage for secure enclaves. The major focus areas for the report are: - review of relevant parallel filesystem technologies to identify assets and gaps; - review of filesystem isolation/protection mechanisms, to include native filesystem capabilities and auxiliary/layered techniques; - definition of storage architectures that can be used for customizable compute enclaves (i.e., clarification of use-cases that must be supported for shared storage scenarios); - investigate vendor products related to secure storage. This study provides technical details on the storage and filesystem used for HPC with particular attention on elements that contribute to creating secure storage. We outline the pieces for a a shared storage architecture that balances protection and performance by leveraging the isolation capabilities available in filesystems and virtualization technologies to maintain the integrity of the data. Key Points: There are a few existing and in-progress protection features in Lustre related to secure storage, which are discussed in (Chapter 3.1). These include authentication capabilities like GSSAPI/Kerberos and the in-progress work for GSSAPI/Host-keys. The GPFS filesystem provides native support for encryption, which is not directly available in Lustre. Additionally, GPFS includes authentication/authorization mechanisms for inter-cluster sharing of filesystems (Chapter 3.2). The limitations of key importance for secure storage/filesystems are: (i) restricting sub-tree mounts for parallel filesystem (which is not directly supported in Lustre or GPFS), and (ii) segregation of hosts on the storage network and practical complications with dynamic additions to the storage network, e.g., LNET. A challenge for VM based use cases will be to provide efficient IO forwarding of the parallel filessytem from the host to the guest (VM). There are promising options like para-virtualized filesystems to

  9. Security force effectiveness and technology

    International Nuclear Information System (INIS)

    No one would propose ineffective security forces. Applied technology always has, as its purpose, to increase effectiveness. Evidence exists, however, that poorly conceived or executed technological solutions can actually do more harm than good. The author argues for improved human factor considerations in physical security applied technology -- especially in the area of security console operations

  10. Secure Method Invocation in JASON

    NARCIS (Netherlands)

    Brinkman, Richard; Hoepman, Jaap-Henk

    2002-01-01

    We describe the Secure Method Invocation (SMI) framework implemented for Jason, our Javacard As Secure Objects Networks platform. Jason realises the secure object store paradigm, that reconciles the card-as-storage-element and card-as-processing-element views. In this paradigm, smart cards are viewe

  11. Monterey Security Enhanced Architecture Project

    OpenAIRE

    Irvine, Cynthia E.; Shifflett, David; Clark, Paul C.; Levin, Timothy E.; Dinolt, George

    2003-01-01

    This research project has produced an innovative architecture and corresponding engineering prototype consisting of trusted security services and integrated operating system mechanisms for the protection of distributed multi-domain computing environments from malicious code and other attacks. These security services and mechanisms extend and interoperate with existing workstations, applications and open source operating systems, providing new capabilities for composing secure distributed ...

  12. Communications and information infrastructure security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Communication and Information Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering strategies for protecting the telecommunications sector, wireless security, advanced web based technology for emergency situations. Science and technology for critical infrastructure consequence mitigation are also discussed.

  13. Security procedures in wireless networks

    Institute of Scientific and Technical Information of China (English)

    郑光

    2009-01-01

    In the paper, we will introduce the mechanisms and the weaknesses of the Wired Equivalent Privacy (WEP) and 802.1 li security procedures in the wireless networks. After that, the Wi-Fi Protected Access (WPA), a standards-based security mechanism that can eliminate most of 802.11 security problems will be introduced.

  14. Economic Security in Nova Scotia

    OpenAIRE

    Lars Osberg; Andrew Sharpe

    2008-01-01

    The report uses an aggregate index, based on security from the economic risks imposed by four key factors – unemployment, illness, old age, and single parenthood – to examine trends in economic security in Nova Scotia from 1981 to 2007. It concludes that economic security in Nova Scotia decreased during the 1981-2007 period.

  15. Nanotechnology in the Security

    CERN Document Server

    Kruchinin, Sergei

    2015-01-01

    The topics discussed at the NATO Advanced Research Workshop "Nanotechnology in the Security Systems" included nanophysics,   nanotechnology,  nanomaterials, sensors, biosensors security systems, explosive  detection . There have been many significant advances in the past two years and some entirely new directions of research are just opening up. Recent advances in nanoscience have demonstrated that fundamentally new physical phenomena  are found when systems are reduced in size with  dimensions, comparable to the fundamental microscopic  length scales of the investigated material. Recent developments in nanotechnology and measurement techniques now allow experimental investigation of transport properties of nanodevices. This work will be of interest to researchers working in spintronics, molecular electronics and quantum information processing.

  16. Digital Watermarking Security

    Directory of Open Access Journals (Sweden)

    Jonathan Blake

    2011-09-01

    Full Text Available As creative works (e.g. books, films, music, photographs become increasingly available in digital formats in a highly connected world, it also becomes increasingly difficult to secure intellectual property rights. Digital watermarking is one potential technology to aid intellectual property owners in controlling and tracking the use of their works. Surveys the state of digital watermarking research and examines the attacks that the technology faces and how it fares against them. Digital watermarking is an inherently difficult design problem subject to many constraints. The technology currently faces an uphill battle to be secure against relatively simple attacks.Defence Science Journal, 2011, 61(5, pp.408-414, DOI:http://dx.doi.org/10.14429/dsj.61.1176

  17. THz and Security Applications

    CERN Document Server

    Sizov, Fedir; Detectors, Sources and Associated Electronics for THz Applications

    2014-01-01

    These proceedings comprise invited papers from highly experienced researchers in THz technology and security applications. THz detection of explosives represents one of the most appealing technologies to have recently emerged in dealing with terrorist attacks encountered by civil security and military forces throughout the world. Discussed are the most advanced technologies and developments, the various points of operational strength and weaknesses as well as are suggestions and predictions the best technological solutions to  overcome current operational limits.  The current status of various levels of cooling in THz detectors, sources and associated electronics are also addressed. The goal was to provide a clear view on the current technologies available and the required advances needed in order to achieve more efficient systems. This goal was outlined in part by establishing the baseline of current uncertainty estimations in physics-based modelling and the identification of key areas which require additi...

  18. CLOUD COMPUTING AND SECURITY

    Directory of Open Access Journals (Sweden)

    Asharani Shinde

    2015-10-01

    Full Text Available This document gives an insight into Cloud Computing giving an overview of key features as well as the detail study of exact working of Cloud computing. Cloud Computing lets you access all your application and documents from anywhere in the world, freeing you from the confines of the desktop thus making it easier for group members in different locations to collaborate. Certainly cloud computing can bring about strategic, transformational and even revolutionary benefits fundamental to future enterprise computing but it also offers immediate and pragmatic opportunities to improve efficiencies today while cost effectively and systematically setting the stage for the strategic change. As this technology makes the computing, sharing, networking easy and interesting, we should think about the security and privacy of information too. Thus the key points we are going to be discussed are what is cloud, what are its key features, current applications, future status and the security issues and the possible solutions.

  19. Strengthening nuclear security

    International Nuclear Information System (INIS)

    The international situation after the end of the Cold-War has been quite unstable, due to the occurrence of frequent regional conflicts and domestic wars based on ethnic, religious or racial reasons. Further, threats to the would peace and security by non-state actors, like international terrorist groups, have been recognized after 9.11 terrorist attacks to the World Trade Center buildings and to the Pentagon. Utilization of nuclear energy, which encompasses both peaceful uses and military ones, required an establishment of regulatory system, by which risks associated with the development of nuclear energy can be controlled. Accordingly, nuclear safety control system, and then non-proliferation control system has been developed, both in the international level and notional level. In recognition of the present unstable international situations, it is required to establish, maintain and strengthen a system which control nuclear security aspect, in addition to the present systems. (author)

  20. Society and Security

    Directory of Open Access Journals (Sweden)

    FLORENTINA FUNIERU

    2011-01-01

    Full Text Available The study emphasizes the most important theories in the field of security studies and is concerned with the threats directed at the supportive elements of human communities which are less visible than the traditional ones. They are accompanied by a force that conquers mental spaces and changes the individual's self-awareness, namely that of the social will. This study discusses the societal security of the social will on a historical time axis, beginning with the 12th century (when social authority, temporal power, is separated from the authority of the Church, from spiritual power, followed by a second historical moment of the deconstruction of social frames, which occurred in the 19th century (that of the romantic culture, as reaction to the rationalist individualist trend, and by the year 1989, a third moment of rupture analyzed in comparison with the others.