PMU-Aided Voltage Security Assessment for a Wind Power Plant: Preprint

Energy Technology Data Exchange (ETDEWEB)

Jiang, H.; Zhang, Y. C.; Zhang, J. J.; Muljadi, E.

2015-04-08

Because wind power penetration levels in electric power systems are continuously increasing, voltage stability is a critical issue for maintaining power system security and operation. The traditional methods to analyze voltage stability can be classified into two categories: dynamic and steady-state. Dynamic analysis relies on time-domain simulations of faults at different locations; however, this method needs to exhaust faults at all locations to find the security region for voltage at a single bus. With the widely located phasor measurement units (PMUs), the Thevenin equivalent matrix can be calculated by the voltage and current information collected by the PMUs. This paper proposes a method based on a Thevenin equivalent matrix to identify system locations that will have the greatest impact on the voltage at the wind power plant’s point of interconnection. The number of dynamic voltage stability analysis runs is greatly reduced by using the proposed method. The numerical results demonstrate the feasibility, effectiveness, and robustness of the proposed approach for voltage security assessment for a wind power plant.

AUSERA: Large-Scale Automated Security Risk Assessment of Global Mobile Banking Apps

OpenAIRE

Chen, Sen; Meng, Guozhu; Su, Ting; Fan, Lingling; Xue, Yinxing; Liu, Yang; Xu, Lihua; Xue, Minhui; Li, Bo; Hao, Shuang

2018-01-01

Contemporary financial technology (FinTech) that enables cashless mobile payment has been widely adopted by financial institutions, such as banks, due to its convenience and efficiency. However, FinTech has also made massive and dynamic transactions susceptible to security risks. Given large financial losses caused by such vulnerabilities, regulatory technology (RegTech) has been developed, but more comprehensive security risk assessment is specifically desired to develop robust, scalable, an...

Dynamic reconfiguration of security policies in wireless sensor networks.

Science.gov (United States)

Pinto, Mónica; Gámez, Nadia; Fuentes, Lidia; Amor, Mercedes; Horcas, José Miguel; Ayala, Inmaculada

2015-03-04

Providing security and privacy to wireless sensor nodes (WSNs) is very challenging, due to the heterogeneity of sensor nodes and their limited capabilities in terms of energy, processing power and memory. The applications for these systems run in a myriad of sensors with different low-level programming abstractions, limited capabilities and different routing protocols. This means that applications for WSNs need mechanisms for self-adaptation and for self-protection based on the dynamic adaptation of the algorithms used to provide security. Dynamic software product lines (DSPLs) allow managing both variability and dynamic software adaptation, so they can be considered a key technology in successfully developing self-protected WSN applications. In this paper, we propose a self-protection solution for WSNs based on the combination of the INTER-TRUST security framework (a solution for the dynamic negotiation and deployment of security policies) and the FamiWare middleware (a DSPL approach to automatically configure and reconfigure instances of a middleware for WSNs).We evaluate our approach using a case study from the intelligent transportation system domain.

Dynamic Reconfiguration of Security Policies in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Mónica Pinto

2015-03-01

Full Text Available Providing security and privacy to wireless sensor nodes (WSNs is very challenging, due to the heterogeneity of sensor nodes and their limited capabilities in terms of energy, processing power and memory. The applications for these systems run in a myriad of sensors with different low-level programming abstractions, limited capabilities and different routing protocols. This means that applications for WSNs need mechanisms for self-adaptation and for self-protection based on the dynamic adaptation of the algorithms used to provide security. Dynamic software product lines (DSPLs allow managing both variability and dynamic software adaptation, so they can be considered a key technology in successfully developing self-protected WSN applications. In this paper, we propose a self-protection solution for WSNs based on the combination of the INTER-TRUST security framework (a solution for the dynamic negotiation and deployment of security policies and the FamiWare middleware (a DSPL approach to automatically configure and reconfigure instances of a middleware for WSNs.We evaluate our approach using a case study from the intelligent transportation system domain.

Complex networks: Dynamics and security

Indian Academy of Sciences (India)

This paper presents a perspective in the study of complex networks by focusing on how dynamics may affect network security under attacks. ... Department of Mathematics and Statistics, Arizona State University, Tempe, Arizona 85287, USA; Institute of Mathematics and Computer Science, University of Sao Paulo, Brazil ...

Macro Security Methodology for Conducting Facility Security and Sustainability Assessments

International Nuclear Information System (INIS)

Herdes, Greg A.; Freier, Keith D.; Wright, Kyle A.

2007-01-01

Pacific Northwest National Laboratory (PNNL) has developed a macro security strategy that not only addresses traditional physical protection systems, but also focuses on sustainability as part of the security assessment and management process. This approach is designed to meet the needs of virtually any industry or environment requiring critical asset protection. PNNL has successfully demonstrated the utility of this macro security strategy through its support to the NNSA Office of Global Threat Reduction implementing security upgrades at international facilities possessing high activity radioactive sources that could be used in the assembly of a radiological dispersal device, commonly referred to as a 'dirty bomb'. Traditional vulnerability assessments provide a snap shot in time of the effectiveness of a physical protection system without significant consideration to the sustainability of the component elements that make up the system. This paper describes the approach and tools used to integrate technology, plans and procedures, training, and sustainability into a simple, quick, and easy-to-use security assessment and management tool.

The House of Security: Stakeholder Perceptions of Security Assessment and Importance

OpenAIRE

Ang, Wee Horng; Deng, Vicki; Lee, Yang; Madnick, Stuart; Mistree, Dinsha; Siegel, Michael; Strong, Diane

2007-01-01

In this paper we introduce a methodology for analyzing differences regarding security perceptions within and between stakeholders, and the elements which affect these perceptions. We have designed the €܈ouse of Security€ݬ a security assessment model that provides the basic framework for considering eight different constructs of security: Vulnerability, Accessibility, Confidentiality, Technology Resources for Security, Financial Resources for Security, Business Strategy for Security, Secur...

Security Analysis of Dynamic SDN Architectures Based on Game Theory

Directory of Open Access Journals (Sweden)

Chao Qi

2018-01-01

Full Text Available Security evaluation of SDN architectures is of critical importance to develop robust systems and address attacks. Focused on a novel-proposed dynamic SDN framework, a game-theoretic model is presented to analyze its security performance. This model can represent several kinds of players’ information, simulate approximate attack scenarios, and quantitatively estimate systems’ reliability. And we explore several typical game instances defined by system’s capability, players’ objects, and strategies. Experimental results illustrate that the system’s detection capability is not a decisive element to security enhancement as introduction of dynamism and redundancy into SDN can significantly improve security gain and compensate for its detection weakness. Moreover, we observe a range of common strategic actions across environmental conditions. And analysis reveals diverse defense mechanisms adopted in dynamic systems have different effect on security improvement. Besides, the existence of equilibrium in particular situations further proves the novel structure’s feasibility, flexibility, and its persistent ability against long-term attacks.

Conducting Computer Security Assessments at Nuclear Facilities

International Nuclear Information System (INIS)

2016-06-01

Computer security is increasingly recognized as a key component in nuclear security. As technology advances, it is anticipated that computer and computing systems will be used to an even greater degree in all aspects of plant operations including safety and security systems. A rigorous and comprehensive assessment process can assist in strengthening the effectiveness of the computer security programme. This publication outlines a methodology for conducting computer security assessments at nuclear facilities. The methodology can likewise be easily adapted to provide assessments at facilities with other radioactive materials

Security threat assessment of an Internet security system using attack tree and vague sets.

Science.gov (United States)

Chang, Kuei-Hu

2014-01-01

Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system's elementary event are incomplete--the traditional approach for calculating reliability--is no longer applicable. Moreover, it does not consider the failure probability of the bottom events suffered in the attack, which may bias conclusions. In order to effectively solve the problem above, this paper proposes a novel technique, integrating attack tree and vague sets for security threat assessment. For verification of the proposed approach, a numerical example of an Internet security system security threat assessment is adopted in this paper. The result of the proposed method is compared with the listing approaches of security threat assessment methods.

A Dynamic Framework for Water Security

Science.gov (United States)

Srinivasan, Veena; Konar, Megan; Sivapalan, Murugesu

2017-04-01

Water security is a multi-faceted problem, going beyond mere balancing of supply and demand. Conventional attempts to quantify water security starting rely on static indices at a particular place and point in time. While these are simple and scalable, they lack predictive or explanatory power. 1) Most static indices focus on specific spatial scales and largely ignore cross-scale feedbacks between human and water systems. 2) They fail to account for the increasing spatial specialization in the modern world - some regions are cities others are agricultural breadbaskets; so water security means different things in different places. Human adaptation to environmental change necessitates a dynamic view of water security. We present a framework that defines water security as an emergent outcome of a coupled socio-hydrologic system. Over the medium term (5-25 years), water security models might hold governance, culture and infrastructure constant, but allow humans to respond to changes and thus predict how water security would evolve. But over very long time-frames (25-100 years), a society's values, norms and beliefs themselves may themselves evolve; these in turn may prompt changes in policy, governance and infrastructure. Predictions of water security in the long term involve accounting for such regime shifts in the cultural and political context of a watershed by allowing the governing equations of the models to change.

MANAGEMENT OF RESOURCES IN DYNAMICALLY CHANGING SECURITY ENVRIONMENT

Directory of Open Access Journals (Sweden)

Sevdalina Dimitrova

2014-09-01

Full Text Available The monograph recommends integration between science and practice, experts from national bodies and scientific research potential of academic community of military universities in the field of management of resources of security and defence in accordance to the challenges in security environment caused by its dynamic and often unpredictable changes.

6 CFR 27.215 - Security vulnerability assessments.

Science.gov (United States)

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Security vulnerability assessments. 27.215 Section 27.215 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.215 Security vulnerability...

Considerations on Cyber Security Assessments of Korean Nuclear Power Plants

International Nuclear Information System (INIS)

Lee, Jung-Woon; Song, Jae-Gu; Han, Kyung-Soo; Lee, Cheol Kwon; Kang, Mingyun

2015-01-01

Korea Institute of Nuclear Nonproliferation and Control (KINAC) has prepared the regulatory standard RS-015 based on RG 5.71. RS-015 defines the elements of a cyber security program to be established in nuclear facilities and describes the security control items and relevant requirements. Cyber security assessments are important initial activities in a cyber security program for NPPs. Cyber security assessments can be performed in the following key steps: 1) Formation of a cyber security assessment team (CSAT); 2) Identification of critical systems and critical digital assets (CDAs); 3) Plant compliance checks with the security control requirements in RS-015. Through the assessments, the current status of security controls applied to NPPs can be found out. The assessments provide baseline data for remedial activities. Additional analyses with the results from the assessments should be performed before the implementation of remedial security controls. The cyber security team at the Korea Atomic Energy Research Institute (KAERI) has studied how to perform cyber security assessments for NPPs based on the regulatory requirements. Recently, KAERI's cyber security team has performed pilot cyber security assessments of a Korean NPP. Based on this assessment experience, considerations and checkpoints which would be helpful for full-scale cyber security assessments of Korean NPPs and the implementation of remedial security controls are discussed in this paper. Cyber security assessment is one of important and immediate activities for NPP cyber security. The quality of the first assessment will be a barometer for NPP cyber security. Hence cyber security assessments of Korean NPPs should be performed elaborately

Considerations on Cyber Security Assessments of Korean Nuclear Power Plants

Energy Technology Data Exchange (ETDEWEB)

Lee, Jung-Woon; Song, Jae-Gu; Han, Kyung-Soo; Lee, Cheol Kwon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of); Kang, Mingyun [E-Gonggam Co. Ltd., Daejeon (Korea, Republic of)

2015-10-15

Korea Institute of Nuclear Nonproliferation and Control (KINAC) has prepared the regulatory standard RS-015 based on RG 5.71. RS-015 defines the elements of a cyber security program to be established in nuclear facilities and describes the security control items and relevant requirements. Cyber security assessments are important initial activities in a cyber security program for NPPs. Cyber security assessments can be performed in the following key steps: 1) Formation of a cyber security assessment team (CSAT); 2) Identification of critical systems and critical digital assets (CDAs); 3) Plant compliance checks with the security control requirements in RS-015. Through the assessments, the current status of security controls applied to NPPs can be found out. The assessments provide baseline data for remedial activities. Additional analyses with the results from the assessments should be performed before the implementation of remedial security controls. The cyber security team at the Korea Atomic Energy Research Institute (KAERI) has studied how to perform cyber security assessments for NPPs based on the regulatory requirements. Recently, KAERI's cyber security team has performed pilot cyber security assessments of a Korean NPP. Based on this assessment experience, considerations and checkpoints which would be helpful for full-scale cyber security assessments of Korean NPPs and the implementation of remedial security controls are discussed in this paper. Cyber security assessment is one of important and immediate activities for NPP cyber security. The quality of the first assessment will be a barometer for NPP cyber security. Hence cyber security assessments of Korean NPPs should be performed elaborately.

Nuclear Power Plant Cyber Security Discrete Dynamic Event Tree Analysis (LDRD 17-0958) FY17 Report

Energy Technology Data Exchange (ETDEWEB)

Wheeler, Timothy A. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Denman, Matthew R. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Williams, R. A. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Martin, Nevin [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Jankovsky, Zachary Kyle [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

2017-09-01

Instrumentation and control of nuclear power is transforming from analog to modern digital assets. These control systems perform key safety and security functions. This transformation is occurring in new plant designs as well as in the existing fleet of plants as the operation of those plants is extended to 60 years. This transformation introduces new and unknown issues involving both digital asset induced safety issues and security issues. Traditional nuclear power risk assessment tools and cyber security assessment methods have not been modified or developed to address the unique nature of cyber failure modes and of cyber security threat vulnerabilities. iii This Lab-Directed Research and Development project has developed a dynamic cyber-risk in- formed tool to facilitate the analysis of unique cyber failure modes and the time sequencing of cyber faults, both malicious and non-malicious, and impose those cyber exploits and cyber faults onto a nuclear power plant accident sequence simulator code to assess how cyber exploits and cyber faults could interact with a plants digital instrumentation and control (DI&C) system and defeat or circumvent a plants cyber security controls. This was achieved by coupling an existing Sandia National Laboratories nuclear accident dynamic simulator code with a cyber emulytics code to demonstrate real-time simulation of cyber exploits and their impact on automatic DI&C responses. Studying such potential time-sequenced cyber-attacks and their risks (i.e., the associated impact and the associated degree of difficulty to achieve the attack vector) on accident management establishes a technical risk informed framework for developing effective cyber security controls for nuclear power.

Dynamic vulnerability assessment and intelligent control for sustainable power systems

CERN Document Server

Gonzalez-Longatt, Francisco

2018-01-01

Identifying, assessing, and mitigating electric power grid vulnerabilities is a growing focus in short-term operational planning of power systems. Through illustrated application, this important guide surveys state-of-the-art methodologies for the assessment and enhancement of power system security in short-term operational planning and real-time operation. The methodologies employ advanced methods from probabilistic theory, data mining, artificial intelligence, and optimization, to provide knowledge-based support for monitoring, control (preventive and corrective), and decision making tasks. Key features: Introduces behavioural recognition in wide-area monitoring and security constrained optimal power flow for intelligent control and protection and optimal grid management. Provides in-depth understanding of risk-based reliability and security assessment, dynamic vulnerability as essment methods, supported by the underpinning mathematics. Develops expertise in mitigation techniques using intelligent protect...

Three tenets for secure cyber-physical system design and assessment

Science.gov (United States)

Hughes, Jeff; Cybenko, George

2014-06-01

This paper presents a threat-driven quantitative mathematical framework for secure cyber-physical system design and assessment. Called The Three Tenets, this originally empirical approach has been used by the US Air Force Research Laboratory (AFRL) for secure system research and development. The Tenets were first documented in 2005 as a teachable methodology. The Tenets are motivated by a system threat model that itself consists of three elements which must exist for successful attacks to occur: - system susceptibility; - threat accessibility and; - threat capability. The Three Tenets arise naturally by countering each threat element individually. Specifically, the tenets are: Tenet 1: Focus on What's Critical - systems should include only essential functions (to reduce susceptibility); Tenet 2: Move Key Assets Out-of-Band - make mission essential elements and security controls difficult for attackers to reach logically and physically (to reduce accessibility); Tenet 3: Detect, React, Adapt - confound the attacker by implementing sensing system elements with dynamic response technologies (to counteract the attackers' capabilities). As a design methodology, the Tenets mitigate reverse engineering and subsequent attacks on complex systems. Quantified by a Bayesian analysis and further justified by analytic properties of attack graph models, the Tenets suggest concrete cyber security metrics for system assessment.

Real time security assessment in national load dispatch centre, Tenaga Nasional Berhad, Malaysia

Energy Technology Data Exchange (ETDEWEB)

Sreedharan, G. [Tenaga Nasional Berhad, Kuala Lumpur (Malaysia); Moghavvemi, M. [Univ. of Malaya, Kuala Lumpur (Malaysia)

2007-07-01

Electric energy is one of the most important resources of modern industrial society. Electric power is available to the user instantly at the correct voltage, frequency and exactly at the amount that is needed. However, the power system is subjected to constant disturbances created by random load changes, faults created by natural causes and by equipment failures. One of the major impacts of the disturbances to the system is the impact imposed on transmission networks or corridors, which have increased the demand for more accurate and up to date information on the power system. It has become impossible to operate the system with an acceptable degree of security by using traditional operational planning studies that are conducted off-line and use forecast conditions to predict system security limits. Therefore the use of on-line security assessment is quickly becoming a necessity. This paper simplified the general off-line security assessment methodology by attempting to use the real time system snap shot data as an input to the dynamic security assessment tool namely VSAT. The study used raw data produced at every 10 minute cycle in order to conduct a security assessment of the power system, including current power system load; network topology; unit commitment; and generator and transmission line outages. The purpose of the project was to implement a real time security assessment to benefit the system operators to assist them in their daily work in monitoring and operating the power system in Tenaga Nasional Berhad. The paper discussed project implementation including a description of the project and project background. It discussed the operation of VSAT, result display, and future enhancement. 18 refs., 5 figs.

Spatio-temporal dynamics of security investments in an interdependent risk environment

Science.gov (United States)

Shafi, Kamran; Bender, Axel; Zhong, Weicai; Abbass, Hussein A.

2012-10-01

In a globalised world where risks spread through contagion, the decision of an entity to invest in securing its premises from stochastic risks no longer depends solely on its own actions but also on the actions of other interacting entities in the system. This phenomenon is commonly seen in many domains including airline, logistics and computer security and is referred to as Interdependent Security (IDS). An IDS game models this decision problem from a game-theoretic perspective and deals with the behavioural dynamics of risk-reduction investments in such settings. This paper enhances this model and investigates the spatio-temporal aspects of the IDS games. The spatio-temporal dynamics are studied using simple replicator dynamics on a variety of network structures and for various security cost tradeoffs that lead to different Nash equilibria in an IDS game. The simulation results show that the neighbourhood configuration has a greater effect on the IDS game dynamics than network structure. An in-depth empirical analysis of game dynamics is carried out on regular graphs, which leads to the articulation of necessary and sufficient conditions for dominance in IDS games under spatial constraints.

Secure Group Communications for Large Dynamic Multicast Group

Institute of Scientific and Technical Information of China (English)

Liu Jing; Zhou Mingtian

2003-01-01

As the major problem in multicast security, the group key management has been the focus of research But few results are satisfactory. In this paper, the problems of group key management and access control for large dynamic multicast group have been researched and a solution based on SubGroup Secure Controllers (SGSCs) is presented, which solves many problems in IOLUS system and WGL scheme.

Security assessment in harbours: parameters to be considered

Energy Technology Data Exchange (ETDEWEB)

Romero Faz, D.; Camarero Orive, A.

2016-07-01

The ports are the main node in the supply chain and freight transportation. The terrorist attacks of September 11, 2001 marked a turning point in global security. Following this event, and from then on, there is a widespread fear of an attack on commercial ports. The development of the International Ship and Port Facility Security (ISPS) Code of the International Maritime Organization (IMO), and the implementation of the measures derived from it, have significantly improved security at port facilities. However, the experience in recent decades indicates the need for adjustments in the security assessment, in order to improve risk assessment, which is sometimes either underestimated or overestimated. As a first result of the investigation, new parameters for assessing security are proposed considering new aspects on the basis of an analysis of the main methodologies specific to port facilities, the analysis of surveys of the responsible managers for the security of the Spanish port system, and the analysis of the security statistics obtained through security forces. (Author)

Cyber/Physical Security Vulnerability Assessment Integration

International Nuclear Information System (INIS)

MacDonald, Douglas G.; Key, Brad; Clements, Samuel L.; Hutton, William J.; Craig, Philip A.; Patrick, Scott W.; Crawford, Cary E.

2011-01-01

This internally funded Laboratory-Directed R and D project by the Pacific Northwest National Laboratory, in conjunction with QinetiQ North America, is intended to identify and properly assess areas of overlap (and interaction) in the vulnerability assessment process between cyber security and physical protection. Existing vulnerability analysis (VA) processes and software tools exist, and these are heavily utilized in the determination of predicted vulnerability within the physical and cyber security domains. These determinations are normally performed independently of one another, and only interact on a superficial level. Both physical and cyber security subject matter experts have come to realize that though the various interactive elements exist, they are not currently quantified in most periodic security assessments. This endeavor aims to evaluate both physical and cyber VA techniques and provide a strategic approach to integrate the interdependent relationships of each into a single VA capability. This effort will also transform the existing suite of software currently utilized in the physical protection world to more accurately quantify the risk associated with a blended attack scenario. Performance databases will be created to support the characterization of the cyber security elements, and roll them into prototype software tools. This new methodology and software capability will enable analysts to better identify and assess the overall risk during a vulnerability analysis.

Profiles of Food Security for US Farmworker Households and Factors Related to Dynamic of Change.

Science.gov (United States)

Ip, Edward H; Saldana, Santiago; Arcury, Thomas A; Grzywacz, Joseph G; Trejo, Grisel; Quandt, Sara A

2015-10-01

We recruited 248 farmworker families with preschool-aged children in North Carolina and examined food security indicators over 24 months to identify food security patterns and examine the dynamic of change over time. Participants in the Niños Sanos study, conducted 2011 to 2014, completed quarterly food security assessments. Based on responses to items in the US Household Food Security Survey Module, we identified different states of food security by using hidden Markov model analysis, and examined factors associated with different states. We delineated factors associated with changes in state by using mixed-effect ordinal logistic regression. About half of the households (51%) consistently stayed in the most food-secure state. The least food-secure state was transient, with only 29% probability of this state for 2 consecutive quarters. Seasonal (vs migrant) work status, having immigration documents (vs not documented), and season predicted higher levels of food security. Heterogeneity in food security among farmworker households calls for tailoring intervention strategies. The transiency and unpredictability of low food security suggest that access to safety-net programs could reduce low food security risk in this population.

Risk assessment techniques for civil aviation security

Energy Technology Data Exchange (ETDEWEB)

Tamasi, Galileo, E-mail: g.tamasi@enac.rupa.i [Ente Nazionale per l' Aviazione Civile-Direzione Progetti, Studi e Ricerche, Via di Villa Ricotti, 42, 00161 Roma (Italy); Demichela, Micaela, E-mail: micaela.demichela@polito.i [SAfeR-Centro Studi su Sicurezza, Affidabilita e Rischi, Dipartimento di Scienza dei Materiali e Ingegneria Chimica, Politecnico di Torino, Corso Duca degli Abruzzi, 24, 10129 Torino (Italy)

2011-08-15

Following the 9/11 terrorists attacks in New York a strong economical effort was made to improve and adapt aviation security, both in infrastructures as in airplanes. National and international guidelines were promptly developed with the objective of creating a security management system able to supervise the identification of risks and the definition and optimization of control measures. Risk assessment techniques are thus crucial in the above process, since an incorrect risk identification and quantification can strongly affect both the security level as the investments needed to reach it. The paper proposes a set of methodologies to qualitatively and quantitatively assess the risk in the security of civil aviation and the risk assessment process based on the threats, criticality and vulnerabilities concepts, highlighting their correlation in determining the level of risk. RAMS techniques are applied to the airport security system in order to analyze the protection equipment for critical facilities located in air-side, allowing also the estimation of the importance of the security improving measures vs. their effectiveness.

Risk assessment techniques for civil aviation security

International Nuclear Information System (INIS)

Tamasi, Galileo; Demichela, Micaela

2011-01-01

Following the 9/11 terrorists attacks in New York a strong economical effort was made to improve and adapt aviation security, both in infrastructures as in airplanes. National and international guidelines were promptly developed with the objective of creating a security management system able to supervise the identification of risks and the definition and optimization of control measures. Risk assessment techniques are thus crucial in the above process, since an incorrect risk identification and quantification can strongly affect both the security level as the investments needed to reach it. The paper proposes a set of methodologies to qualitatively and quantitatively assess the risk in the security of civil aviation and the risk assessment process based on the threats, criticality and vulnerabilities concepts, highlighting their correlation in determining the level of risk. RAMS techniques are applied to the airport security system in order to analyze the protection equipment for critical facilities located in air-side, allowing also the estimation of the importance of the security improving measures vs. their effectiveness.

Security Threat Assessment of an Internet Security System Using Attack Tree and Vague Sets

OpenAIRE

Kuei-Hu Chang

2014-01-01

Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system’s elementary event are incomplete—the traditional approach for ca...

Soil Security Assessment of Tasmania

Science.gov (United States)

Field, Damien; Kidd, Darren; McBratney, Alex

2017-04-01

The concept of soil security aligns well with the aspirational and marketing policies of the Tasmanian Government, where increased agricultural expansion through new irrigation schemes and multiple-use State managed production forests co-exists beside pristine World Heritage conservation land, a major drawcard of the economically important tourism industry . Regarding the Sustainable Development Gaols (SDG's) this could be seen as a exemplar of the emerging tool for quantification of spatial soil security to effectively protect our soil resource in terms of food (SDG 2.4, 3.9) and water security (SDG 6.4, 6.6), biodiversity maintenance and safeguarding fragile ecosystems (SDG 15.3, 15.9). The recent development and application of Digital Soil Mapping and Assessment capacities in Tasmania to stimulate agricultural production and better target appropriate soil resources has formed the foundational systems that can enable the first efforts in quantifying and mapping Tasmanian Soil Security, in particular the five Soil Security dimensions (Capability, Condition, Capital, Codification and Connectivity). However, to provide a measure of overall soil security, it was necessary to separately assess the State's three major soil uses; Agriculture, Conservation and Forestry. These products will provide an indication of where different activities are sustainable or at risk, where more soil data is needed, and provide a tool to better plan for a State requiring optimal food and fibre production, without depleting its natural soil resources and impacting on the fragile ecosystems supporting environmental benefits and the tourism industry.

Security infrastructure for dynamically provisioned cloud infrastructure services

NARCIS (Netherlands)

Demchenko, Y.; Ngo, C.; de Laat, C.; Lopez, D.R.; Morales, A.; García-Espín, J.A.; Pearson, S.; Yee, G.

2013-01-01

This chapter discusses conceptual issues, basic requirements and practical suggestions for designing dynamically configured security infrastructure provisioned on demand as part of the cloud-based infrastructure. This chapter describes general use cases for provisioning cloud infrastructure services

Secure physical layer using dynamic permutations in cognitive OFDMA systems

DEFF Research Database (Denmark)

Meucci, F.; Wardana, Satya Ardhy; Prasad, Neeli R.

2009-01-01

This paper proposes a novel lightweight mechanism for a secure Physical (PHY) layer in Cognitive Radio Network (CRN) using Orthogonal Frequency Division Multiplexing (OFDM). User's data symbols are mapped over the physical subcarriers with a permutation formula. The PHY layer is secured...... with a random and dynamic subcarrier permutation which is based on a single pre-shared information and depends on Dynamic Spectrum Access (DSA). The dynamic subcarrier permutation is varying over time, geographical location and environment status, resulting in a very robust protection that ensures...... confidentiality. The method is shown to be effective also for existing non-cognitive systems. The proposed mechanism is effective against eavesdropping even if the eavesdropper adopts a long-time patterns analysis, thus protecting cryptography techniques of higher layers. The correlation properties...

SAInt – A novel quasi-dynamic model for assessing security of supply in coupled gas and electricity transmission networks

NARCIS (Netherlands)

Pambour, Kwabena Addo; Cakir Erdener, Burcin; Bolado-Lavin, Ricardo; Dijkema, Gerhard P.J.

2017-01-01

The integration of renewable energy sources into existing electric power systems is connected with an increased interdependence between natural gas and electricity transmission networks. To analyse this interdependence and its impact on security of supply, we developed a novel quasi-dynamic

An energy security management model using quality function deployment and system dynamics

International Nuclear Information System (INIS)

Shin, Juneseuk; Shin, Wan-Seon; Lee, Changyong

2013-01-01

An energy security management model using quality function deployment (QFD) and system dynamics (SD) is suggested for application in public policymaking in developing economies. Through QFD, experts are guided toward identifying key energy security components, including indicators and policies, and in making these components consistent, focused, and customized for a particular country. Using these components as inputs, we construct an intermediate complex system dynamics model with a minimal number of crucial interactions. Key policies are simulated and evaluated in terms of the improvement of key indicators. Even with little data, our approach provides a coherent, useful, and customized energy security management model to help policymakers more effectively manage national energy security. To demonstrate its advantages, the model is applied to the Korean gas sector as an example. - Highlights: ► We suggest an energy security management model for developing economies. ► We identify a consistent set of key components, indicators and policies by using QFD. ► A coherent and practical system dynamics model based on QFD's output is constructed. ► The model is applied to the Korean gas sector as an example

Security Measures in Automated Assessment System for Programming Courses

Directory of Open Access Journals (Sweden)

Jana Šťastná

2015-12-01

Full Text Available A desirable characteristic of programming code assessment is to provide the learner the most appropriate information regarding the code functionality as well as a chance to improve. This can be hardly achieved in case the number of learners is high (500 or more. In this paper we address the problem of risky code testing and availability of an assessment platform Arena, dealing with potential security risks when providing an automated assessment for a large set of source code. Looking at students’ programs as if they were potentially malicious inspired us to investigate separated execution environments, used by security experts for secure software analysis. The results also show that availability issues of our assessment platform can be conveniently resolved with task queues. A special attention is paid to Docker, a virtual container ensuring no risky code can affect the assessment system security. The assessment platform Arena enables to regularly, effectively and securely assess students' source code in various programming courses. In addition to that it is a motivating factor and helps students to engage in the educational process.

Information security system quality assessment through the intelligent tools

Science.gov (United States)

Trapeznikov, E. V.

2018-04-01

The technology development has shown the automated system information security comprehensive analysis necessity. The subject area analysis indicates the study relevance. The research objective is to develop the information security system quality assessment methodology based on the intelligent tools. The basis of the methodology is the information security assessment model in the information system through the neural network. The paper presents the security assessment model, its algorithm. The methodology practical implementation results in the form of the software flow diagram are represented. The practical significance of the model being developed is noted in conclusions.

Safety/security interface assessments at commercial nuclear power plants

International Nuclear Information System (INIS)

Byers, K.R.; Brown, P.J.; Norderhaug, L.R.

1985-01-01

The findings of the Haynes Task Force Committee (NUREG-0992) are used as the basis for defining safety/security assessment team activities at commercial nuclear power plants in NRC Region V. A safety/security interface assessment outline and the approach used for making the assessments are presented along with the composition of team members. As a result of observing simulated plant emergency conditions during scheduled emergency preparedness exercises, examining security and operational response procedures, and interviewing plant personnel, the team has identified instances where safety/security conflicts can occur

Safety/security interface assessments at commercial nuclear power plants

International Nuclear Information System (INIS)

Byers, K.R.; Brown, P.J.; Norderhaug, L.R.

1985-07-01

The findings of the Haynes Task Force Committee (NUREG-0992) are used as the basis for defining safety/security assessment team activities at commercial nuclear power plants in NRC Region V. A safety/security interface assessment outline and the approach used for making the assessments are presented along with the composition of team members. As a result of observing simulated plant emergency conditions during scheduled emergency preparedness exercises, examining security and operational response procedures, and interviewing plant personnel, the team has identified instances where safety/security conflicts can occur. 2 refs

Gene expression programming for power system static security ...

African Journals Online (AJOL)

user

fuzzy logic, artificial neural networks and expert systems have been explored for static security assessment problems (Bansal et ..... MATLAB version 7.6 neural network toolbox was ..... Vision 2020 Dynamic Security Assessment in Real time.

Validation of the "Security Needs Assessment Profile" for measuring the profiles of security needs of Chinese forensic psychiatric inpatients.

Science.gov (United States)

Siu, B W M; Au-Yeung, C C Y; Chan, A W L; Chan, L S Y; Yuen, K K; Leung, H W; Yan, C K; Ng, K K; Lai, A C H; Davies, S; Collins, M

Mapping forensic psychiatric services with the security needs of patients is a salient step in service planning, audit and review. A valid and reliable instrument for measuring the security needs of Chinese forensic psychiatric inpatients was not yet available. This study aimed to develop and validate the Chinese version of the Security Needs Assessment Profile for measuring the profiles of security needs of Chinese forensic psychiatric inpatients. The Security Needs Assessment Profile by Davis was translated into Chinese. Its face validity, content validity, construct validity and internal consistency reliability were assessed by measuring the security needs of 98 Chinese forensic psychiatric inpatients. Principal factor analysis for construct validity provided a six-factor security needs model explaining 68.7% of the variance. Based on the Cronbach's alpha coefficient, the internal consistency reliability was rated as acceptable for procedural security (0.73), and fair for both physical security (0.62) and relational security (0.58). A significant sex difference (p=0.002) in total security score was found. The Chinese version of the Security Needs Assessment Profile is a valid and reliable instrument for assessing the security needs of Chinese forensic psychiatric inpatients. Copyright © 2017 Elsevier Ltd. All rights reserved.

Integrated Safeguards and Security Management Self-Assessment 2004

Energy Technology Data Exchange (ETDEWEB)

Lunford, Dan; Ramsey, Dwayne

2005-04-01

In 2002 Ernest Orlando Lawrence Berkeley National Laboratory deployed the first Integrated Safeguards and Security Management (ISSM) Self-Assessment process, designed to measure the effect of the Laboratory's ISSM efforts. This process was recognized by DOE as a best practice and model program for self-assessment and training. In 2004, the second Self-Assessment was launched. The cornerstone of this process was an employee survey that was designed to meet several objectives: (1) Ensure that Laboratory assets are protected. (2) Provide a measurement of the Laboratory's current security status that can be compared against the 2002 Self-Assessment baseline. (3) Educate all Laboratory staff about security responsibilities, tools, and practices. (4) Provide security staff with feedback on the effectiveness of security programs. (5) Provide line management with the information they need to make informed decisions about security. This 2004 Self Assessment process began in July 2004 with every employee receiving an information packet and instructions for completing the ISSM survey. The Laboratory-wide survey contained questions designed to measure awareness and conformance to policy and best practices. The survey response was excellent--90% of Berkeley Lab employees completed the questionnaire. ISSM liaisons from each division followed up on the initial survey results with individual employees to improve awareness and resolve ambiguities uncovered by the questionnaire. As with the 2002 survey, the Self-Assessment produced immediate positive results for the ISSM program and revealed opportunities for longer-term corrective actions. Results of the questionnaire provided information for organizational profiles and an institutional summary. The overall level of security protection and awareness was very high--often above 90%. Post-survey work by the ISSM liaisons and line management consistently led to improved awareness and metrics, as shown by a comparison of

Using VO Concept for Managing Dynamic Security Associations

NARCIS (Netherlands)

Demchenko, Y.; Gommans, L.; de Laat, C.T.A.M.

2006-01-01

This research paper presents results of the analysis how the Virtual Organisation (VO) concept can be used for managing dynamic security associations in collaborative applications and for complex resource provisioning. The paper provides an overview of the current practice in VO management at the

The Dynamics of the Option-Adjusted Spread of Brady Bond Securities

Directory of Open Access Journals (Sweden)

Luiz Otavio Calôba

2003-06-01

Full Text Available Brady bond securities represent a substantial fraction of emerging markets countries internationally tradable sovereign debt. The credit risk spread above and beyond the U.S. treasury curve for these securities is usually large in size and volatility. Moreover, most Brady bonds carry embedded options that lead to the existence of an Option-Adjusted Spread, OAS, which increase their risk profiles. In this paper we present an empirical study of the dynamics of Brady bonds OAS using a heath, Jarrow and Morton term structure pricing model. The dynamics of the spread shows that the proper risk management and pricing of these securities require the consideration of volatility in addition to the magnitude of the sovereign risk spread. That is, the proper risk measure for these securities would be the pair (OAS, OAS Volatility. A study of implied default probabilities is also presented. Our analysis is illustrated with bonds from Brazil, Argentina, Mexico, Poland, Bulgaria and the Philippines.

THE MODEL FOR RISK ASSESSMENT ERP-SYSTEMS INFORMATION SECURITY

Directory of Open Access Journals (Sweden)

V. S. Oladko

2016-12-01

Full Text Available The article deals with the problem assessment of information security risks in the ERP-system. ERP-system functions and architecture are studied. The model malicious impacts on levels of ERP-system architecture are composed. Model-based risk assessment, which is the quantitative and qualitative approach to risk assessment, built on the partial unification 3 methods for studying the risks of information security - security models with full overlapping technique CRAMM and FRAP techniques developed.

Analysis of Dynamic Complexity of the Cyber Security Ecosystem of Colombia

Directory of Open Access Journals (Sweden)

Angélica Flórez

2016-07-01

Full Text Available This paper presents two proposals for the analysis of the complexity of the Cyber security Ecosystem of Colombia (CEC. This analysis shows the available knowledge about entities engaged in cyber security in Colombia and the relationships between them, which allow an understanding of the synergy between the different existing components. The complexity of the CEC is detailed from the view of the Influence Diagram of System Dynamics and the Domain Diagram of Software Engineering. The resulting model makes cyber security evident as a strategic component of national security.

A GIS-based decision support system for regional eco-security assessment and its application on the Tibetan Plateau.

Science.gov (United States)

Xiaodan, Wang; Xianghao, Zhong; Pan, Gao

2010-10-01

Regional eco-security assessment is an intricate, challenging task. In previous studies, the integration of eco-environmental models and geographical information systems (GIS) usually takes two approaches: loose coupling and tight coupling. However, the present study used a full coupling approach to develop a GIS-based regional eco-security assessment decision support system (ESDSS). This was achieved by merging the pressure-state-response (PSR) model and the analytic hierarchy process (AHP) into ArcGIS 9 as a dynamic link library (DLL) using ArcObjects in ArcGIS and Visual Basic for Applications. Such an approach makes it easy to capitalize on the GIS visualization and spatial analysis functions, thereby significantly supporting the dynamic estimation of regional eco-security. A case study is presented for the Tibetan Plateau, known as the world's "third pole" after the Arctic and Antarctic. Results verified the usefulness and feasibility of the developed method. As a useful tool, the ESDSS can also help local managers to make scientifically-based and effective decisions about Tibetan eco-environmental protection and land use. Copyright (c) 2010 Elsevier Ltd. All rights reserved.

Assessing Security of Supply: Three Methods Used in Finland

Science.gov (United States)

Sivonen, Hannu

Public Private Partnership (PPP) has an important role in securing supply in Finland. Three methods are used in assessing the level of security of supply. First, in national expert groups, a linear mathematical model has been used. The model is based on interdependency estimates. It ranks societal functions or its more detailed components, such as items in the food supply chain, according to the effect and risk pertinent to the interdependencies. Second, the security of supply is assessed in industrial branch committees (clusters and pools) in the form of indicators. The level of security of supply is assessed against five generic factors (dimension 1) and tens of business branch specific functions (dimension 2). Third, in two thousand individual critical companies, the maturity of operational continuity management is assessed using Capability Maturity Model (CMM) in an extranet application. The pool committees and authorities obtain an anonymous summary. The assessments are used in allocating efforts for securing supply. The efforts may be new instructions, training, exercising, and in some cases, investment and regulation.

Enhancing Cyber Security for SME organizations through self-assessments : How self-assessment raises awareness

OpenAIRE

Hassinen, Tarmo

2017-01-01

This thesis primarily studied the importance of self-assessment in increasing business organizations’ cyber security awareness of their ICT environment. The secondary studied item was the relevance of self-assessment in detecting new business potential while understanding ICT environment changes. The self-assessment is based on FINCS, the Finnish basic level cyber security certificate launched in December 2016. FINCSC consists of physical and management security, ICT service and system securi...

Regulatory Guide on Conducting a Security Vulnerability Assessment

Energy Technology Data Exchange (ETDEWEB)

Ek, David R. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

2016-01-01

This document will provide guidelines on conducting a security vulnerability assessment at a facility regulated by the Radiation Protection Centre. The guidelines provide a performance approach assess security effectiveness. The guidelines provide guidance for a review following the objectives outlined in IAEA NSS#11 for Category 1, 2, & 3 sources.

Risk assessment by dynamic representation of vulnerability, exploitation, and impact

Science.gov (United States)

Cam, Hasan

2015-05-01

Assessing and quantifying cyber risk accurately in real-time is essential to providing security and mission assurance in any system and network. This paper presents a modeling and dynamic analysis approach to assessing cyber risk of a network in real-time by representing dynamically its vulnerabilities, exploitations, and impact using integrated Bayesian network and Markov models. Given the set of vulnerabilities detected by a vulnerability scanner in a network, this paper addresses how its risk can be assessed by estimating in real-time the exploit likelihood and impact of vulnerability exploitation on the network, based on real-time observations and measurements over the network. The dynamic representation of the network in terms of its vulnerabilities, sensor measurements, and observations is constructed dynamically using the integrated Bayesian network and Markov models. The transition rates of outgoing and incoming links of states in hidden Markov models are used in determining exploit likelihood and impact of attacks, whereas emission rates help quantify the attack states of vulnerabilities. Simulation results show the quantification and evolving risk scores over time for individual and aggregated vulnerabilities of a network.

Assessing the Security Vulnerabilities of Correctional Facilities

Energy Technology Data Exchange (ETDEWEB)

Morrison, G.S.; Spencer, D.S.

1998-10-27

The National Institute of Justice has tasked their Satellite Facility at Sandia National Laboratories and their Southeast Regional Technology Center in Charleston, South Carolina to devise new procedures and tools for helping correctional facilities to assess their security vulnerabilities. Thus, a team is visiting selected correctional facilities and performing vulnerability assessments. A vulnerability assessment helps to identi~ the easiest paths for inmate escape, for introduction of contraband such as drugs or weapons, for unexpected intrusion fi-om outside of the facility, and for the perpetration of violent acts on other inmates and correctional employees, In addition, the vulnerability assessment helps to quantify the security risks for the facility. From these initial assessments will come better procedures for performing vulnerability assessments in general at other correctional facilities, as well as the development of tools to assist with the performance of such vulnerability assessments.

DOE assessment guide for safeguards and security

International Nuclear Information System (INIS)

Bennett, C.A.; Christorpherson, W.E.; Clark, R.J.; Martin, F.; Hodges, Jr.

1978-04-01

DOE operations are periodically assessed to assure that special nuclear material, restricted data, and other classified information and DOE facilities are executed toward continuing the effectiveness of the International Atomic Energy Agency safeguards. A guide to describe the philosophy and mechanisms through which these assessments are conducted is presented. The assessment program is concerned with all contractor, field office, and Headquarters activities which are designed to assure that safeguards and security objectives are reached by contractors at DOE facilities and operations. The guide takes into account the interlocking relationship between many of the elements of an effective safeguards and security program. Personnel clearance programs are a part of protecting classified information as well as nuclear materials. Barriers that prevent or limit access may contribute to preventing theft of government property as well as protecting against sabotage. Procedures for control and surveillance need to be integrated with both information systems and procedures for mass balance accounting. Wherever possible, assessment procedures have been designed to perform integrated inspection, evaluation, and follow-up for the safeguards and security program

Information security risk assessment, aggregation, and mitigation

NARCIS (Netherlands)

Lenstra, A.K.; Voss, T.; Wang, H.; Pieprzyk, J.; Varadharajan, V.

2004-01-01

As part of their compliance process with the Basel 2 operational risk management requirements, banks must define how they deal with information security risk management. In this paper we describe work in progress on a new quantitative model to assess and aggregate information security risks that is

Self-Assessment of Nuclear Security Culture in Facilities and Activities. Technical Guidance

International Nuclear Information System (INIS)

2017-01-01

The IAEA has developed a comprehensive methodology for evaluating nuclear security culture. When implemented by a State, this methodology will help to make nuclear security culture sustainable. It will also promote cooperation and the sharing of good practices related to nuclear security culture. This publication is the first guidance for assessing nuclear security culture and analysing its strengths and weaknesses within a facility or activity, or an organization. It reflects, within the context of assessment, the nuclear security culture model, principles and criteria set out in the Implementing Guide, IAEA Nuclear Security Series No. 7. This guidance will be useful for organizations and operating facilities in conducting the self-assessment of nuclear security culture by providing practical methods and tools. It will also help regulatory bodies and other competent authorities to understand the self-assessment methodology used by operators, encourage operators to start the self-assessment process or, if appropriate, conduct independent assessments of nuclear security culture.

Public assessment of new surveillance-oriented security technologies: Beyond the trade-off between privacy and security.

Science.gov (United States)

Pavone, Vincenzo; Esposti, Sara Degli

2012-07-01

As surveillance-oriented security technologies (SOSTs) are considered security enhancing but also privacy infringing, citizens are expected to trade part of their privacy for higher security. Drawing from the PRISE project, this study casts some light on how citizens actually assess SOSTs through a combined analysis of focus groups and survey data. First, the outcomes suggest that people did not assess SOSTs in abstract terms but in relation to the specific institutional and social context of implementation. Second, from this embedded viewpoint, citizens either expressed concern about government's surveillance intentions and considered SOSTs mainly as privacy infringing, or trusted political institutions and believed that SOSTs effectively enhanced their security. None of them, however, seemed to trade privacy for security because concerned citizens saw their privacy being infringed without having their security enhanced, whilst trusting citizens saw their security being increased without their privacy being affected.

Assessing Information Security Strategies, Tactics, Logic and Framework

CERN Document Server

Vladimirov, Andrew; Michajlowski, Andriej

2010-01-01

This book deals with the philosophy, strategy and tactics of soliciting, managing and conducting information security audits of all flavours. It will give readers the founding principles around information security assessments and why they are important, whilst providing a fluid framework for developing an astute 'information security mind' capable of rapid adaptation to evolving technologies, markets, regulations, and laws.

Safety and security risk assessments--now demystified!

Science.gov (United States)

White, Donald E

2011-01-01

Safety/security risk assessments no longer need to spook nor baffle healthcare safety/security managers. This grid template provides at-at-glance quick lookup of the possible threats, the affected people and things, a priority ranking of these risks, and a workable solution for each risk. Using the standard document, spreadsheet, or graphics software already available on your computer, you can easily use a scientific method to produce professional looking risk assessments that get quickly understood by both senior managers and first responders alike!

Transmission grid security

CERN Document Server

Haarla, Liisa; Hirvonen, Ritva; Labeau, Pierre-Etienne

2011-01-01

In response to the growing importance of power system security and reliability, ""Transmission Grid Security"" proposes a systematic and probabilistic approach for transmission grid security analysis. The analysis presented uses probabilistic safety assessment (PSA) and takes into account the power system dynamics after severe faults. In the method shown in this book the power system states (stable, not stable, system breakdown, etc.) are connected with the substation reliability model. In this way it is possible to: estimate the system-wide consequences of grid faults; identify a chain of eve

An Encryption Key for Secure Authentication: The Dynamic Solution

Directory of Open Access Journals (Sweden)

Zubayr Khalid

2017-06-01

Full Text Available In modern day technology, the Information Society is at risk. Passwords are a multi-user computer systems usual first line of defence against intrusion. A password may be textual with any combination of alphanumeric characters or biometric or 3-D. But no authentication protocol is fully secured against todays hackers as all of them are Static in type. Dynamic authentication protocol is still a theoretical concept. In this paper, we are focusing on a concept of authentication technique which is actually dynamic in genre, i.e. the password here will change in t time (where t is as small as possible. This technique comprises of both hardware and software part. In this paper, we have covered the idea of generating an efficient algorithm that can work as the final in the Dynamic Password Authentication system. We have used standard deviation within statistics to generalize the possible password which is further secured by Feistel Block Cipher and Advanced Encryption Standard technique (AES, leading and following the said mathematics respectively. In order to allow the system to create variable password in the least time interval possible, we must make sure our process is not much complex.

Nuclear security assessment with Markov model approach

International Nuclear Information System (INIS)

Suzuki, Mitsutoshi; Terao, Norichika

2013-01-01

Nuclear security risk assessment with the Markov model based on random event is performed to explore evaluation methodology for physical protection in nuclear facilities. Because the security incidences are initiated by malicious and intentional acts, expert judgment and Bayes updating are used to estimate scenario and initiation likelihood, and it is assumed that the Markov model derived from stochastic process can be applied to incidence sequence. Both an unauthorized intrusion as Design Based Threat (DBT) and a stand-off attack as beyond-DBT are assumed to hypothetical facilities, and performance of physical protection and mitigation and minimization of consequence are investigated to develop the assessment methodology in a semi-quantitative manner. It is shown that cooperation between facility operator and security authority is important to respond to the beyond-DBT incidence. (author)

Integrated assessment and scenarios simulation of urban water security system in the southwest of China with system dynamics analysis.

Science.gov (United States)

Yin, Su; Dongjie, Guan; Weici, Su; Weijun, Gao

2017-11-01

The demand for global freshwater is growing, while global freshwater available for human use is limited within a certain time and space. Its security has significant impacts on both the socio-economic system and ecological system. Recently, studies have focused on the urban water security system (UWSS) in terms of either water quantity or water quality. In this study, water resources, water environment, and water disaster issues in the UWSS were combined to establish an evaluation index system with system dynamics (SD) and geographic information systems (GIS). The GIS method performs qualitative analysis from the perspective of the spatial dimension; meanwhile, the SD method performs quantitative calculation about related water security problems from the perspective of the temporal dimension. We established a UWSS model for Guizhou province, China to analyze influencing factors, main driving factors, and system variation law, by using the SD method. We simulated the water security system from 2005 to 2025 under four scenarios (Guiyang scenario, Zunyi scenario, Bijie scenario and combined scenario). The results demonstrate that: (1) the severity of water security in cities is ranked as follows: three cities are secure in Guizhou province, four cities are in basic security and two cities are in a situation of insecurity from the spatial dimension of GIS through water security synthesis; and (2) the major driving factors of UWSS in Guizhou province include agricultural irrigation water demand, soil and water losses area, a ratio increase to the standard of water quality, and investment in environmental protection. A combined scenario is the best solution for UWSS by 2025 in Guizhou province under the four scenarios from the temporal dimension of SD. The results of this study provide a useful suggestion for the management of freshwater for the cities of Guizhou province in southwest China.

Integrating a flexible modeling framework (FMF) with the network security assessment instrument to reduce software security risk

Science.gov (United States)

Gilliam, D. P.; Powell, J. D.

2002-01-01

This paper presents a portion of an overall research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

Dynamic Construction Scheme for Virtualization Security Service in Software-Defined Networks.

Science.gov (United States)

Lin, Zhaowen; Tao, Dan; Wang, Zhenji

2017-04-21

For a Software Defined Network (SDN), security is an important factor affecting its large-scale deployment. The existing security solutions for SDN mainly focus on the controller itself, which has to handle all the security protection tasks by using the programmability of the network. This will undoubtedly involve a heavy burden for the controller. More devastatingly, once the controller itself is attacked, the entire network will be paralyzed. Motivated by this, this paper proposes a novel security protection architecture for SDN. We design a security service orchestration center in the control plane of SDN, and this center physically decouples from the SDN controller and constructs SDN security services. We adopt virtualization technology to construct a security meta-function library, and propose a dynamic security service composition construction algorithm based on web service composition technology. The rule-combining method is used to combine security meta-functions to construct security services which meet the requirements of users. Moreover, the RETE algorithm is introduced to improve the efficiency of the rule-combining method. We evaluate our solutions in a realistic scenario based on OpenStack. Substantial experimental results demonstrate the effectiveness of our solutions that contribute to achieve the effective security protection with a small burden of the SDN controller.

An adaptive cryptographic accelerator for network storage security on dynamically reconfigurable platform

Science.gov (United States)

Tang, Li; Liu, Jing-Ning; Feng, Dan; Tong, Wei

2008-12-01

Existing security solutions in network storage environment perform poorly because cryptographic operations (encryption and decryption) implemented in software can dramatically reduce system performance. In this paper we propose a cryptographic hardware accelerator on dynamically reconfigurable platform for the security of high performance network storage system. We employ a dynamic reconfigurable platform based on a FPGA to implement a PowerPCbased embedded system, which executes cryptographic algorithms. To reduce the reconfiguration latency, we apply prefetch scheduling. Moreover, the processing elements could be dynamically configured to support different cryptographic algorithms according to the request received by the accelerator. In the experiment, we have implemented AES (Rijndael) and 3DES cryptographic algorithms in the reconfigurable accelerator. Our proposed reconfigurable cryptographic accelerator could dramatically increase the performance comparing with the traditional software-based network storage systems.

Effectively protecting cyber infrastructure and assessing security needs

Energy Technology Data Exchange (ETDEWEB)

Robbins, J.; Starman, R. [EWA Canada Ltd., Edmonton, AB (Canada)

2002-07-01

This presentation addressed some of the requirements for effectively protecting cyber infrastructure and assessing security needs. The paper discussed the hype regarding cyber attacks, and presented the Canadian reality (as viewed by CanCERT). An assessment of security concerns was also presented. Recent cyber attacks on computer networks have raised fears of unsafe energy networks. Some experts claim the attacks are linked to terrorism, others blame industrial spying and mischief. Others dismiss the notion that somebody could bring down a power grid with a laptop as being far-fetched. It was noted that the cyber security threat is real, and that attacks are becoming more sophisticated as we live in a target rich environment. The issue of assessing vulnerabilities was discussed along with the selection of safeguards such as improving SCADA systems and the latest encryption methods to prevent hackers from bringing down computer networks. 3 tabs., 23 figs.

Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

Energy Technology Data Exchange (ETDEWEB)

Hadley, Mark D.; Clements, Samuel L.

2009-01-01

Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets are considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.

Computer Security Issues in Online Banking: An Assessment from the Context of Usable Security

Science.gov (United States)

Mahmadi, FN; Zaaba, ZF; Osman, A.

2016-11-01

Today's online banking is a convenient mode of finance management. Despite the ease of doing online banking, there are people that still sceptical in utilizing it due to perception and its security. This paper highlights the subject of online banking security in Malaysia, especially from the perspective of the end-users. The study is done by assessing human computer interaction, usability and security. An online survey utilising 137 participants was previously conducted to gain preliminary insights on security issues of online banking in Malaysia. Following from those results, 37 participants were interviewed to gauge deeper understanding about end-users perception on online banking within the context of usable security. The results suggested that most of the end-users are continuingly experiencing significant difficulties especially in relation to the technical terminologies, security features and other technical issues. Although the security features are provided to provide a shield or protection, users are still incapable to cope with the technical aspects of such implementation.

Cyber security assessment of a power plant

Energy Technology Data Exchange (ETDEWEB)

Nai Fovino, Igor; Masera, Marcelo; Stefanini, Alberto [Joint Research Centre, Institute for the Protection and Security of the Citizen, Ispra (Italy); Guidi, Luca [Enel Ingegneria e Innovazione, Pisa (Italy)

2011-02-15

Critical infrastructures and systems are today exposed not only to traditional safety and availability problems, but also to new kinds of security threats. These are mainly due to the large number of new vulnerabilities and architectural weaknesses introduced by the extensive use of information and communication technologies (ICT) into such complex systems. In this paper we present the outcomes of an exhaustive ICT security assessment, targeting an operational power plant, which consisted also of the simulation of potential cyber attacks. The assessment shows that the plant is considerably vulnerable to malicious attacks. This situation cannot be ignored, because the potential outcomes of an induced plant malfunction can be severe. (author)

Assessing the Financial and Market Components of the Enterprise’s Economic Security

Directory of Open Access Journals (Sweden)

Vakhlakova Viktoriia V.

2017-08-01

Full Text Available The most common in assessing economic security of an enterprise is the functional approach, but it needs to be improved on the basis of accumulated knowledge in the science of economic security at the micro-level, thus allowing for different organizing its usage. In order to assess the economic security of enterprise using a functional approach, it is proposed to abandon many functional components in favor of focusing on the financial and market ones, and to discard the traditional rollup of the normalized single and complex indicators to obtain an integral measure of the enterprise’s economic security. In order to assess the economic security of enterprise by the financial and market components, it is proposed to use the signature criteria for the selected indicators by each component, the number of which should be small. For each of the assessed components of the enterprise’s economic security four single indicators were selected, making possible to visualize the assessments by using the elliptic form of the Euler – Venn circles for the four multitudes of assessments as to each component.

A secure and efficient audit mechanism for dynamic shared data in cloud storage.

Science.gov (United States)

Kwon, Ohmin; Koo, Dongyoung; Shin, Yongjoo; Yoon, Hyunsoo

2014-01-01

With popularization of cloud services, multiple users easily share and update their data through cloud storage. For data integrity and consistency in the cloud storage, the audit mechanisms were proposed. However, existing approaches have some security vulnerabilities and require a lot of computational overheads. This paper proposes a secure and efficient audit mechanism for dynamic shared data in cloud storage. The proposed scheme prevents a malicious cloud service provider from deceiving an auditor. Moreover, it devises a new index table management method and reduces the auditing cost by employing less complex operations. We prove the resistance against some attacks and show less computation cost and shorter time for auditing when compared with conventional approaches. The results present that the proposed scheme is secure and efficient for cloud storage services managing dynamic shared data.

A Secure and Efficient Audit Mechanism for Dynamic Shared Data in Cloud Storage

Science.gov (United States)

2014-01-01

With popularization of cloud services, multiple users easily share and update their data through cloud storage. For data integrity and consistency in the cloud storage, the audit mechanisms were proposed. However, existing approaches have some security vulnerabilities and require a lot of computational overheads. This paper proposes a secure and efficient audit mechanism for dynamic shared data in cloud storage. The proposed scheme prevents a malicious cloud service provider from deceiving an auditor. Moreover, it devises a new index table management method and reduces the auditing cost by employing less complex operations. We prove the resistance against some attacks and show less computation cost and shorter time for auditing when compared with conventional approaches. The results present that the proposed scheme is secure and efficient for cloud storage services managing dynamic shared data. PMID:24959630

Dynamic Speaking Assessments

Science.gov (United States)

Hill, Kent; Sabet, Mehran

2009-01-01

This article describes an attempt to adopt dynamic assessment (DA) methods in classroom speaking assessments. The study reported in this article focused on four particular applications of dynamic speaking assessment (DSA). The first, "mediated assistance" (MA), involves interaction between an assistor and a learner to reveal problems in…

6 CFR 27.240 - Review and approval of security vulnerability assessments.

Science.gov (United States)

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Review and approval of security vulnerability assessments. 27.240 Section 27.240 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.240 Review and approval...

Development of an Automated Security Risk Assessment Methodology Tool for Critical Infrastructures.

Energy Technology Data Exchange (ETDEWEB)

Jaeger, Calvin Dell; Roehrig, Nathaniel S.; Torres, Teresa M.

2008-12-01

This document presents the security automated Risk Assessment Methodology (RAM) prototype tool developed by Sandia National Laboratories (SNL). This work leverages SNL's capabilities and skills in security risk analysis and the development of vulnerability assessment/risk assessment methodologies to develop an automated prototype security RAM tool for critical infrastructures (RAM-CITM). The prototype automated RAM tool provides a user-friendly, systematic, and comprehensive risk-based tool to assist CI sector and security professionals in assessing and managing security risk from malevolent threats. The current tool is structured on the basic RAM framework developed by SNL. It is envisioned that this prototype tool will be adapted to meet the requirements of different CI sectors and thereby provide additional capabilities.

Systems Thinking Safety Analysis: Nuclear Security Assessment of Physical Protection System in Nuclear Power Plants

Directory of Open Access Journals (Sweden)

Tae Ho Woo

2013-01-01

Full Text Available The dynamical assessment has been performed in the aspect of the nuclear power plants (NPPs security. The physical protection system (PPS is constructed by the cyber security evaluation tool (CSET for the nuclear security assessment. The systems thinking algorithm is used for the quantifications by the Vensim software package. There is a period of 60 years which is the life time of NPPs' operation. The maximum possibility happens as 3.59 in the 30th year. The minimum value is done as 1.26 in the 55th year. The difference is about 2.85 times. The results of the case with time delay have shown that the maximum possibility of terror or sabotage incident happens as 447.42 in the 58th year and the minimum value happens as 89.77 in the 51st year. The difference is about 4.98 times. Hence, if the sabotage happens, the worst case is that the intruder can attack the target of the nuclear material in about one and a half hours. The general NPPs are modeled in the study and controlled by the systematic procedures.

Dynamic Model of Islamic Hybrid Securities: Empirical Evidence From Malaysia Islamic Capital Market

Directory of Open Access Journals (Sweden)

Jaafar Pyeman

2016-12-01

Full Text Available Capital structure selection is fundamentally important in corporate financial management as it influence on mutually return and risk to stakeholders. Despite of Malaysia’s position as one of the major players of Islamic Financial Market, there are still lack of studies has been conducted on the capital structure of shariah compliant firms especially related to hybrid securities. The objective of this study is to determine the hybrid securities issuance model among the shariah compliant firms in Malaysia. As such, this study is to expand the literature review by providing comprehensive analysis on the hybrid capital structure and to develop dynamic Islamic hybrid securities model for shariah compliant firms. We use panel data of 50 companies that have been issuing the hybrid securities from the year of 2004- 2012. The outcomes of the studies are based on the dynamic model GMM estimation for the determinants of hybrid securities. Based on our model, risk and growth are considered as the most determinant factors for issuing convertible bond and loan stock. These results suggest that, the firms that have high risk but having good growth prospect will choose hybrid securities of convertible bond. The model also support the backdoor equity listing hypothesis by Stein (1992 where the hybrid securities enable the profitable firms to venture into positive NPV project by issuing convertible bond as it offer lower coupon rate as compare to the normal debt rate

Risk assessment of climate systems for national security.

Energy Technology Data Exchange (ETDEWEB)

Backus, George A.; Boslough, Mark Bruce Elrick; Brown, Theresa Jean; Cai, Ximing; Conrad, Stephen Hamilton; Constantine, Paul G; Dalbey, Keith R.; Debusschere, Bert J.; Fields, Richard; Hart, David Blaine; Kalinina, Elena Arkadievna; Kerstein, Alan R.; Levy, Michael; Lowry, Thomas Stephen; Malczynski, Leonard A.; Najm, Habib N.; Overfelt, James Robert; Parks, Mancel Jordan; Peplinski, William J.; Safta, Cosmin; Sargsyan, Khachik; Stubblefield, William Anthony; Taylor, Mark A.; Tidwell, Vincent Carroll; Trucano, Timothy Guy; Villa, Daniel L.

2012-10-01

Climate change, through drought, flooding, storms, heat waves, and melting Arctic ice, affects the production and flow of resource within and among geographical regions. The interactions among governments, populations, and sectors of the economy require integrated assessment based on risk, through uncertainty quantification (UQ). This project evaluated the capabilities with Sandia National Laboratories to perform such integrated analyses, as they relate to (inter)national security. The combining of the UQ results from climate models with hydrological and economic/infrastructure impact modeling appears to offer the best capability for national security risk assessments.

Prospective in-patient cohort study of moves between levels of therapeutic security: the DUNDRUM-1 triage security, DUNDRUM-3 programme completion and DUNDRUM-4 recovery scales and the HCR-20

Directory of Open Access Journals (Sweden)

Davoren Mary

2012-07-01

Full Text Available Abstract Background We examined whether new structured professional judgment instruments for assessing need for therapeutic security, treatment completion and recovery in forensic settings were related to moves from higher to lower levels of therapeutic security and added anything to assessment of risk. Methods This was a prospective naturalistic twelve month observational study of a cohort of patients in a forensic hospital placed according to their need for therapeutic security along a pathway of moves from high to progressively less secure units in preparation for discharge. Patients were assessed using the DUNDRUM-1 triage security scale, the DUNDRUM-3 programme completion scale and the DUNDRUM-4 recovery scale and assessments of risk of violence, self harm and suicide, symptom severity and global function. Patients were subsequently observed for positive moves to less secure units and negative moves to more secure units. Results There were 86 male patients at baseline with mean follow-up 0.9 years, 11 positive and 9 negative moves. For positive moves, logistic regression indicated that along with location at baseline, the DUNDRUM-1, HCR-20 dynamic and PANSS general symptom scores were associated with subsequent positive moves. The receiver operating characteristic was significant for the DUNDRUM-1 while ANOVA co-varying for both location at baseline and HCR-20 dynamic score was significant for DUNDRUM-1. For negative moves, logistic regression showed DUNDRUM-1 and HCR-20 dynamic scores were associated with subsequent negative moves, along with DUNDRUM-3 and PANSS negative symptoms in some models. The receiver operating characteristic was significant for the DUNDRUM-4 recovery and HCR-20 dynamic scores with DUNDRUM-1, DUNDRUM-3, PANSS general and GAF marginal. ANOVA co-varying for both location at baseline and HCR-20 dynamic scores showed only DUNDRUM-1 and PANSS negative symptoms associated with subsequent negative moves. Conclusions

Prospective in-patient cohort study of moves between levels of therapeutic security: the DUNDRUM-1 triage security, DUNDRUM-3 programme completion and DUNDRUM-4 recovery scales and the HCR-20.

Science.gov (United States)

Davoren, Mary; O'Dwyer, Sarah; Abidin, Zareena; Naughton, Leena; Gibbons, Olivia; Doyle, Elaine; McDonnell, Kim; Monks, Stephen; Kennedy, Harry G

2012-07-13

We examined whether new structured professional judgment instruments for assessing need for therapeutic security, treatment completion and recovery in forensic settings were related to moves from higher to lower levels of therapeutic security and added anything to assessment of risk. This was a prospective naturalistic twelve month observational study of a cohort of patients in a forensic hospital placed according to their need for therapeutic security along a pathway of moves from high to progressively less secure units in preparation for discharge. Patients were assessed using the DUNDRUM-1 triage security scale, the DUNDRUM-3 programme completion scale and the DUNDRUM-4 recovery scale and assessments of risk of violence, self harm and suicide, symptom severity and global function. Patients were subsequently observed for positive moves to less secure units and negative moves to more secure units. There were 86 male patients at baseline with mean follow-up 0.9 years, 11 positive and 9 negative moves. For positive moves, logistic regression indicated that along with location at baseline, the DUNDRUM-1, HCR-20 dynamic and PANSS general symptom scores were associated with subsequent positive moves. The receiver operating characteristic was significant for the DUNDRUM-1 while ANOVA co-varying for both location at baseline and HCR-20 dynamic score was significant for DUNDRUM-1. For negative moves, logistic regression showed DUNDRUM-1 and HCR-20 dynamic scores were associated with subsequent negative moves, along with DUNDRUM-3 and PANSS negative symptoms in some models. The receiver operating characteristic was significant for the DUNDRUM-4 recovery and HCR-20 dynamic scores with DUNDRUM-1, DUNDRUM-3, PANSS general and GAF marginal. ANOVA co-varying for both location at baseline and HCR-20 dynamic scores showed only DUNDRUM-1 and PANSS negative symptoms associated with subsequent negative moves. Clinicians appear to decide moves based on combinations of current and

Optimal dispatch in dynamic security constrained open power market

International Nuclear Information System (INIS)

Singh, S.N.; David, A.K.

2002-01-01

Power system security is a new concern in the competitive power market operation, because the integration of the system controller and the generation owner has been broken. This paper presents an approach for dynamic security constrained optimal dispatch in restructured power market environment. The transient energy margin using transient energy function (TEF) approach has been used to calculate the stability margin of the system and a hybrid method is applied to calculate the approximate unstable equilibrium point (UEP) that is used to calculate the exact UEP and thus, the energy margin using TEF. The case study results illustrated on two systems shows that the operating mechanisms are compatible with the new business environment. (author)

Conducting a Nuclear Security Assessment

Energy Technology Data Exchange (ETDEWEB)

Leach, Janice [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Snell, Mark K. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

2016-06-01

There are three general steps that make up a nuclear security assessment: 1. Develop data Libraries that indicate how effective the physical protection measures are both individually but also as parts of subsystems and actual systems. 2. Perform Path Analysis 3. Perform Scenario Analysis. Depending upon the nature and objectives of the assessment not all three of these steps may need to be performed; for example, at facilities with simple layouts there may not be a need to perform path analysis. Each of these steps is described within this report.

Security Assessment of Web Based Distributed Applications

Directory of Open Access Journals (Sweden)

Catalin BOJA

2010-01-01

Full Text Available This paper presents an overview about the evaluation of risks and vulnerabilities in a web based distributed application by emphasizing aspects concerning the process of security assessment with regards to the audit field. In the audit process, an important activity is dedicated to the measurement of the characteristics taken into consideration for evaluation. From this point of view, the quality of the audit process depends on the quality of assessment methods and techniques. By doing a review of the fields involved in the research process, the approach wants to reflect the main concerns that address the web based distributed applications using exploratory research techniques. The results show that many are the aspects which must carefully be worked with, across a distributed system and they can be revealed by doing a depth introspective analyze upon the information flow and internal processes that are part of the system. This paper reveals the limitations of a non-existing unified security risk assessment model that could prevent such risks and vulnerabilities debated. Based on such standardize models, secure web based distributed applications can be easily audited and many vulnerabilities which can appear due to the lack of access to information can be avoided.

The dynamics of security provision in the aftermath of war : How international efforts to contribute to security in post-settlement countries relate to national and local perceptions and practices of security

NARCIS (Netherlands)

Willems, R.C.

2013-01-01

This thesis is based on field research in eastern Democratic Republic of the Congo, Burundi and South Sudan and looks at the dynamics of security provisioning in post-settlement contexts. A particular focus is on international security interventions, which are constituted by Disarmament,

A dynamic process of health risk assessment for business continuity management during the World Exposition Shanghai, China, 2010.

Science.gov (United States)

Sun, Xiaodong; Keim, Mark; Dong, Chen; Mahany, Mollie; Guo, Xiang

2014-01-01

Reports of health issues related to mass gatherings around the world have indicated a potential for public health and medical emergencies to occur on a scale that could place a significant impact on business continuity for national and international organisations. This paper describes a risk assessment process for business continuity management that was performed as part of the planning efforts related to the World Expo 2010 Shanghai China (Expo), the world's largest mass gathering to date. Altogether, 73 million visitors attended the Expo, generating over US$2bn of revenue. During 2008 to 2010, the Shanghai Municipal Center for Disease Control and Prevention performed a dynamic series of four disaster risk assessments before and during the Expo. The purpose of this assessment process was to identify, analyse and evaluate risks for public health security during different stages of the Expo. This paper describes an overview of the novel approach for this multiple and dynamic process of assessment of health security risk for ensuring business continuity.

Network Security Risk Assessment System Based on Attack Graph and Markov Chain

Science.gov (United States)

Sun, Fuxiong; Pi, Juntao; Lv, Jin; Cao, Tian

2017-10-01

Network security risk assessment technology can be found in advance of the network problems and related vulnerabilities, it has become an important means to solve the problem of network security. Based on attack graph and Markov chain, this paper provides a Network Security Risk Assessment Model (NSRAM). Based on the network infiltration tests, NSRAM generates the attack graph by the breadth traversal algorithm. Combines with the international standard CVSS, the attack probability of atomic nodes are counted, and then the attack transition probabilities of ones are calculated by Markov chain. NSRAM selects the optimal attack path after comprehensive measurement to assessment network security risk. The simulation results show that NSRAM can reflect the actual situation of network security objectively.

A Security Assessment Approach with Graded Importance Score of Security Controls and Asset Consequence for I and C Systems in Operating NPPs

Energy Technology Data Exchange (ETDEWEB)

Lee, Sooill; Kim, Yong Sik; Moon, Insun; Lee, Euijong [KHNP CRI, Daejeon (Korea, Republic of)

2016-10-15

This paper introduces a security assessment approach with graded importance score of security controls and the asset consequence through an asset and risk analysis to manage the security levels in operating NPPs (Nuclear Power Plants). Whereas, those are being exposed to various types of new and existing cyber threats, vulnerabilities and risks which significantly increase the likelihood that those could be compromised. U.S. NRC(United States Nuclear Regulatory Commission) and KINAC(Korea Institute of Nuclear Nonproliferation And Control) request the cyber security plan by establishing the cyber security program through assessing and managing the potential for adverse effect on safety, security and emergency preparedness functions so as to provide high assurance that critical functions are properly protected from the cyber-attack. This paper shows the security assessment approach with graded importance score of security controls and the asset consequence. It could lead to manage the security levels consistent with the purpose of defense in- depth strategy based on regulatory rule as well as internal risk-based self-assessment. Also, this management of the security level may make effect of encouraging the installation of high ranked countermeasures in order to rapidly increase the security level. Proposed approach could be conducted for the pilot test on the model plants with each reactor type of operating NPPs.

A Security Assessment Approach with Graded Importance Score of Security Controls and Asset Consequence for I and C Systems in Operating NPPs

International Nuclear Information System (INIS)

Lee, Sooill; Kim, Yong Sik; Moon, Insun; Lee, Euijong

2016-01-01

This paper introduces a security assessment approach with graded importance score of security controls and the asset consequence through an asset and risk analysis to manage the security levels in operating NPPs (Nuclear Power Plants). Whereas, those are being exposed to various types of new and existing cyber threats, vulnerabilities and risks which significantly increase the likelihood that those could be compromised. U.S. NRC(United States Nuclear Regulatory Commission) and KINAC(Korea Institute of Nuclear Nonproliferation And Control) request the cyber security plan by establishing the cyber security program through assessing and managing the potential for adverse effect on safety, security and emergency preparedness functions so as to provide high assurance that critical functions are properly protected from the cyber-attack. This paper shows the security assessment approach with graded importance score of security controls and the asset consequence. It could lead to manage the security levels consistent with the purpose of defense in- depth strategy based on regulatory rule as well as internal risk-based self-assessment. Also, this management of the security level may make effect of encouraging the installation of high ranked countermeasures in order to rapidly increase the security level. Proposed approach could be conducted for the pilot test on the model plants with each reactor type of operating NPPs

Energy security and climate policy. Assessing interactions

Energy Technology Data Exchange (ETDEWEB)

NONE

2007-03-28

World energy demand is surging. Oil, coal and natural gas still meet most global energy needs, creating serious implications for the environment. One result is that CO2 emissions, the principal cause of global warming, are rising. This new study underlines the close link between efforts to ensure energy security and those to mitigate climate change. Decisions on one side affect the other. To optimise the efficiency of their energy policy, OECD countries must consider energy security and climate change mitigation priorities jointly. The book presents a framework to assess interactions between energy security and climate change policies, combining qualitative and quantitative analyses. The quantitative analysis is based on the development of energy security indicators, tracking the evolution of policy concerns linked to energy resource concentration. The 'indicators' are applied to a reference scenario and CO2 policy cases for five case-study countries: The Czech Republic, France, Italy, the Netherlands, and the United Kingdom. Simultaneously resolving energy security and environmental concerns is a key challenge for policy makers today. This study helps chart the course.

INFORMATION SECURITY RISK ASSESSMENT USING EXISTING LEGAL AND METHODOLOGICAL BASE

Directory of Open Access Journals (Sweden)

A. I. Trubei

2015-01-01

Full Text Available The article provides a survey of the existing regulatory framework for information security riskmanagement. Practical methods for information security risk and vulnerability assessment are proposed.

Water security for productive economies: Applying an assessment framework in southern Africa

Science.gov (United States)

Holmatov, Bunyod; Lautze, Jonathan; Manthrithilake, Herath; Makin, Ian

2017-08-01

Achieving water security has emerged as a major objective in Africa, yet an analytical or diagnostic framework for assessing water security in African countries is not known to exist. This paper applies one key dimension of the 2016 Asian Development Bank's (ADB) Asian Water Development Outlook (AWDO) to assess levels of water security for productive economies in countries of the Southern African Development Community (SADC). Economic aspects of water security cover four areas: economic activities in the broad sense, agriculture, electricity, and industry. Water security in each area is measured through application of a set of indicators; results of indicator application are then aggregated to determine economic water security at a country-level. Results show that economic water security in SADC is greatest in the Seychelles and South Africa, and lowest in Madagascar and Malawi. Opportunities for strengthening economic water security in the majority of SADC countries exist through improving agricultural water productivity, strengthening resilience, and expanding sustainable electricity generation. More profoundly, this paper suggests that there is clear potential and utility in applying approaches used elsewhere to assess economic water security in southern Africa.

33 CFR 105.305 - Facility Security Assessment (FSA) requirements.

Science.gov (United States)

2010-07-01

... evacuation routes and assembly stations; and (viii) Existing security and safety equipment for protection of... protection systems; (iv) Procedural policies; (v) Radio and telecommunication systems, including computer... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Facility Security Assessment (FSA...

Security Dynamics of Cloud Computing

OpenAIRE

Khan, Khaled M.

2009-01-01

This paper explores various dimensions of cloud computing security. It argues that security concerns of cloud computing need to be addressed from the perspective of individual stakeholder. Security focuses of cloud computing are essentially different in terms of its characteristics and business model. Conventional way of viewing as well as addressing security such as ‘bolting-in’ on the top of cloud computing may not work well. The paper attempts to portray the security spectrum necessary for...

Asynchronous anti-noise hyper chaotic secure communication system based on dynamic delay and state variables switching

Energy Technology Data Exchange (ETDEWEB)

Liu, Hongjun [Faculty of Electronic Information and Electrical Engineering, Dalian University of Technology, Dalian 116024 (China); Weifang Vocational College, Weifang 261041 (China); Wang, Xingyuan, E-mail: wangxy@dlut.edu.cn [Faculty of Electronic Information and Electrical Engineering, Dalian University of Technology, Dalian 116024 (China); Zhu, Quanlong [Faculty of Electronic Information and Electrical Engineering, Dalian University of Technology, Dalian 116024 (China)

2011-07-18

This Letter designs an asynchronous hyper chaotic secure communication system, which possesses high stability against noise, using dynamic delay and state variables switching to ensure the high security. The relationship between the bit error ratio (BER) and the signal-to-noise ratio (SNR) is analyzed by simulation tests, the results show that the BER can be ensured to reach zero by proportionally adjusting the amplitudes of the state variables and the noise figure. The modules of the transmitter and receiver are implemented, and numerical simulations demonstrate the effectiveness of the system. -- Highlights: → Asynchronous anti-noise hyper chaotic secure communication system. → Dynamic delay and state switching to ensure the high security. → BER can reach zero by adjusting the amplitudes of state variables and noise figure.

Information Security Risk Assessment in Hospitals.

Science.gov (United States)

Ayatollahi, Haleh; Shagerdi, Ghazal

2017-01-01

To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies.

A Cyber Security Self-Assessment Method for Nuclear Power Plants

Energy Technology Data Exchange (ETDEWEB)

Glantz, Clifford S.; Coles, Garill A.; Bass, Robert B.

2004-11-01

A cyber security self-assessment method (the Method) has been developed by Pacific Northwest National Laboratory. The development of the Method was sponsored and directed by the U.S. Nuclear Regulatory Commission. Members of the Nuclear Energy Institute Cyber Security Task Force also played a substantial role in developing the Method. The Method's structured approach guides nuclear power plants in scrutinizing their digital systems, assessing the potential consequences to the plant of a cyber exploitation, identifying vulnerabilities, estimating cyber security risks, and adopting cost-effective protective measures. The focus of the Method is on critical digital assets. A critical digital asset is a digital device or system that plays a role in the operation, maintenance, or proper functioning of a critical system (i.e., a plant system that can impact safety, security, or emergency preparedness). A critical digital asset may have a direct or indirect connection to a critical system. Direct connections include both wired and wireless communication pathways. Indirect connections include sneaker-net pathways by which software or data are manually transferred from one digital device to another. An indirect connection also may involve the use of instructions or data stored on a critical digital asset to make adjustments to a critical system. The cyber security self-assessment begins with the formation of an assessment team, and is followed by a six-stage process.

A Cyber Security Self-Assessment Method for Nuclear Power Plants

International Nuclear Information System (INIS)

Glantz, Clifford S.; Coles, Garill A.; Bass, Robert B.

2004-01-01

A cyber security self-assessment method (the Method) has been developed by Pacific Northwest National Laboratory. The development of the Method was sponsored and directed by the U.S. Nuclear Regulatory Commission. Members of the Nuclear Energy Institute Cyber Security Task Force also played a substantial role in developing the Method. The Method's structured approach guides nuclear power plants in scrutinizing their digital systems, assessing the potential consequences to the plant of a cyber exploitation, identifying vulnerabilities, estimating cyber security risks, and adopting cost-effective protective measures. The focus of the Method is on critical digital assets. A critical digital asset is a digital device or system that plays a role in the operation, maintenance, or proper functioning of a critical system (i.e., a plant system that can impact safety, security, or emergency preparedness). A critical digital asset may have a direct or indirect connection to a critical system. Direct connections include both wired and wireless communication pathways. Indirect connections include sneaker-net pathways by which software or data are manually transferred from one digital device to another. An indirect connection also may involve the use of instructions or data stored on a critical digital asset to make adjustments to a critical system. The cyber security self-assessment begins with the formation of an assessment team, and is followed by a six-stage process

Fuzzy assessment of health information system users' security awareness.

Science.gov (United States)

Aydın, Özlem Müge; Chouseinoglou, Oumout

2013-12-01

Health information systems (HIS) are a specific area of information systems (IS), where critical patient data is stored and quality health service is only realized with the correct use and efficient dissemination of this data to health workers. Therefore, a balance needs to be established between the levels of security and flow of information on HIS. Instead of implementing higher levels and further mechanisms of control to increase the security of HIS, it is preferable to deal with the arguably weakest link on HIS chain with respect to security: HIS users. In order to provide solutions and approaches for transforming users to the first line of defense in HIS but also to employ capable and appropriate candidates from the pool of newly graduated students, it is important to assess and evaluate the security awareness levels and characteristics of these existing and future users. This study aims to provide a new perspective to understand the phenomenon of security awareness of HIS users with the use of fuzzy analysis, and to assess the present situation of current and future HIS users of a leading medical and educational institution of Turkey, with respect to their security characteristics based on four different security scales. The results of the fuzzy analysis, the guide on how to implement this fuzzy analysis to any health institution and how to read and interpret these results, together with the possible implications of these results to the organization are provided.

28 CFR 105.11 - Individuals not requiring a security risk assessment.

Science.gov (United States)

2010-07-01

... requiring a security risk assessment. (a) Citizens and nationals of the United States. A citizen or national... 28 Judicial Administration 2 2010-07-01 2010-07-01 false Individuals not requiring a security risk assessment. 105.11 Section 105.11 Judicial Administration DEPARTMENT OF JUSTICE (CONTINUED) CRIMINAL HISTORY...

Shipment security update - 2003

International Nuclear Information System (INIS)

Patterson, John; Anne, Catherine

2003-01-01

At the 2002 RERTR, NAC reported on the interim measures taken by the U.S. Nuclear Regulatory Commission to enhance the security afforded to shipments of spent nuclear fuel. Since that time, there have been a number of additional actions focused on shipment security including training programs sponsored by the U.S. Department of Transportation and the Electric Power Research Council, investigation by the Government Accounting Office, and individual measures taken by shippers and transportation agents. The paper will present a status update regarding this dynamic set of events and provide an objective assessment of the cost, schedule and technical implications of the changing security landscape. (author)

Information Security: A Scientometric Study of the Profile, Structure, and Dynamics of an Emerging Scholarly Specialty

Science.gov (United States)

Olijnyk, Nicholas Victor

2014-01-01

The central aim of the current research is to explore and describe the profile, dynamics, and structure of the information security specialty. This study's objectives are guided by four research questions: 1. What are the salient features of information security as a specialty? 2. How has the information security specialty emerged and evolved from…

Technology transfer of dynamic IT outsourcing requires security measures in SLAs

NARCIS (Netherlands)

F. Dickmann (Frank); M. Brodhun (Maximilian); J. Falkner (Jürgen); T.A. Knoch (Tobias); U. Sax (Ulrich)

2010-01-01

textabstractFor the present efforts in dynamic IT outsourcing environments like Grid or Cloud computing security and trust are ongoing issues. SLAs are a proved remedy to build up trust in outsourcing relations. Therefore, it is necessary to determine whether SLAs can improve trust from the

Sustainability impact assessment to improve food security of smallholders in Tanzania

International Nuclear Information System (INIS)

Schindler, Jana; Graef, Frieder; König, Hannes Jochen; Mchau, Devotha; Saidia, Paul; Sieber, Stefan

2016-01-01

The objective of this paper was to assess the sustainability impacts of planned agricultural development interventions, so called upgrading strategies (UPS), to enhance food security and to identify what advantages and risks are assessed from the farmer's point of view in regards to social life, the economy and the environment. We developed a participatory methodological procedure that links food security and sustainable development. Farmers in four different case study villages in rural Tanzania chose their priority UPS. For these UPS, they assessed the impacts on locally relevant food security criteria. The positive impacts identified were mainly attributed to increased agricultural production and its related positive impacts such as increased income and improved access to necessary means to diversify the diet. However, several risks of certain UPS were also indicated by farmers, such as increased workload, high maintenance costs, higher competition among farmers, loss of traditional knowledge and social conflicts. We discussed the strong interdependence of socio-economic and environmental criteria to improve food security for small-scale farmers and analysed several trade-offs in regards to UPS choices and food security criteria. We also identified and discussed the advantages and challenges of our methodological approach. In conclusion, the participatory impact assessment on the farmer level allowed a locally specific analysis of the various positive and negative impacts of UPS on social life, the economy and the environment. We emphasize that only a development approach that considers social, economic and environmental challenges simultaneously can enhance food security.

Cyber Security Risk Assessment for the KNICS Safety Systems

International Nuclear Information System (INIS)

Lee, C. K.; Park, G. Y.; Lee, Y. J.; Choi, J. G.; Kim, D. H.; Lee, D. Y.; Kwon, K. C.

2008-01-01

In the Korea Nuclear I and C Systems Development (KNICS) project the platforms for plant protection systems are developed, which function as a reactor shutdown, actuation of engineered safety features and a control of the related equipment. Those are fully digitalized through the use of safety-grade programmable logic controllers (PLCs) and communication networks. In 2006 the Regulatory Guide 1.152 (Rev. 02) was published by the U.S. NRC and it describes the application of a cyber security to the safety systems in the Nuclear Power Plant (NPP). Therefore it is required that the new requirements are incorporated into the developed platforms to apply to NPP, and a cyber security risk assessment is performed. The results of the assessment were input for establishing the cyber security policies and planning the work breakdown to incorporate them

Conceptual Framework of Energy Security Assessment in Korea

International Nuclear Information System (INIS)

Moon, Kee Hwan; Chung, Whan Sam; Kim, Seung Su

2016-01-01

Korea's electric power is an essential source of energy, supplying 21.4% of the energy required by the manufacturing industry, 43.4% of that required for commerce, and 59.5% of that required by the public sector in 2014. Korea relies heavily on imports of energy sources because of its lack of natural resources. Its land area is limited, making it difficult to utilize renewable energy. Moreover, it is difficult to trade electricity through grid connections with neighbouring countries. Considering the key role of electric power in Korea and the circumstances of its power generation industry, we must understand the contribution of each fuel used in power plants to energy sustainability. This study derives the conceptual framework to quantify energy security levels for nuclear power generation in Korea and employ them in evaluating the national energy security. And sample calculation of nuclear energy security indicators is performed. The implications drawn from the evaluation are as follows. Nuclear power demonstrates dominance in the dimensions of economy and technology as the related technologies have entered into the stage of maturity. Without constant technological innovation, however, sustainability of nuclear sources will not be guaranteed. Nuclear has in the middle in terms of SS, but their high volatility impels Korea to pursue the diversification of energy suppliers. The energy security indicators suggested in this study are anticipated to contribute to establishing an energy security policy based on a comprehensive understanding of the energy security status in Korea. In the future, it will be necessary to establish specific scenarios for a decrease of regional conflicts and a post-2020 climate change conventions and conduct realistic and dynamic analyses

Conceptual Framework of Energy Security Assessment in Korea

Energy Technology Data Exchange (ETDEWEB)

Moon, Kee Hwan; Chung, Whan Sam; Kim, Seung Su [KAERI, Daejeon (Korea, Republic of)

2016-05-15

Korea's electric power is an essential source of energy, supplying 21.4% of the energy required by the manufacturing industry, 43.4% of that required for commerce, and 59.5% of that required by the public sector in 2014. Korea relies heavily on imports of energy sources because of its lack of natural resources. Its land area is limited, making it difficult to utilize renewable energy. Moreover, it is difficult to trade electricity through grid connections with neighbouring countries. Considering the key role of electric power in Korea and the circumstances of its power generation industry, we must understand the contribution of each fuel used in power plants to energy sustainability. This study derives the conceptual framework to quantify energy security levels for nuclear power generation in Korea and employ them in evaluating the national energy security. And sample calculation of nuclear energy security indicators is performed. The implications drawn from the evaluation are as follows. Nuclear power demonstrates dominance in the dimensions of economy and technology as the related technologies have entered into the stage of maturity. Without constant technological innovation, however, sustainability of nuclear sources will not be guaranteed. Nuclear has in the middle in terms of SS, but their high volatility impels Korea to pursue the diversification of energy suppliers. The energy security indicators suggested in this study are anticipated to contribute to establishing an energy security policy based on a comprehensive understanding of the energy security status in Korea. In the future, it will be necessary to establish specific scenarios for a decrease of regional conflicts and a post-2020 climate change conventions and conduct realistic and dynamic analyses.

Development of Risk Assessment Methodology for State's Nuclear Security Regime

International Nuclear Information System (INIS)

Jang, Sung Soon; Seo, Hyung Min; Lee, Jung Ho; Kwak, Sung Woo

2011-01-01

Threats of nuclear terrorism are increasing after 9/11 terrorist attack. Treats include nuclear explosive device (NED) made by terrorist groups, radiological damage caused by a sabotage aiming nuclear facilities, and radiological dispersion device (RDD), which is also called 'dirty bomb'. In 9/11, Al Qaeda planed to cause radiological consequences by the crash of a nuclear power plant and the captured airplane. The evidence of a dirty bomb experiment was found in Afganistan by the UK intelligence agency. Thus, the international communities including the IAEA work substantial efforts. The leaders of 47 nations attended the 2010 nuclear security summit hosted by President Obama, while the next global nuclear summit will be held in Seoul, 2012. Most states established and are maintaining state's nuclear security regime because of the increasing threat and the international obligations. However, each state's nuclear security regime is different and depends on the state's environment. The methodology for the assessment of state's nuclear security regime is necessary to design and implement an efficient nuclear security regime, and to figure out weak points. The IAEA's INPRO project suggests a checklist method for State's nuclear security regime. The IAEA is now researching more quantitative methods cooperatively with several countries including Korea. In this abstract, methodologies to evaluate state's nuclear security regime by risk assessment are addressed

Security breaches: tips for assessing and limiting your risks.

Science.gov (United States)

Coons, Leeanne R

2011-01-01

As part of their compliance planning, medical practices should undergo a risk assessment to determine any vulnerability within the practice relative to security breaches. Practices should also implement safeguards to limit their risks. Such safeguards include facility access controls, information and electronic media management, use of business associate agreements, and education and enforcement. Implementation of specific policies and procedures to address security incidents is another critical step that medical practices should take as part of their security incident prevention plan. Medical practices should not only develop policies and procedures to prevent, detect, contain, and correct security violations, but should make sure that such policies and procedures are actually implemented in their everyday operations.

Steady state security assessment in deregulated power systems

Science.gov (United States)

Manjure, Durgesh Padmakar

Power system operations are undergoing changes, brought about primarily due to deregulation and subsequent restructuring of the power industry. The primary intention of the introduction of deregulation in power systems was to bring about competition and improved customer focus. The underlying motive was increased economic benefit. Present day power system analysis is much different than what it was earlier, essentially due to the transformation of the power industry from being cost-based to one that is price-based and due to open access of transmission networks to the various market participants. Power is now treated as a commodity and is traded in an open market. The resultant interdependence of the technical criteria and the economic considerations has only accentuated the need for accurate analysis in power systems. The main impetus in security analysis studies is on efficient assessment of the post-contingency status of the system, accuracy being of secondary consideration. In most cases, given the time frame involved, it is not feasible to run a complete AC load flow for determining the post-contingency state of the system. Quite often, it is not warranted as well, as an indication of the state of the system is desired rather than the exact quantification of the various state variables. With the inception of deregulation, transmission networks are subjected to a host of multilateral transactions, which would influence physical system quantities like real power flows, security margins and voltage levels. For efficient asset utilization and maximization of the revenue, more often than not, transmission networks are operated under stressed conditions, close to security limits. Therefore, a quantitative assessment of the extent to which each transaction adversely affects the transmission network is required. This needs to be done accurately as the feasibility of the power transactions and subsequent decisions (execution, curtailment, pricing) would depend upon the

Information Uncertainty to Compare Qualitative Reasoning Security Risk Assessment Results

Energy Technology Data Exchange (ETDEWEB)

Chavez, Gregory M [Los Alamos National Laboratory; Key, Brian P [Los Alamos National Laboratory; Zerkle, David K [Los Alamos National Laboratory; Shevitz, Daniel W [Los Alamos National Laboratory

2009-01-01

The security risk associated with malevolent acts such as those of terrorism are often void of the historical data required for a traditional PRA. Most information available to conduct security risk assessments for these malevolent acts is obtained from subject matter experts as subjective judgements. Qualitative reasoning approaches such as approximate reasoning and evidential reasoning are useful for modeling the predicted risk from information provided by subject matter experts. Absent from these approaches is a consistent means to compare the security risk assessment results. Associated with each predicted risk reasoning result is a quantifiable amount of information uncertainty which can be measured and used to compare the results. This paper explores using entropy measures to quantify the information uncertainty associated with conflict and non-specificity in the predicted reasoning results. The measured quantities of conflict and non-specificity can ultimately be used to compare qualitative reasoning results which are important in triage studies and ultimately resource allocation. Straight forward extensions of previous entropy measures are presented here to quantify the non-specificity and conflict associated with security risk assessment results obtained from qualitative reasoning models.

Sustainability impact assessment to improve food security of smallholders in Tanzania

Energy Technology Data Exchange (ETDEWEB)

Schindler, Jana, E-mail: jana.schindler@zalf.de [Leibniz Centre for Agricultural Landscape Research (ZALF), Institute of Land Use Systems, Eberswalder Straße 84, 15374 Müncheberg (Germany); Humboldt Universität zu Berlin, Faculty of Agriculture and Horticulture, Invalidenstr. 42, 10099 Berlin (Germany); Graef, Frieder, E-mail: graef@zalf.de [Leibniz Centre for Agricultural Landscape Research (ZALF), Institute of Land Use Systems, Eberswalder Straße 84, 15374 Müncheberg (Germany); König, Hannes Jochen, E-mail: hkoenig@zalf.de [Leibniz Centre for Agricultural Landscape Research (ZALF), Institute of Land Use Systems, Eberswalder Straße 84, 15374 Müncheberg (Germany); Mchau, Devotha, E-mail: dvtmchau@yahoo.com [Agricultural Research Institute (ARI Hombolo/Makutupora), P. O. Box 1676, Dodoma (Tanzania, United Republic of); Saidia, Paul, E-mail: saidiapaul@gmail.com [Sokoine University of Agriculture (SUA) Morogoro, Department of Crop Science and Production, P O. Box 3005, Morogoro (Tanzania, United Republic of); Sieber, Stefan, E-mail: stefan.sieber@zalf.de [Leibniz Centre for Agricultural Landscape Research (ZALF), Institute of Socio-Economics, Eberswalder Straße 84, 15374 Müncheberg (Germany)

2016-09-15

The objective of this paper was to assess the sustainability impacts of planned agricultural development interventions, so called upgrading strategies (UPS), to enhance food security and to identify what advantages and risks are assessed from the farmer's point of view in regards to social life, the economy and the environment. We developed a participatory methodological procedure that links food security and sustainable development. Farmers in four different case study villages in rural Tanzania chose their priority UPS. For these UPS, they assessed the impacts on locally relevant food security criteria. The positive impacts identified were mainly attributed to increased agricultural production and its related positive impacts such as increased income and improved access to necessary means to diversify the diet. However, several risks of certain UPS were also indicated by farmers, such as increased workload, high maintenance costs, higher competition among farmers, loss of traditional knowledge and social conflicts. We discussed the strong interdependence of socio-economic and environmental criteria to improve food security for small-scale farmers and analysed several trade-offs in regards to UPS choices and food security criteria. We also identified and discussed the advantages and challenges of our methodological approach. In conclusion, the participatory impact assessment on the farmer level allowed a locally specific analysis of the various positive and negative impacts of UPS on social life, the economy and the environment. We emphasize that only a development approach that considers social, economic and environmental challenges simultaneously can enhance food security.

Security and Vulnerability Assessment of Social Media Sites: An Exploratory Study

Science.gov (United States)

Zhao, Jensen; Zhao, Sherry Y.

2015-01-01

While the growing popularity of social media has brought many benefits to society, it has also resulted in privacy and security threats. The authors assessed the security and vulnerability of 50 social media sites. The findings indicate that most sites (a) posted privacy and security policies but only a minority stated clearly their execution of…

Assessment of energy security in China based on ecological network analysis: A perspective from the security of crude oil supply

International Nuclear Information System (INIS)

Lu, Weiwei; Su, Meirong; Zhang, Yan; Yang, Zhifeng; Chen, Bin; Liu, Gengyuan

2014-01-01

Energy security usually considers both the stability of energy supply and security of energy use and it is receiving increasing attention globally. Considering the strategic importance and sensitivity to international change of the crude oil supply, we decided to examine China’s energy security. An original network model was established based on ecological network analysis to holistically evaluate the security of the crude oil supply in China. Using this model, we found that the security of the crude oil supply in China generally increased from 2001 to 2010. The contribution of different compartments in the network to the overall energy security resembled a pyramid structure, with supply sources at the bottom, the consumption sector at the top, and the refining and transfer sectors in the middle. North and South America made the largest contribution to the security of the crude oil supply in China. We provide suggestions to improve the security of the crude oil supply in China based on our results and further scenario analysis. The original network model provides a new perspective for energy security assessment, which can be used as a baseline to develop other models and policy. - Highlights: • Ecological network analysis (ENA) is introduced into energy security assessment. • A model of crude oil supply network in China is established based on ENA. • A pyramid structure of the contributions of different compartments to energy security was found. • Suggestions for forming a stable network are given to improve energy security

Risk assessment of security systems based on entropy theory and the Neyman–Pearson criterion

International Nuclear Information System (INIS)

Lv, Haitao; Yin, Chao; Cui, Zongmin; Zhan, Qin; Zhou, Hongbo

2015-01-01

For a security system, the risk assessment is an important method to verdict whether its protection effectiveness is good or not. In this paper, a security system is regarded abstractly as a network by the name of a security network. A security network is made up of security nodes that are abstract functional units with the ability of detecting, delaying and responding. By the use of risk entropy and the Neyman–Pearson criterion, we construct a model to computer the protection probability of any position in the area where a security network is deployed. We provide a solution to find the most vulnerable path of a security network and the protection probability on the path is considered as the risk measure. Finally, we study the effect of some parameters on the risk and the breach protection probability of a security network. Ultimately, we can gain insight about the risk assessment of a security system. - Highlights: • A security system is regarded abstractly as a network made up of security nodes. • We construct a model to computer the protection probability provided by a security network. • We provide a better solution to find the most vulnerable path of a security network. • We build a risk assessment model for a security network based on the most vulnerable path

A coherency-based method to increase dynamic security in power systems

Energy Technology Data Exchange (ETDEWEB)

De Tuglie, E. [Dipartimento di Ingegneria dell' Ambiente e per lo Sviluppo Sostenibile - DIASS, Politecnico di Bari, Viale del Turismo 8, 74100 Taranto (Italy); Iannone, S.M.; Torelli, F. [Dipartimento di Elettrotecnica ed Elettronica - DEE, Politecnico di Bari, Via Re David 200, 70125 Bari (Italy)

2008-08-15

Dynamic security analysis is the evaluation of the ability of a system to withstand contingencies by surviving transient conditions to acceptable steady-state operative states. When potential instability due to contingency is detected, preventive action may be desired to improve the system security. This is very important in the on-line operation of a power system, especially when the system is stability-limited. The method proposed in this paper is based on the idea that increasing coherency between generators in the transient behaviour following a system perturbation gives rise to a more stable system. In this paper, we suggest the use of the ''input-output feedback-linearization'' with a reference trajectory obtained using a system dynamic equivalent based on the centre of inertia. To quantify coherency levels a new coherency indicator has been assumed for the given reference trajectory. The result is an increasing level in coherency, critical clearing time and system stability. The method is tested on the IEEE 30 bus test system. (author)

Assessing work disability for social security benefits: international models for the direct assessment of work capacity.

Science.gov (United States)

Geiger, Ben Baumberg; Garthwaite, Kayleigh; Warren, Jon; Bambra, Clare

2017-08-25

It has been argued that social security disability assessments should directly assess claimants' work capacity, rather than relying on proxies such as on functioning. However, there is little academic discussion of how such assessments could be conducted. The article presents an account of different models of direct disability assessments based on case studies of the Netherlands, Germany, Denmark, Norway, the United States of America, Canada, Australia, and New Zealand, utilising over 150 documents and 40 expert interviews. Three models of direct work disability assessments can be observed: (i) structured assessment, which measures the functional demands of jobs across the national economy and compares these to claimants' functional capacities; (ii) demonstrated assessment, which looks at claimants' actual experiences in the labour market and infers a lack of work capacity from the failure of a concerned rehabilitation attempt; and (iii) expert assessment, based on the judgement of skilled professionals. Direct disability assessment within social security is not just theoretically desirable, but can be implemented in practice. We have shown that there are three distinct ways that this can be done, each with different strengths and weaknesses. Further research is needed to clarify the costs, validity/legitimacy, and consequences of these different models. Implications for rehabilitation It has recently been argued that social security disability assessments should directly assess work capacity rather than simply assessing functioning - but we have no understanding about how this can be done in practice. Based on case studies of nine countries, we show that direct disability assessment can be implemented, and argue that there are three different ways of doing it. These are "demonstrated assessment" (using claimants' experiences in the labour market), "structured assessment" (matching functional requirements to workplace demands), and "expert assessment" (the

Assessment of the Technological Changes Impact on the Sustainability of State Security System of Ukraine

Directory of Open Access Journals (Sweden)

Olexandr Yemelyanov

2018-04-01

Full Text Available Currently, the governments of many countries are facing with a lack of funds for financing programs for social protection of population. Among the causes of this problem, we can indicate the high unemployment rate, which, among other things, is due to implementation of labor-saving technologies. The purpose of this work is to study the impact of technological changes on the sustainability of the state social security system in Ukraine. The general approaches to the assessment of the stability of the state social security system are described. The simulation of the effect of economically efficient technological changes on the company’s income and expenses was carried out. Some patterns of such changes are established. The group of productive technological changes types is presented. The model is developed, and an indicator of the impact estimation of efficiently effective technological changes on the stability of the state social security system is proposed. The analysis of the main indicators of the state social security system functioning of Ukraine is carried out. The dynamics of indicators characterizing the labor market of Ukraine is analyzed. The influence of changes in labor productivity on costs and profits by industries of Ukraine is estimated. The evaluation of the impact of economically efficient technological changes in the industries of Ukraine on the stability of its state social security system is carried out. The different state authorities can use the obtained results for developing measures to manage the sustainability of the state social security system.

Asset Identification for Security Risk Assessment in Web Applications

OpenAIRE

Hisham M. Haddad; Brunil D. Romero

2009-01-01

As software applications become more complex they require more security, allowing them to reach an appropriate level of quality to manage information, and therefore achieving business objectives. Web applications represent one segment of software industry where security risk assessment is essential. Web engineering must address new challenges to provide new techniques and tools that guarantee high quality application development. This work focuses asset identification, the initial step in sec...

Security Situation Assessment of All-Optical Network Based on Evidential Reasoning Rule

Directory of Open Access Journals (Sweden)

Zhong-Nan Zhao

2016-01-01

Full Text Available It is important to determine the security situations of the all-optical network (AON, which is more vulnerable to hacker attacks and faults than other networks in some cases. A new approach of the security situation assessment to the all-optical network is developed in this paper. In the new assessment approach, the evidential reasoning (ER rule is used to integrate various evidences of the security factors including the optical faults and the special attacks in the AON. Furthermore, a new quantification method of the security situation is also proposed. A case study of an all-optical network is conducted to demonstrate the effectiveness and the practicability of the new proposed approach.

Monitoring the Implementation of State Regulation of National Economic Security

Directory of Open Access Journals (Sweden)

Hubarieva Iryna O.

2018-03-01

Full Text Available The aim of the article is to improve the methodological tools for monitoring the implementation of state regulation of national economic security. The approaches to defining the essence of the concept of “national economic security” are generalized. Assessment of the level of national economic security is a key element in monitoring the implementation of state regulation in this area. Recommendations for improving the methodology for assessing national economic security, the calculation algorithm of which includes four interrelated components (economic, political, social, spiritual one, suggests using analysis methods (correlation and cluster analysis, and taxonomy, which allows to determine the level and disproportion of development, can serve as a basis for monitoring the implementation of state regulation of national economic security. Such an approach to assessing national economic security makes it possible to determine the place (rank that a country occupies in a totality of countries, the dynamics of changing ranks over a certain period of time, to identify problem components, and monitor the effectiveness of state regulation of the national economic security. It the course of the research it was determined that the economic sphere is the main problem component of ensuring the security of Ukraine’s economy. The analysis made it possible to identify the most problematic partial indicators in the economic sphere of Ukraine: economic globalization, uneven economic development, level of infrastructure, level of financial market development, level of economic instability, macroeconomic stability. These indicators have a stable negative dynamics and a downward trend, which requires an immediate intervention of state bodies to ensure the national economic security.

Assessment of plutonium security effect using import premium method

International Nuclear Information System (INIS)

Ohkubo, Hiroo; Aoyagi, Tadashi; Kikuchi, Masahiro; Suzuki, Atsuyuki.

1994-01-01

A mathematical formulation was developed to describe the concept of import premium method, which can quantify a security effect of demand reduction of imports by introducing the alternative before its supply disruption (or variation) may happen. Next, by using this formula, a security value of plutonium use (especially, fast breeder reactor), defined as a contributor to reduction of possibilities of disruption (or variation) of natural uranium supply was estimated. From these studies, it is concluded that although the formula proposed here is simplified, it may be available for assessing an energy security if only we prepare the data concerning future motions of supply and demand curves. (author)

78 FR 16694 - Chemical Security Assessment Tool (CSAT)

Science.gov (United States)

2013-03-18

... information provided. Comments that include trade secrets, confidential commercial or financial information... secrets, confidential commercial or financial information, CVI, SSI, or PCII should be appropriately... Department make the instruments (e.g., Top-Screen, Security Vulnerability Assessment [SVA]/ Alternative...

Dynamic Outsourced Proofs of Retrievability Enabling Auditing Migration for Remote Storage Security

Directory of Open Access Journals (Sweden)

Lu Rao

2018-01-01

Full Text Available Remote data auditing service is important for mobile clients to guarantee the intactness of their outsourced data stored at cloud side. To relieve mobile client from the nonnegligible burden incurred by performing the frequent data auditing, more and more literatures propose that the execution of such data auditing should be migrated from mobile client to third-party auditor (TPA. However, existing public auditing schemes always assume that TPA is reliable, which is the potential risk for outsourced data security. Although Outsourced Proofs of Retrievability (OPOR have been proposed to further protect against the malicious TPA and collusion among any two entities, the original OPOR scheme applies only to the static data, which is the limitation that should be solved for enabling data dynamics. In this paper, we design a novel authenticated data structure called bv23Tree, which enables client to batch-verify the indices and values of any number of appointed leaves all at once for efficiency. By utilizing bv23Tree and a hierarchical storage structure, we present the first solution for Dynamic OPOR (DOPOR, which extends the OPOR model to support dynamic updates of the outsourced data. Extensive security and performance analyses show the reliability and effectiveness of our proposed scheme.

Assessment of Political Vulnerabilities on Security of Energy Supply in the Baltic States

Directory of Open Access Journals (Sweden)

Česnakas Giedrius

2016-06-01

Full Text Available The article argues that despite the evident link between political environment and security of energy supply, political elements are not sufficiently represented in contemporary scientific literature, namely in indexes that are designed for the assessment of security of energy supply. In an attempt to fill this gap, the article presents an innovative methodology for quantitative assessment of the political vulnerabilities on security of energy supply and applies it to the analysis of the Baltic States.

Modeling and Security Threat Assessments of Data Processed in Cloud Based Information Systems

Directory of Open Access Journals (Sweden)

Darya Sergeevna Simonenkova

2016-03-01

Full Text Available The subject of the research is modeling and security threat assessments of data processed in cloud based information systems (CBIS. This method allow to determine the current security threats of CBIS, state of the system in which vulnerabilities exists, level of possible violators, security properties and to generate recommendations for neutralizing security threats of CBIS.

Diversity for security: case assessment for FPGA-based safety-critical systems

Directory of Open Access Journals (Sweden)

Kharchenko Vyacheslav

2016-01-01

Full Text Available Industrial safety critical instrumentation and control systems (I&Cs are facing more with information (in general and cyber, in particular security threats and attacks. The application of programmable logic, first of all, field programmable gate arrays (FPGA in critical systems causes specific safety deficits. Security assessment techniques for such systems are based on heuristic knowledges and the expert judgment. Main challenge is how to take into account features of FPGA technology for safety critical I&Cs including systems in which are applied diversity approach to minimize risks of common cause failure. Such systems are called multi-version (MV systems. The goal of the paper is in description of the technique and tool for case-based security assessment of MV FPGA-based I&Cs.

33 CFR 103.410 - Persons involved in the Area Maritime Security (AMS) Assessment.

Science.gov (United States)

2010-07-01

... to: (a) Knowledge of current security threats and patterns; (b) Recognition and detection of... substances and devices on structures and port services; (g) Port security requirements; (h) Port business... Maritime Security (AMS) Assessment. 103.410 Section 103.410 Navigation and Navigable Waters COAST GUARD...

Impacts of Base-Case and Post-Contingency Constraint Relaxations on Static and Dynamic Operational Security

Science.gov (United States)

Salloum, Ahmed

Constraint relaxation by definition means that certain security, operational, or financial constraints are allowed to be violated in the energy market model for a predetermined penalty price. System operators utilize this mechanism in an effort to impose a price-cap on shadow prices throughout the market. In addition, constraint relaxations can serve as corrective approximations that help in reducing the occurrence of infeasible or extreme solutions in the day-ahead markets. This work aims to capture the impact constraint relaxations have on system operational security. Moreover, this analysis also provides a better understanding of the correlation between DC market models and AC real-time systems and analyzes how relaxations in market models propagate to real-time systems. This information can be used not only to assess the criticality of constraint relaxations, but also as a basis for determining penalty prices more accurately. Constraint relaxations practice was replicated in this work using a test case and a real-life large-scale system, while capturing both energy market aspects and AC real-time system performance. System performance investigation included static and dynamic security analysis for base-case and post-contingency operating conditions. PJM peak hour loads were dynamically modeled in order to capture delayed voltage recovery and sustained depressed voltage profiles as a result of reactive power deficiency caused by constraint relaxations. Moreover, impacts of constraint relaxations on operational system security were investigated when risk based penalty prices are used. Transmission lines in the PJM system were categorized according to their risk index and each category was as-signed a different penalty price accordingly in order to avoid real-time overloads on high risk lines. This work also extends the investigation of constraint relaxations to post-contingency relaxations, where emergency limits are allowed to be relaxed in energy market models

Assessing and comparing information security in swiss hospitals.

Science.gov (United States)

Landolt, Sarah; Hirschel, Jürg; Schlienger, Thomas; Businger, Walter; Zbinden, Alex M

2012-11-07

Availability of information in hospitals is an important prerequisite for good service. Significant resources have been invested to improve the availability of information, but it is also vital that the security of this information can be guaranteed. The goal of this study was to assess information security in hospitals through a questionnaire based on the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standard ISO/IEC 27002, evaluating Information technology - Security techniques - Code of practice for information-security management, with a special focus on the effect of the hospitals' size and type. The survey, set up as a cross-sectional study, was conducted in January 2011. The chief information officers (CIOs) of 112 hospitals in German-speaking Switzerland were invited to participate. The online questionnaire was designed to be fast and easy to complete to maximize participation. To group the analyzed controls of the ISO/IEC standard 27002 in a meaningful way, a factor analysis was performed. A linear score from 0 (not implemented) to 3 (fully implemented) was introduced. The scores of the hospitals were then analyzed for significant differences in any of the factors with respect to size and type of hospital. The participating hospitals were offered a benchmark report about their status. The 51 participating hospitals had an average score of 51.1% (range 30.6% - 81.9%) out of a possible 100% where all items in the questionnaire were fully implemented. Room for improvement could be identified, especially for the factors covering "process and quality management" (average score 1.3 ± 0.8 out of a maximum of 3) and "organization and risk management" (average score 1.3 ± 0.7 out of a maximum of 3). Private hospitals scored significantly higher than university hospitals in the implementation of "security zones" and "backup" (P = .008). Half (50.00%, 8588/17,177) of all assessed hospital beds

ArgueSecure: Out-of-the-box Risk Assessment

NARCIS (Netherlands)

Ionita, Dan; Kegel, Roeland Hendrik,Pieter; Wieringa, Roelf J.; Baltuta, Andrei

Most established security risk assessment methodologies aim to produce ranked lists of risks. But ranking requires quantification of risks, which in turn relies on data which may not be available or estimations which might not be accurate. As an alternative, we have previously proposed

GEOGLAM Crop Assessment Tool: Adapting from global agricultural monitoring to food security monitoring

Science.gov (United States)

Humber, M. L.; Becker-Reshef, I.; Nordling, J.; Barker, B.; McGaughey, K.

2014-12-01

The GEOGLAM Crop Monitor's Crop Assessment Tool was released in August 2013 in support of the GEOGLAM Crop Monitor's objective to develop transparent, timely crop condition assessments in primary agricultural production areas, highlighting potential hotspots of stress/bumper crops. The Crop Assessment Tool allows users to view satellite derived products, best available crop masks, and crop calendars (created in collaboration with GEOGLAM Crop Monitor partners), then in turn submit crop assessment entries detailing the crop's condition, drivers, impacts, trends, and other information. Although the Crop Assessment Tool was originally intended to collect data on major crop production at the global scale, the types of data collected are also relevant to the food security and rangelands monitoring communities. In line with the GEOGLAM Countries at Risk philosophy of "foster[ing] the coordination of product delivery and capacity building efforts for national and regional organizations, and the development of harmonized methods and tools", a modified version of the Crop Assessment Tool is being developed for the USAID Famine Early Warning Systems Network (FEWS NET). As a member of the Countries at Risk component of GEOGLAM, FEWS NET provides agricultural monitoring, timely food security assessments, and early warnings of potential significant food shortages focusing specifically on countries at risk of food security emergencies. While the FEWS NET adaptation of the Crop Assessment Tool focuses on crop production in the context of food security rather than large scale production, the data collected is nearly identical to the data collected by the Crop Monitor. If combined, the countries monitored by FEWS NET and GEOGLAM Crop Monitor would encompass over 90 countries representing the most important regions for crop production and food security.

The design of a dynamic security system at the XXIII Summer Olympics at Los Angeles

International Nuclear Information System (INIS)

Bruckner, D.G.

1985-01-01

The security requirements of the XXIII Summer Olympic Games at Los Angeles provided a challenge unparalleled in the history of the modern games. This paper discusses the dynamics involved and suggests that the principles used are applicable to many of today's security environments. The success of the Intrusion Detection Systems (IDS) employed at each of the three Olympic villages and at the Piper Technical Center is a known fact. How it was accomplished is addressed in a straightforward, systematic way. The paper also recognizes the contributions made by the security community, law enforcement agencies, the government, military, the security industry and RandD organizations. It was a team effort that reflected the spirit of the games and the American ''can-do'' attitude

Computer Security Incident Response Team Effectiveness: A Needs Assessment.

Science.gov (United States)

Van der Kleij, Rick; Kleinhuis, Geert; Young, Heather

2017-01-01

Computer security incident response teams (CSIRTs) respond to a computer security incident when the need arises. Failure of these teams can have far-reaching effects for the economy and national security. CSIRTs often have to work on an ad hoc basis, in close cooperation with other teams, and in time constrained environments. It could be argued that under these working conditions CSIRTs would be likely to encounter problems. A needs assessment was done to see to which extent this argument holds true. We constructed an incident response needs model to assist in identifying areas that require improvement. We envisioned a model consisting of four assessment categories: Organization, Team, Individual and Instrumental. Central to this is the idea that both problems and needs can have an organizational, team, individual, or technical origin or a combination of these levels. To gather data we conducted a literature review. This resulted in a comprehensive list of challenges and needs that could hinder or improve, respectively, the performance of CSIRTs. Then, semi-structured in depth interviews were held with team coordinators and team members of five public and private sector Dutch CSIRTs to ground these findings in practice and to identify gaps between current and desired incident handling practices. This paper presents the findings of our needs assessment and ends with a discussion of potential solutions to problems with performance in incident response.

Computer Security Incident Response Team Effectiveness: A Needs Assessment

Directory of Open Access Journals (Sweden)

Rick Van der Kleij

2017-12-01

Full Text Available Computer security incident response teams (CSIRTs respond to a computer security incident when the need arises. Failure of these teams can have far-reaching effects for the economy and national security. CSIRTs often have to work on an ad hoc basis, in close cooperation with other teams, and in time constrained environments. It could be argued that under these working conditions CSIRTs would be likely to encounter problems. A needs assessment was done to see to which extent this argument holds true. We constructed an incident response needs model to assist in identifying areas that require improvement. We envisioned a model consisting of four assessment categories: Organization, Team, Individual and Instrumental. Central to this is the idea that both problems and needs can have an organizational, team, individual, or technical origin or a combination of these levels. To gather data we conducted a literature review. This resulted in a comprehensive list of challenges and needs that could hinder or improve, respectively, the performance of CSIRTs. Then, semi-structured in depth interviews were held with team coordinators and team members of five public and private sector Dutch CSIRTs to ground these findings in practice and to identify gaps between current and desired incident handling practices. This paper presents the findings of our needs assessment and ends with a discussion of potential solutions to problems with performance in incident response.

Artificial neural networks for static security assessment

Energy Technology Data Exchange (ETDEWEB)

Niebur, D.; Fischl, R.

1997-12-31

A reliable, continuous supply of electric energy is essential for the functioning of today`s complex societies. Due to a combination of increasing energy consumption and impediments of various kinds to the extension of existing electric transmission networks, these power systems are operated closer and closer to their limits. This situation requires a significantly less conservative power system operation and control regime which, in turn, is possible only by monitoring the system state in much more detail than was necessary previously. Fortunately, the large quantity of information required can be provided in many cases through recent advances in telecommunications and computing techniques. There is, however, a lack of evaluation techniques required to extract the salient information and to use it for higher-order processing. Whilst the sheer quantity of available information is always a problem, this situation is aggravated in emergency situations when rapid decisions are required. Furthermore, the behaviour of power systems is highly non-linear. Monitoring and control involves several hundred variables which are only partly available by measurements. Load demands and dynamic loads are difficult to model. Therefore models appropriate for normal situations might become invalid in emergency situations. These problems provide important motivation to explore novel data processing and programming techniques from the vast pool of artificial intelligence techniques. The following section gives a short introduction to static security assessment. (Author)

Effective vulnerability assessments for physical security devices, systems, and programs

International Nuclear Information System (INIS)

Johnston, R.G.; Garcia, A.R.E.

2002-01-01

Full text: The efficacy of devices, systems, and programs used for physical security depend critically on having periodic and effective vulnerability assessments. Effective vulnerability assessments, in turn, require certain conditions and attributes. These include: a proper understanding of their purpose; not confusing vulnerability assessments with other kinds of metrics, analyses, tests, and security exercises; the view that vulnerabilities are inevitable, and that finding them is good news (since they can then be mitigated), not bad news; rejection of findings of no vulnerabilities; avoidance of mere 'compliance mode' rubber stamping; the use of the proper outside, independent, imaginative personnel; psychologically predisposed to finding and demonstrating problems; the absence of conflicts of interest; no unrealistic constraints on the possible attack tools, procedures, personnel, or strategies; efforts to not just find and demonstrate vulnerabilities, but also to suggest possible countermeasures; proper context; input and buy-in from ALL facility security personnel, especially low-level personnel; emphasis on the simplest, most relevant attacks first; no underestimation of potential adversaries; consideration of fault analysis attacks; awareness of Rohrbach's Maxim and Shannon's Maxim. In addition to these factors, we will cover some of the complex issues and problems associated with the design of vulnerability assessments. There will also be suggestions on how to conduct effective vulnerability assessments on a severely limited budget. We will conclude with a discussion of both conventional and unconventional ways of reporting results. (author)

Security Enhancement for Multicast over Internet of Things by Dynamically Constructed Fountain Codes

Directory of Open Access Journals (Sweden)

Qinghe Du

2018-01-01

Full Text Available The Internet of Things (IoT is expected to accommodate every object which exists in this world or likely to exist in the near future. The enormous scale of the objects is challenged by big security concerns, especially for common information dissemination via multicast services, where the reliability assurance for multiple multicast users at the cost of increasing redundancy and/or retransmissions also benefits eavesdroppers in successfully decoding the overheard signals. The objective of this work is to address the security challenge present in IoT multicast applications. Specifically, with the presence of the eavesdropper, an adaptive fountain code design is proposed in this paper to enhance the security for multicast in IoT. The main novel features of the proposed scheme include two folds: (i dynamical encoding scheme which can effectively decrease intercept probability at the eavesdropper; (ii increasing the transmission efficiency compared with the conventional nondynamical design. The analysis and simulation results show that the proposed scheme can effectively enhance information security while achieving higher transmission efficiency with a little accredited complexity, thus facilitating the secured wireless multicast transmissions over IoT.

A dynamic mathematical test of international property securities bubbles and crashes

Science.gov (United States)

Hui, Eddie C. M.; Zheng, Xian; Wang, Hui

2010-04-01

This study investigates property securities bubbles and crashes by using a dynamic mathematical methodology developed from the previous research (Watanabe et al. 2007a, b [31,32]). The improved model is used to detect the bubble and crash periods in five international countries/cities (namely, United States, United Kingdom, Japan, Hong Kong and Singapore) from Jan, 2000 to Oct, 2008. By this model definition, we are able to detect the beginning of each bubble period even before it bursts. Meanwhile, the empirical results show that most of property securities markets experienced bubble periods between 2003 and 2007, and crashes happened in Apr 2008 triggered by the Subprime Mortgage Crisis of US. In contrast, Japan suffered the shortest bubble period and no evidence has documented the existence of crash there.

A secure effective dynamic group password-based authenticated key agreement scheme for the integrated EPR information system

Directory of Open Access Journals (Sweden)

Vanga Odelu

2016-01-01

Full Text Available With the rapid growth of the Internet, a lot of electronic patient records (EPRs have been developed for e-medicine systems. The security and privacy issues of EPRs are important for the patients in order to understand how the hospitals control the use of their personal information, such as name, address, e-mail, medical records, etc. of a particular patient. Recently, Lee et al. proposed a simple group password-based authenticated key agreement protocol for the integrated EPR information system (SGPAKE. However, in this paper, we show that Lee et al.’s protocol is vulnerable to the off-line weak password guessing attack and as a result, their scheme does not provide users’ privacy. To withstand this security weakness found in Lee et al.’s scheme, we aim to propose an effective dynamic group password-based authenticated key exchange scheme for the integrated EPR information system, which retains the original merits of Lee et al.’s scheme. Through the informal and formal security analysis, we show that our scheme provides users’ privacy, perfect forward security and known-key security, and also protects online and offline password guessing attacks. Furthermore, our scheme efficiently supports the dynamic group password-based authenticated key agreement for the integrated EPR information system. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications tool and show that our scheme is secure against passive and active attacks.

Secure Dynamic access control scheme of PHR in cloud computing.

Science.gov (United States)

Chen, Tzer-Shyong; Liu, Chia-Hui; Chen, Tzer-Long; Chen, Chin-Sheng; Bau, Jian-Guo; Lin, Tzu-Ching

2012-12-01

With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system "personal health records (PHR)" is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access

Probabilistic safety assessment technology for commercial nuclear power plant security evaluation

International Nuclear Information System (INIS)

Liming, J.K.; Johnson, D.H.; Dykes, A.A.

2004-01-01

Commercial nuclear power plant physical security has received much more intensive treatment and regulatory attention since September 11, 2001. In light of advancements made by the nuclear power industry in the field of probabilistic safety assessment (PSA) for its power plants over that last 30 years, and given the many examples of successful applications of risk-informed regulation at U. S. nuclear power plants during recent years, it may well be advisable to apply a 'risk-informed' approach to security management at nuclear power plants from now into the future. In fact, plant PSAs developed in response to NRC Generic Letter 88-20 and related requirements are used to help define target sets of critical plant safety equipment in our current security exercises for the industry. With reasonable refinements, plant PSAs can be used to identify, analyze, and evaluate reasonable and prudent approaches to address security issues and associated defensive strategies at nuclear power plants. PSA is the ultimate scenario-based approach to risk assessment, and thus provides a most powerful tool in identifying and evaluating potential risk management decisions. This paper provides a summary of observations of factors that are influencing or could influence cost-effective or 'cost-reasonable' security management decision-making in the current political environment, and provides recommendations for the application of PSA tools and techniques to the nuclear power plant operational safety response exercise process. The paper presents a proposed framework for nuclear power plant probabilistic terrorist risk assessment that applies these tools and techniques. (authors)

Vulnerability Identification Errors in Security Risk Assessments

OpenAIRE

Taubenberger, Stefan

2014-01-01

At present, companies rely on information technology systems to achieve their business objectives, making them vulnerable to cybersecurity threats. Information security risk assessments help organisations to identify their risks and vulnerabilities. An accurate identification of risks and vulnerabilities is a challenge, because the input data is uncertain. So-called ’vulnerability identification errors‘ can occur if false positive vulnerabilities are identified, or if vulnerabilities remain u...

A review of video security training and assessment-systems and their applications

International Nuclear Information System (INIS)

Cellucci, J.; Hall, R.J.

1991-01-01

This paper reports that during the last 10 years computer-aided video data collection and playback systems have been used as nuclear facility security training and assessment tools with varying degrees of success. These mobile systems have been used by trained security personnel for response force training, vulnerability assessment, force-on-force exercises and crisis management. Typically, synchronous recordings from multiple video cameras, communications audio, and digital sensor inputs; are played back to the exercise participants and then edited for training and briefing. Factors that have influence user acceptance include: frequency of use, the demands placed on security personnel, fear of punishment, user training requirements and equipment cost. The introduction of S-VHS video and new software for scenario planning, video editing and data reduction; should bring about a wider range of security applications and supply the opportunity for significant cost sharing with other user groups

A Secure Dynamic Identity and Chaotic Maps Based User Authentication and Key Agreement Scheme for e-Healthcare Systems.

Science.gov (United States)

Li, Chun-Ta; Lee, Cheng-Chi; Weng, Chi-Yao; Chen, Song-Jhih

2016-11-01

Secure user authentication schemes in many e-Healthcare applications try to prevent unauthorized users from intruding the e-Healthcare systems and a remote user and a medical server can establish session keys for securing the subsequent communications. However, many schemes does not mask the users' identity information while constructing a login session between two or more parties, even though personal privacy of users is a significant topic for e-Healthcare systems. In order to preserve personal privacy of users, dynamic identity based authentication schemes are hiding user's real identity during the process of network communications and only the medical server knows login user's identity. In addition, most of the existing dynamic identity based authentication schemes ignore the inputs verification during login condition and this flaw may subject to inefficiency in the case of incorrect inputs in the login phase. Regarding the use of secure authentication mechanisms for e-Healthcare systems, this paper presents a new dynamic identity and chaotic maps based authentication scheme and a secure data protection approach is employed in every session to prevent illegal intrusions. The proposed scheme can not only quickly detect incorrect inputs during the phases of login and password change but also can invalidate the future use of a lost/stolen smart card. Compared the functionality and efficiency with other authentication schemes recently, the proposed scheme satisfies desirable security attributes and maintains acceptable efficiency in terms of the computational overheads for e-Healthcare systems.

Dynamic Group Management Scheme for Sustainable and Secure Information Sensing in IoT

Directory of Open Access Journals (Sweden)

Hyungjoo Kim

2016-10-01

Full Text Available The services provided to users in the environment associated with the Internet of Things (hereinafter referred to as IoT begin with the information collected from sensors. It is imperative to transmit high-quality sensor data for providing better services. It is also required to collect data only from those authenticated sensors. Moreover, it is imperative to collect high-quality data on a sustainable and continuous basis in order to provide services anytime and anywhere in the IoT environment. Therefore, high-quality, authenticated sensor networks should be constructed. The most prominent routing protocol to enhance the energy consumption efficiency for the sustainable data collection in a sensor network is the LEACH routing protocol. The LEACH routing protocol transmits sensor data by measuring the energy of sensors and allocating sensor groups dynamically. However, these sensor networks have vulnerabilities such as key leakage, eavesdropping, replay attack and relay attack, given the nature of wireless network communication. A large number of security techniques have been studied in order to solve these vulnerabilities. Nonetheless, these studies still cannot support the dynamic sensor group allocation of the LEACH routing protocol. Furthermore, they are not suitable for the sensor nodes whose hardware computing ability and energy resources are limited. Therefore, this paper proposed a group sensor communication protocol that utilizes only the four fundamental arithmetic operations and logical operation for the sensor node authentication and secure data transmission. Through the security analysis, this paper verified that the proposed scheme was secure to the vulnerabilities resulting from the nature of wireless network communication. Moreover, this paper verified through the performance analysis that the proposed scheme could be utilized efficiently.

Identification of the Level of Financial Security of an Insurance Company

Directory of Open Access Journals (Sweden)

Kozmenko Serhiy M.

2014-02-01

Full Text Available The article is devoted to theoretical and practical aspects of identification of financial security of the insurer. The article justifies urgency of identification of the level of financial security of the insurer and its qualitative assessment. It offers a scientific and methodical approach to identification of the level of financial security of the insurer on the basis of the conducted analysis of advantages and shortcomings of the existing approaches. The basis of the developed methods is a generalised assessment of the level of financial security of the insurer, which is offered to be carried out on the basis of calculation of statistical and dynamic integral indicators of financial security of the insurance company. The obtained integral assessments allow making a conclusion about efficiency of the selected strategy of the insurer and its ability to oppose to negative influence of threats to financial security. Results of calculation of integral indicators of financial security of the insurer allow identification of influence of fraud as the main threat to financial security of domestic insurance companies. The proposed approach was realised in practice of Ukrainian insurers and proved its efficiency.

Challenging the planetary boundaries II: Assessing the sustainable global population and phosphate supply, using a systems dynamics assessment model

International Nuclear Information System (INIS)

Sverdrup, Harald U.; Ragnarsdottir, Kristin Vala

2011-01-01

Highlights: → Peak phosphorus supply behaviour. → Recycling essential for phosphorus supply. → Phosphorus supply is connected to food security. - Abstract: A systems dynamics model was developed to assess the planetary boundary for P supply in relation to use by human society. It is concluded that present day use rates and poor recycling rates of P are unsustainable at timescales beyond 100+ a. The predictions made suggest that P will become a scarce and expensive material in the future. The study shows clearly that market mechanisms alone will not be able to secure an efficient use before a large part of the resource will have been allowed to dissipate into the natural environment. It is suggested that population size management and effective recycling measures must be planned long term to avoid unpleasant consequences of hunger and necessary corrections imposed on society by mass balance and thermodynamics.

Water security for productive economies : Applying an assessment framework in southern Africa

NARCIS (Netherlands)

Holmatov, Bunyod; Lautze, Jonathan; Manthrithilake, Herath; Makin, Ian

2017-01-01

Achieving water security has emerged as a major objective in Africa, yet an analytical or diagnostic framework for assessing water security in African countries is not known to exist. This paper applies one key dimension of the 2016 Asian Development Bank's (ADB) Asian Water Development Outlook

Development of Risk Assessment Methodology for State's Nuclear Security Regime

Energy Technology Data Exchange (ETDEWEB)

Jang, Sung Soon; Seo, Hyung Min; Lee, Jung Ho; Kwak, Sung Woo [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

2011-05-15

Threats of nuclear terrorism are increasing after 9/11 terrorist attack. Treats include nuclear explosive device (NED) made by terrorist groups, radiological damage caused by a sabotage aiming nuclear facilities, and radiological dispersion device (RDD), which is also called 'dirty bomb'. In 9/11, Al Qaeda planed to cause radiological consequences by the crash of a nuclear power plant and the captured airplane. The evidence of a dirty bomb experiment was found in Afganistan by the UK intelligence agency. Thus, the international communities including the IAEA work substantial efforts. The leaders of 47 nations attended the 2010 nuclear security summit hosted by President Obama, while the next global nuclear summit will be held in Seoul, 2012. Most states established and are maintaining state's nuclear security regime because of the increasing threat and the international obligations. However, each state's nuclear security regime is different and depends on the state's environment. The methodology for the assessment of state's nuclear security regime is necessary to design and implement an efficient nuclear security regime, and to figure out weak points. The IAEA's INPRO project suggests a checklist method for State's nuclear security regime. The IAEA is now researching more quantitative methods cooperatively with several countries including Korea. In this abstract, methodologies to evaluate state's nuclear security regime by risk assessment are addressed

76 FR 43696 - Nationwide Cyber Security Review (NCSR) Assessment

Science.gov (United States)

2011-07-21

... other forms of information technology, e.g., permitting electronic submissions of responses. FOR FURTHER... Emergency Readiness Team (US-CERT) Secure Portal. The assessment stakeholders will be states and major urban... resilience. Through the NCSR, CSEP will examine relationships, interactions, and processes governing IT...

Secure Dynamic Program Repartitioning

DEFF Research Database (Denmark)

Hansen, Rene Rydhoff; Probst, Christian

2005-01-01

Secure program partitioning has been introduced as a language-based technique to allow the distribution of data and computation across mutualy untrusted hosts, while at the same time guaranteeing the protection of confidential data. Programs that have been annotated with security types......, but the partitioning compiler becomes a part of the network and can recompile applications, thus alowing hosts to enter or leave the framework. We contend that this setting is superior to static partitioning, since it allows redistribution of data and computations. This is especialy beneficial if the new host alows...... data and computations to better fulfil the trust requirements of the users. Erasure Policies ensure that the original host of the redistributed data or computation does not store the data any longer....

Wide Area Measurement Based Security Assessment & Monitoring of Modern Power System: A Danish Power System Case Study

DEFF Research Database (Denmark)

Rather, Zakir Hussain; Chen, Zhe; Thøgersen, Paul

2013-01-01

Power System security has become a major concern across the global power system community. This paper presents wide area measurement system (WAMS) based security assessment and monitoring of modern power system. A new three dimensional security index (TDSI) has been proposed for online security...... monitoring of modern power system with large scale renewable energy penetration. Phasor measurement unit (PMU) based WAMS has been implemented in western Danish Power System to realize online security monitoring and assessment in power system control center. The proposed security monitoring system has been...

A method to assess multi-modal hazmat transport security vulnerabilities: Hazmat transport SVA

NARCIS (Netherlands)

Reniers, G.L.L.; Dullaert, W.E.H.

2013-01-01

The suggested Hazmat transport Security Vulnerability Assessment (SVA) methodology presents a user-friendly approach to determine relative security risk levels of the different modes of hazardous freight transport (i.e., road, railway, inland waterways and pipeline transportation). First, transport

Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security

National Research Council Canada - National Science Library

Ganger, Gregory

2000-01-01

This report contains the technical content of a recent funding proposal. In it, we propose a new approach to network security in which each individual device erects its own security perimeter and defends its own critical resources...

Security Risk Assessment Process for UAS in the NAS CNPC Architecture

Science.gov (United States)

Iannicca, Dennis Christopher; Young, Daniel Paul; Suresh, Thadhani; Winter, Gilbert A.

2013-01-01

This informational paper discusses the risk assessment process conducted to analyze Control and Non-Payload Communications (CNPC) architectures for integrating civil Unmanned Aircraft Systems (UAS) into the National Airspace System (NAS). The assessment employs the National Institute of Standards and Technology (NIST) Risk Management framework to identify threats, vulnerabilities, and risks to these architectures and recommends corresponding mitigating security controls. This process builds upon earlier work performed by RTCA Special Committee (SC) 203 and the Federal Aviation Administration (FAA) to roadmap the risk assessment methodology and to identify categories of information security risks that pose a significant impact to aeronautical communications systems. A description of the deviations from the typical process is described in regards to this aeronautical communications system. Due to the sensitive nature of the information, data resulting from the risk assessment pertaining to threats, vulnerabilities, and risks is beyond the scope of this paper

How strategic dynamics complicate the framing of alternatives in strategic environmental assessment

DEFF Research Database (Denmark)

Lyhne, Ivar

2012-01-01

of the Danish Natural Gas Security of Supply Plan. Special emphasis is given to the framing of alternatives in the SEA process, since alternatives are directly related to the contextual developments. Based on a participative approach, strategic dynamics are mapped and the reactions and concerns in the SEA team......Unpredictable and complex developments challenge the application of strategic environmental assessment (SEA), e.g. in terms of timing, prediction, and relevance of assessments. Especially multi-actor and unstructured strategic level decision-making processes often seem to be characterised...... by unpredictable and complex changes. Despite apparent implications, explorative investigations about how unpredictability influences SEA application in practice are rare. This article aims at shedding light on contextual changes and reactions to such changes in practice by a case study of the specific SEA process...

Data security and risk assessment in cloud computing

Directory of Open Access Journals (Sweden)

Li Jing

2018-01-01

Full Text Available Cloud computing has attracted more and more attention as it reduces the cost of IT infrastructure of organizations. In our country, business Cloud services, such as Alibaba Cloud, Huawei Cloud, QingCloud, UCloud and so on are gaining more and more uses, especially small or median organizations. In the cloud service scenario, the program and data are migrating into cloud, resulting the lack of trust between customers and cloud service providers. However, the recent study on Cloud computing is mainly focused on the service side, while the data security and trust have not been sufficiently studied yet. This paper investigates into the data security issues from data life cycle which includes five steps when an organization uses Cloud computing. A data management framework is given out, including not only the data classification but also the risk management framework. Concretely, the data is divided into two varieties, business and personal information. And then, four classification levels (high, medium, low, normal according to the different extent of the potential adverse effect is introduced. With the help of classification, the administrators can identify the application or data to implement corresponding security controls. At last, the administrators conduct the risk assessment to alleviate the risk of data security. The trust between customers and cloud service providers will be strengthen through this way.

Mobile Detection Assessment and Response Systems (MDARS): A Force Protection, Physical Security Operational Success

National Research Council Canada - National Science Library

Shoop, Brian; Johnston, Michael; Goehring, Richard; Moneyhun, Jon; Skibba, Brian

2006-01-01

... & barrier assessment payloads. Its functions include surveillance, security, early warning, incident first response and product and barrier status primarily focused on a depot/munitions security mission at structured/semi-structured facilities...

Assessment And Testing of Industrial Devices Robustness Against Cyber Security Attacks

CERN Document Server

Tilaro, F

2011-01-01

CERN (European Organization for Nuclear Research),like any organization, needs to achieve the conflicting objectives of connecting its operational network to Internet while at the same time keeping its industrial control systems secure from external and internal cyber attacks. With this in mind, the ISA-99[0F1] international cyber security standard has been adopted at CERN as a reference model to define a set of guidelines and security robustness criteria applicable to any network device. Devices robustness represents a key link in the defense-in-depth concept as some attacks will inevitably penetrate security boundaries and thus require further protection measures. When assessing the cyber security robustness of devices we have singled out control system-relevant attack patterns derived from the well-known CAPEC[1F2] classification. Once a vulnerability is identified, it needs to be documented, prioritized and reproduced at will in a dedicated test environment for debugging purposes. CERN - in collaboration ...

Design concept of CSRAS (Cyber Security Risk Analysis and Assessment System) for digital I and C systems

International Nuclear Information System (INIS)

Song, J. G.; Lee, J. W.; Lee, D. Y.; Lee, C. K.

2012-01-01

The instrumentation and control (I and C) systems in nuclear power plants (NPPs) have been digitalized recently. Hence, cyber security becomes an important feature to be incorporated into the I and C systems. The Regulatory Guide 5.71 published by U.C NRC in 2010 presents a comprehensive set of security controls for the cyber security of I and C systems in NPPs. However, the application of security controls specified in the RG 5.71 in a specific I and C system still requires many analysis efforts based on the understanding of the security controls, since the guideline does not provide the details to system designers or developers regarding what, where, and how to apply the security controls. To apply security controls to I and C systems, cyber security requirements should be identified based on the cyber security policy and program, then the design and implementation of security controls should be performed along with the I and C system development life cycle. It can be assumed that cyber security requirements are identified during the system design(SD) phase and the design and implementation of security controls is performed during the component design(CD) phase. When identifying security requirements and performing the design and implementation of security controls, cyber security risk assessments should be processed with the understanding of the characteristics of target systems. In this study, the Cyber Security Risk Analysis and Assessment System (CSRAS) has been developed as a tool for analyzing security requirements and technical security controls considering based on a general cyber security risk assessment procedure with the consideration of the characteristics of I and C systems and the development phases

Design concept of CSRAS (Cyber Security Risk Analysis and Assessment System) for digital I and C systems

Energy Technology Data Exchange (ETDEWEB)

Song, J. G.; Lee, J. W.; Lee, D. Y.; Lee, C. K. [KAERI, Daejeon (Korea, Republic of)

2012-10-15

The instrumentation and control (I and C) systems in nuclear power plants (NPPs) have been digitalized recently. Hence, cyber security becomes an important feature to be incorporated into the I and C systems. The Regulatory Guide 5.71 published by U.C NRC in 2010 presents a comprehensive set of security controls for the cyber security of I and C systems in NPPs. However, the application of security controls specified in the RG 5.71 in a specific I and C system still requires many analysis efforts based on the understanding of the security controls, since the guideline does not provide the details to system designers or developers regarding what, where, and how to apply the security controls. To apply security controls to I and C systems, cyber security requirements should be identified based on the cyber security policy and program, then the design and implementation of security controls should be performed along with the I and C system development life cycle. It can be assumed that cyber security requirements are identified during the system design(SD) phase and the design and implementation of security controls is performed during the component design(CD) phase. When identifying security requirements and performing the design and implementation of security controls, cyber security risk assessments should be processed with the understanding of the characteristics of target systems. In this study, the Cyber Security Risk Analysis and Assessment System (CSRAS) has been developed as a tool for analyzing security requirements and technical security controls considering based on a general cyber security risk assessment procedure with the consideration of the characteristics of I and C systems and the development phases.

Investigating the applicability of Dynamic Assessment in Iran: From ...

African Journals Online (AJOL)

3) Teachers with different levels of education held similar and positive attitudes regarding the applicability of dynamic assessment. Key words: Assessment, Dynamic Assessment, Zone of Proximal Development, Interventionist Dynamic Assessment, Interactionist Dynamic Assessment. La présente étude visait à étudier les ...

Y-12 National Security Complex Water Assessment

Energy Technology Data Exchange (ETDEWEB)

Elam, Shana E.; Bassett, P.; McMordie Stoughton, Kate

2010-11-01

The Department of Energy's Federal Energy Management Program (FEMP) sponsored a water assessment at the Y 12 National Security Complex (Y 12) located in Oak Ridge, Tennessee. Driven by mandated water reduction goals of Executive Orders 13423 and 13514, the objective of the water assessment is to develop a comprehensive understanding of the current water-consuming applications and equipment at Y 12 and to identify key areas for water efficiency improvements that could be applied not only at Y-12 but at other Federal facilities as well. FEMP selected Pacific Northwest National Laboratory to coordinate and manage the water assessment. PNNL contracted Water Savers, LLC to lead the technical aspects of the water assessment. Water Savers provided key technical expertise in water auditing, metering, and cooling systems. This is the report of that effort, which concluded that the Y-12 facility could realize considerable water savings by implementing the recommended water efficiency opportunities.

Improvement of economic security management system of municipalities with account of transportation system development: methods of assessment

Science.gov (United States)

Khe Sun, Pak; Vorona-Slivinskaya, Lubov; Voskresenskay, Elena

2017-10-01

The article highlights the necessity of a complex approach to assess economic security of municipalities, which would consider municipal management specifics. The approach allows comparing the economic security level of municipalities, but it does not describe parameter differences between compared municipalities. Therefore, there is a second method suggested: parameter rank order method. Applying these methods allowed to figure out the leaders and outsiders of the economic security among municipalities and rank all economic security parameters according to the significance level. Complex assessment of the economic security of municipalities, based on the combination of the two approaches, allowed to assess the security level more accurate. In order to assure economic security and equalize its threshold values, one should pay special attention to transportation system development in municipalities. Strategic aims of projects in the area of transportation infrastructure development in municipalities include the following issues: contribution into creating and elaborating transportation logistics and manufacture transport complexes, development of transportation infrastructure with account of internal and external functions of the region, public transport development, improvement of transport security and reducing its negative influence on the environment.

Two Stage Secure Dynamic Load Balancing Architecture for SIP Server Clusters

Directory of Open Access Journals (Sweden)

G. Vennila

2014-08-01

Full Text Available Session Initiation Protocol (SIP is a signaling protocol emerged with an aim to enhance the IP network capabilities in terms of complex service provision. SIP server scalability with load balancing has a greater concern due to the dramatic increase in SIP service demand. Load balancing of session method (request/response and security measures optimizes the SIP server to regulate of network traffic in Voice over Internet Protocol (VoIP. Establishing a honeywall prior to the load balancer significantly reduces SIP traffic and drops inbound malicious load. In this paper, we propose Active Least Call in SIP Server (ALC_Server algorithm fulfills objectives like congestion avoidance, improved response times, throughput, resource utilization, reducing server faults, scalability and protection of SIP call from DoS attacks. From the test bed, the proposed two-tier architecture demonstrates that the ALC_Server method dynamically controls the overload and provides robust security, uniform load distribution for SIP servers.

Security risk assessment and protection in the chemical and process industry

OpenAIRE

Reniers, Genserik; van Lerberghe, Paul; van Gulijk, Coen

2014-01-01

This article describes a security risk assessment and protection methodology that was developed for use in the chemical- and process industry in Belgium. The approach of the method follows a risk-based approach that follows desing principles for chemical safety. That approach is beneficial for workers in the chemical industry because they recognize the steps in this model from familiar safety models .The model combines the rings-of-protection approach with generic security practices including...

E-commerce System Security Assessment based on Bayesian Network Algorithm Research

OpenAIRE

Ting Li; Xin Li

2013-01-01

Evaluation of e-commerce network security is based on assessment method Bayesian networks, and it first defines the vulnerability status of e-commerce system evaluation index and the vulnerability of the state model of e-commerce systems, and after the principle of the Bayesian network reliability of e-commerce system and the criticality of the vulnerabilities were analyzed, experiments show that the change method is a good evaluation of the security of e-commerce systems.

Advancing the Assessment of Dynamic Psychological Processes.

Science.gov (United States)

Wright, Aidan G C; Hopwood, Christopher J

2016-08-01

Most commonly used clinical assessment tools cannot fully capture the dynamic psychological processes often hypothesized as core mechanisms of psychopathology and psychotherapy. There is therefore a gap between our theories of problems and interventions for those problems and the tools we use to understand clients. The purpose of this special issue is to connect theory about clinical dynamics to practice by focusing on methods for collecting dynamic data, statistical models for analyzing dynamic data, and conceptual schemes for implementing dynamic data in applied settings. In this introductory article, we argue for the importance of assessing dynamic processes, highlight recent advances in assessment science that enable their measurement, review challenges in using these advances in applied practice, and adumbrate the articles in this issue.

IAEA Nuclear Security Assessment Methodologies (NUSAM) Project for Regulated Facilities

International Nuclear Information System (INIS)

Jang, Sung Soon

2016-01-01

Nuclear Security Assessment Methodologies (NUSAM) is a coordinate research project. The objectives of the NUSAM project is to establish a risk informed, performance-based methodological framework in a systematic, structured, comprehensive and appropriately transparent manner; to provide an environment for the sharing and transfer of knowledge and experience; and to provide guidance on, and practical examples of good practices in assessing the security of nuclear and other radioactive materials, as well as associated facilities and activities. The author worked as an IAEA scientific secretary of the NUAM project from 2013 to 2015. IAEA launched this project in 2013 and performed many activities: meetings, document development, table-top exercises and computer simulations. Now the project is in the final stage and will be concluded in the late 2016. The project will produce documents on NUSAM assessment methods and case study documents on NPP, Irradiator Facility and Transport. South Korea as a main contributor to this project will get benefits from the NUSAM. In 2014, South Korea introduced force-on-force exercises, which could be used as the assessment of physical protection system by the methods of NUSAM

IAEA Nuclear Security Assessment Methodologies (NUSAM) Project for Regulated Facilities

Energy Technology Data Exchange (ETDEWEB)

Jang, Sung Soon [Korea Nuclear Non-proliferation and Control, Daejeon (Korea, Republic of)

2016-05-15

Nuclear Security Assessment Methodologies (NUSAM) is a coordinate research project. The objectives of the NUSAM project is to establish a risk informed, performance-based methodological framework in a systematic, structured, comprehensive and appropriately transparent manner; to provide an environment for the sharing and transfer of knowledge and experience; and to provide guidance on, and practical examples of good practices in assessing the security of nuclear and other radioactive materials, as well as associated facilities and activities. The author worked as an IAEA scientific secretary of the NUAM project from 2013 to 2015. IAEA launched this project in 2013 and performed many activities: meetings, document development, table-top exercises and computer simulations. Now the project is in the final stage and will be concluded in the late 2016. The project will produce documents on NUSAM assessment methods and case study documents on NPP, Irradiator Facility and Transport. South Korea as a main contributor to this project will get benefits from the NUSAM. In 2014, South Korea introduced force-on-force exercises, which could be used as the assessment of physical protection system by the methods of NUSAM.

Dynamic security issues in autonomous power systems with increasing wind power penetration

DEFF Research Database (Denmark)

Margaris, I.D.; Hansen, Anca Daniela; Sørensen, Poul Ejnar

2011-01-01

Asynchronous Generator (DFAG) and Permanent Magnet Synchronous Generator (PMSG) – are applied and issues regarding interaction with the power system are investigated. This paper provides conclusions about the dynamic security of non-interconnected power systems with high wind power penetration based...... on a complete model representation of the individual components of the system; three different types of conventional generators are included in the model, while the protection system is also incorporated. The load shedding following faults is finally discussed....

Dynamic Personal Identity and the Dynamic Identity Grid: How Theory and Concept Can Transform Information into Knowledge and Secure the American Homeland

Science.gov (United States)

2008-09-01

80 Figure 12. Dynamic Identity Grid Strategy Canvas ..........................................................81 Figure 13. Hurdles to...GIG Global Information Grid HSPD Homeland Security Presidential Directive IAFIS Integrated Automated Fingerprint Identification System IP...recognizing a person based on a physiological or behavioral characteristic. Biometric features that can be measured include: facial, fingerprint , hand

Security assessment for intentional island operation in modern power system

DEFF Research Database (Denmark)

Chen, Yu; Xu, Zhao; Østergaard, Jacob

2011-01-01

be increased. However, when to island or how to ensure the islanded systems can survive the islanding transition is uncertain. This article proposes an Islanding Security Region (ISR) concept to provide security assessment of island operation. By comparing the system operating state with the ISR, the system......There has been a high penetration level of Distributed Generations (DGs) in distribution systems in Denmark. Even more DGs are expected to be installed in the coming years. With that, to utilize them in maintaining the security of power supply is of great concern for Danish utilities. During...... the emergency in the power system, some distribution networks may be intentionally separated from the main grid to avoid complete system collapse. If DGs in those networks could continuously run instead of immediately being shut down, the blackout could be avoided and the reliability of supply could...

METHODS FOR ASSESSING SECURITY THREATS CONFIDENTIAL INFORMATION FOR THE INFORMATION AND TELECOMMUNICATIONS SYSTEMS

Directory of Open Access Journals (Sweden)

E. V. Belokurova

2015-01-01

Full Text Available The article discusses the different approaches to assessing the safety of confidential information-term for information and telecommunication systems of various pre-appreciable destination in the presence of internal and external threats to its integrity and availability. The difficulty of ensuring the security of confidential information from exposure to information and telecommunication systems of external and internal threats at the present time, is of particular relevance. This problem is confirmed by the analysis of available statistical information on the impact of threats on the security circulating in the information and telecommunications system. Leak confidential information, intellectual property, information, know-how is the result of significant material and moral damage caused to the owner of the restricted information. The paper presents the structure of the indicators and criteria shows that the most promising are analytical criteria. However, their use to assess the level of security of confidential information is difficult due to the lack of appropriate mathematical models. The complexity of the problem is that existing traditional mathematical models are not always appropriate for the stated objectives. Therefore, it is necessary to develop mathematical models designed to assess the security of confidential information and its impact on information and telecommunication system threats.

Cyber security risk assessment for SCADA and DCS networks.

Science.gov (United States)

Ralston, P A S; Graham, J H; Hieb, J L

2007-10-01

The growing dependence of critical infrastructures and industrial automation on interconnected physical and cyber-based control systems has resulted in a growing and previously unforeseen cyber security threat to supervisory control and data acquisition (SCADA) and distributed control systems (DCSs). It is critical that engineers and managers understand these issues and know how to locate the information they need. This paper provides a broad overview of cyber security and risk assessment for SCADA and DCS, introduces the main industry organizations and government groups working in this area, and gives a comprehensive review of the literature to date. Major concepts related to the risk assessment methods are introduced with references cited for more detail. Included are risk assessment methods such as HHM, IIM, and RFRM which have been applied successfully to SCADA systems with many interdependencies and have highlighted the need for quantifiable metrics. Presented in broad terms is probability risk analysis (PRA) which includes methods such as FTA, ETA, and FEMA. The paper concludes with a general discussion of two recent methods (one based on compromise graphs and one on augmented vulnerability trees) that quantitatively determine the probability of an attack, the impact of the attack, and the reduction in risk associated with a particular countermeasure.

A cyber security risk assessment for the design of I and C system in nuclear power plants

International Nuclear Information System (INIS)

Song, Jae Gu; Lee, Jung Woon; Lee, Cheal Kwon; Kwon, Kee Choon; Lee, Dong Young

2012-01-01

The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the life cycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

A cyber security risk assessment for the design of I and C system in nuclear power plants

Energy Technology Data Exchange (ETDEWEB)

Song, Jae Gu; Lee, Jung Woon; Lee, Cheal Kwon; Kwon, Kee Choon; Lee, Dong Young [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

2012-12-15

The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the life cycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

Assessment of Performance Measures for Security of the Maritime Transportation Network. Port Security Metrics: Proposed Measurement of Deterrence Capability

National Research Council Canada - National Science Library

Hoaglund, Robert; Gazda, Walter

2007-01-01

The goal of this analysis is to provide ASCO and its customers with a comprehensive approach to the development of quantitative performance measures to assess security improvements to the port system...

Context-sensitive Information security Risk identification and evaluation techniques

NARCIS (Netherlands)

Ionita, Dan

2014-01-01

The objective of my research is to improve and support the process of Information security Risk Assessment by designing a scalable Risk argumentation framework for socio-digital-technical Risk. Due to the various types of IT systems, diversity of architectures and dynamic nature of Risk, there is no

Economic security integrated assessment: a case study for OJSC “Sintez”

Directory of Open Access Journals (Sweden)

Esembekova A. U.

2016-07-01

Full Text Available the article seeks to define a comprehensive assessment of economic security of an organization by calculating ratios. The authors aim to determine the financial stability and the probability of bankruptcy in order to assess the liquidity of the organization, and learn how well it is protected from internal and external threats.

Quantitative Vulnerability Assessment of Cyber Security for Distribution Automation Systems

Directory of Open Access Journals (Sweden)

Xiaming Ye

2015-06-01

Full Text Available The distribution automation system (DAS is vulnerable to cyber-attacks due to the widespread use of terminal devices and standard communication protocols. On account of the cost of defense, it is impossible to ensure the security of every device in the DAS. Given this background, a novel quantitative vulnerability assessment model of cyber security for DAS is developed in this paper. In the assessment model, the potential physical consequences of cyber-attacks are analyzed from two levels: terminal device level and control center server level. Then, the attack process is modeled based on game theory and the relationships among different vulnerabilities are analyzed by introducing a vulnerability adjacency matrix. Finally, the application process of the proposed methodology is illustrated through a case study based on bus 2 of the Roy Billinton Test System (RBTS. The results demonstrate the reasonability and effectiveness of the proposed methodology.

Security Assessment Simulation Toolkit (SAST) Final Report

Energy Technology Data Exchange (ETDEWEB)

Meitzler, Wayne D.; Ouderkirk, Steven J.; Hughes, Chad O.

2009-11-15

The Department of Defense Technical Support Working Group (DoD TSWG) investment in the Pacific Northwest National Laboratory (PNNL) Security Assessment Simulation Toolkit (SAST) research planted a technology seed that germinated into a suite of follow-on Research and Development (R&D) projects culminating in software that is used by multiple DoD organizations. The DoD TSWG technology transfer goal for SAST is already in progress. The Defense Information Systems Agency (DISA), the Defense-wide Information Assurance Program (DIAP), the Marine Corps, Office Of Naval Research (ONR) National Center For Advanced Secure Systems Research (NCASSR) and Office Of Secretary Of Defense International Exercise Program (OSD NII) are currently investing to take SAST to the next level. PNNL currently distributes the software to over 6 government organizations and 30 DoD users. For the past five DoD wide Bulwark Defender exercises, the adoption of this new technology created an expanding role for SAST. In 2009, SAST was also used in the OSD NII International Exercise and is currently scheduled for use in 2010.

INTEGRATED ESTIMATION OF FOOD SECURITY IN THE REGION (BY THE EXAMPLE OF SAMARA REGION

Directory of Open Access Journals (Sweden)

Svetlana I. Nesterova

2015-01-01

Full Text Available The article presents a model of integrated assessment of food security in the region. A comprehensive analysis of food security in the Samara region in the dynamics is given, and its results are compared with the numbers of the Volga Federal District as a whole. Recommendations on further improvement of the agricultural sector are suggested.

Anticipating the unintended consequences of security dynamics.

Energy Technology Data Exchange (ETDEWEB)

Backus, George A.; Overfelt, James Robert; Malczynski, Leonard A.; Saltiel, David H.; Simon Paul Moulton

2010-01-01

In a globalized world, dramatic changes within any one nation causes ripple or even tsunamic effects within neighbor nations and nations geographically far removed. Multinational interventions to prevent or mitigate detrimental changes can easily cause secondary unintended consequences more detrimental and enduring than the feared change instigating the intervention. This LDRD research developed the foundations for a flexible geopolitical and socioeconomic simulation capability that focuses on the dynamic national security implications of natural and man-made trauma for a nation-state and the states linked to it through trade or treaty. The model developed contains a database for simulating all 229 recognized nation-states and sovereignties with the detail of 30 economic sectors including consumers and natural resources. The model explicitly simulates the interactions among the countries and their governments. Decisions among governments and populations is based on expectation formation. In the simulation model, failed expectations are used as a key metric for tension across states, among ethnic groups, and between population factions. This document provides the foundational documentation for the model.

Dynamic Auditing Protocol for Efficient and Secure Data Storage in Cloud Computing

OpenAIRE

J. Noorul Ameen; J. Jamal Mohamed; N. Nilofer Begam

2014-01-01

Cloud computing, where the data has been stored on cloud servers and retrieved by users (data consumers) the data from cloud servers. However, there are some security challenges which are in need of independent auditing services to verify the data integrity and safety in the cloud. Until now a numerous methods has been developed for remote integrity checking whichever only serve for static archive data and cannot be implemented to the auditing service if the data in the cloud is being dynamic...

The Comprehensive Approach to Assessing the Economic Security of the Industry Sector in Conditions of Globalization

Directory of Open Access Journals (Sweden)

Denysov Oleg Ye.

2018-01-01

Full Text Available The author carries out an empirical study of the level of economic security of the chemical industry sector of Ukraine in the direction of «production of polyvinyl chlorides». For this purpose the integral index of economic security has been calculated according to the model of functional-component blocks of economic security of sector, developed by the author. Application of this model allowed to research the algorithm of action of the model on the factual basis and to analyze the obtained indicators. This, in turn, made possible to draw a conclusion about the constructiveness and expediency of application of the model of basic functional-component blocks for calculating the level of economic security of the industry sector. With the help of this approach, with application of the complex, system-structural, dynamic and functional approaches, the level of economic security has been defined and the process of monitoring the status and level of economic security of the industry sector has been ensured.

Video calls from lay bystanders to dispatch centers - risk assessment of information security.

Science.gov (United States)

Bolle, Stein R; Hasvold, Per; Henriksen, Eva

2011-09-30

Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers.

Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

NARCIS (Netherlands)

Chockalingam, Sabarathinam; Hadziosmanovic, D.; Pieters, Wolter; Texeira, Andre; van Gelder, Pieter

2016-01-01

Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by

Security force-adversary engagement simulation

International Nuclear Information System (INIS)

Bennett, H.A.

1975-01-01

A dynamic simulation of a security force-adversary engagement has been developed to obtain a better understanding of the complexities involved in security systems. Factors affecting engagement outcomes were identified and interrelated to represent an ambush of an escorted nuclear fuel truck convoy by an adversary group. Other forms of engagement such as assault and skirmish also can be simulated through suitable parameter changes. The dynamic model can provide a relative evaluation of changes in security force levels, equipment, training, and tactics. Continued application and subsequent refinements of the model are expected to augment the understanding of component interaction within a guard-based security system

Selection of the Best Security Controls for Rapid Development of Enterprise-Level Cyber Security

Science.gov (United States)

2017-03-01

investment (ROI) assessment. This ROI assessment entailed consideration of both the likely/expected security benefits of each candidate security control...the top 10–20 cyber security controls, where ranking was based upon a return on investment (ROI) assessment. This ROI assessment entailed...11  II.  CYBER SECURITY: UNDERLYING PRINCIPLES, FUNDAMENTALS AND BEST PRACTICES .................................................13  A

Assessment on security system of radioactive sources used in hospitals of Thailand

Energy Technology Data Exchange (ETDEWEB)

Jitbanjong, Petchara, E-mail: petcharajit@gmail.com; Wongsawaeng, Doonyapong [Nuclear Engineering Department, Faculty of Engineering, Chulalongkorn University, 254 Phayathai Road, Pathumwan, Bangkok 10330 (Thailand)

2016-01-22

Unsecured radioactive sources have caused deaths and serious injuries in many parts of the world. In Thailand, there are 17 hospitals that use teletherapy with cobalt-60 radioactive sources. They need to be secured in order to prevent unauthorized removal, sabotage and terrorists from using such materials in a radiological weapon. The security system of radioactive sources in Thailand is regulated by the Office of Atoms for Peace in compliance with Global Threat Reduction Initiative (GTRI), U.S. DOE, which has started to be implemented since 2010. This study aims to perform an assessment on the security system of radioactive sources used in hospitals in Thailand and the results can be used as a recommended baseline data for development or improvement of hospitals on the security system of a radioactive source at a national regulatory level and policy level. Results from questionnaires reveal that in 11 out of 17 hospitals (64.70%), there were a few differences in conditions of hospitals using radioactive sources with installation of the security system and those without installation of the security system. Also, personals working with radioactive sources did not clearly understand the nuclear security law. Thus, government organizations should be encouraged to arrange trainings on nuclear security to increase the level of understanding. In the future, it is recommended that the responsible government organization issues a minimum requirement of nuclear security for every medical facility using radioactive sources.

Assessment on security system of radioactive sources used in hospitals of Thailand

Science.gov (United States)

Jitbanjong, Petchara; Wongsawaeng, Doonyapong

2016-01-01

Unsecured radioactive sources have caused deaths and serious injuries in many parts of the world. In Thailand, there are 17 hospitals that use teletherapy with cobalt-60 radioactive sources. They need to be secured in order to prevent unauthorized removal, sabotage and terrorists from using such materials in a radiological weapon. The security system of radioactive sources in Thailand is regulated by the Office of Atoms for Peace in compliance with Global Threat Reduction Initiative (GTRI), U.S. DOE, which has started to be implemented since 2010. This study aims to perform an assessment on the security system of radioactive sources used in hospitals in Thailand and the results can be used as a recommended baseline data for development or improvement of hospitals on the security system of a radioactive source at a national regulatory level and policy level. Results from questionnaires reveal that in 11 out of 17 hospitals (64.70%), there were a few differences in conditions of hospitals using radioactive sources with installation of the security system and those without installation of the security system. Also, personals working with radioactive sources did not clearly understand the nuclear security law. Thus, government organizations should be encouraged to arrange trainings on nuclear security to increase the level of understanding. In the future, it is recommended that the responsible government organization issues a minimum requirement of nuclear security for every medical facility using radioactive sources.

Assessment on security system of radioactive sources used in hospitals of Thailand

International Nuclear Information System (INIS)

Jitbanjong, Petchara; Wongsawaeng, Doonyapong

2016-01-01

Unsecured radioactive sources have caused deaths and serious injuries in many parts of the world. In Thailand, there are 17 hospitals that use teletherapy with cobalt-60 radioactive sources. They need to be secured in order to prevent unauthorized removal, sabotage and terrorists from using such materials in a radiological weapon. The security system of radioactive sources in Thailand is regulated by the Office of Atoms for Peace in compliance with Global Threat Reduction Initiative (GTRI), U.S. DOE, which has started to be implemented since 2010. This study aims to perform an assessment on the security system of radioactive sources used in hospitals in Thailand and the results can be used as a recommended baseline data for development or improvement of hospitals on the security system of a radioactive source at a national regulatory level and policy level. Results from questionnaires reveal that in 11 out of 17 hospitals (64.70%), there were a few differences in conditions of hospitals using radioactive sources with installation of the security system and those without installation of the security system. Also, personals working with radioactive sources did not clearly understand the nuclear security law. Thus, government organizations should be encouraged to arrange trainings on nuclear security to increase the level of understanding. In the future, it is recommended that the responsible government organization issues a minimum requirement of nuclear security for every medical facility using radioactive sources

An Overview of DRAM-Based Security Primitives

Directory of Open Access Journals (Sweden)

Nikolaos Athanasios Anagnostopoulos

2018-03-01

Full Text Available Recent developments have increased the demand for adequate security solutions, based on primitives that cannot be easily manipulated or altered, such as hardware-based primitives. Security primitives based on Dynamic Random Access Memory (DRAM can provide cost-efficient and practical security solutions, especially for resource-constrained devices, such as hardware used in the Internet of Things (IoT, as DRAMs are an intrinsic part of most contemporary computer systems. In this work, we present a comprehensive overview of the literature regarding DRAM-based security primitives and an extended classification of it, based on a number of different criteria. In particular, first, we demonstrate the way in which DRAMs work and present the characteristics being exploited for the implementation of security primitives. Then, we introduce the primitives that can be implemented using DRAM, namely Physical Unclonable Functions (PUFs and True Random Number Generators (TRNGs, and present the applications of each of the two types of DRAM-based security primitives. We additionally proceed to assess the security such primitives can provide, by discussing potential attacks and defences, as well as the proposed security metrics. Subsequently, we also compare these primitives to other hardware-based security primitives, noting their advantages and shortcomings, and proceed to demonstrate their potential for commercial adoption. Finally, we analyse our classification methodology, by reviewing the criteria employed in our classification and examining their significance.

An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems.

Science.gov (United States)

Chen, Hung-Ming; Lo, Jung-Wen; Yeh, Chang-Kuo

2012-12-01

The rapidly increased availability of always-on broadband telecommunication environments and lower-cost vital signs monitoring devices bring the advantages of telemedicine directly into the patient's home. Hence, the control of access to remote medical servers' resources has become a crucial challenge. A secure authentication scheme between the medical server and remote users is therefore needed to safeguard data integrity, confidentiality and to ensure availability. Recently, many authentication schemes that use low-cost mobile devices have been proposed to meet these requirements. In contrast to previous schemes, Khan et al. proposed a dynamic ID-based remote user authentication scheme that reduces computational complexity and includes features such as a provision for the revocation of lost or stolen smart cards and a time expiry check for the authentication process. However, Khan et al.'s scheme has some security drawbacks. To remedy theses, this study proposes an enhanced authentication scheme that overcomes the weaknesses inherent in Khan et al.'s scheme and demonstrated this scheme is more secure and robust for use in a telecare medical information system.

Dynamic Assessment and Its Implications for RTI Models

Science.gov (United States)

Wagner, Richard K.; Compton, Donald L.

2011-01-01

Dynamic assessment refers to assessment that combines elements of instruction for the purpose of learning something about an individual that cannot be learned as easily or at all from conventional assessment. The origins of dynamic assessment can be traced to Thorndike (1924), Rey (1934), and Vygotsky (1962), who shared three basic assumptions.…

The use of information technology security assessment criteria to protect specialized computer systems

International Nuclear Information System (INIS)

Lykov, V.A.; Shein, A.V.; Piskarev, A.S.; Devaney, D.M.; Melton, R.B.; Hunteman, W.J.; Prommel, J.M.; Rothfuss, J.S.

1997-01-01

The purpose of this paper is to discuss the information security assessment criteria used in Russia and compare it with that used in the United States. The computer system security assessment criteria utilized by the State Technical Commission of Russia and similar criteria utilized by the US Department of Defense (TCSEC) are intended for the development and implementation of proven methods for achieving a required level of information security. These criteria are utilized, first and foremost, when conducting certification assessments of general purpose systems. The Russian Federation is creating specialized systems for nuclear material control and accountancy (MC and A) within the framework of the international laboratory-to-laboratory collaboration. Depending on the conditions in which the MC and A system is intended to operate, some of the criteria and the attendant certification requirements may exceed those established or may overlap the requirements established for attestation of such systems. In this regard it is possible to modify the certification and attestation requirements depending on the conditions in which a system will operate in order to achieve the ultimate goal--implementation of the systems in the industry

SecurID

CERN Multimedia

Now called RSA SecurID, SecurID is a mechanism developed by Security Dynamics that allows two-factor authentication for a user on a network resource. It works on the principle of the unique password mode, based on a shared secret. Every sixty seconds, the component generates a new six-digit token on the screen. The latter comes from the current time (internal clock) and the seed (SecurID private key that is available on the component, and is also from the SecurID server). During an authentication request, the SecurID server will check the entered token by performing exactly the same calculation as that performed by your component. The server knows the two information required for this calculation: the current time and the seed of your component. Access is allowed if the token calculated by the server matches the token you specified.

Dynamic impact of the structure of the supply chain of perishable foods on logistics performance and food security

Energy Technology Data Exchange (ETDEWEB)

Castro, Javier Arturo Orjuela; Jaimes, Wilson Adarme

2017-07-01

Understanding how the structure affects logistical performance and food security is critical in the supply chains of perishable foods (PFSC). This research proposes a system dynamics model to analyze the effects of structures: lean, agile, flexible, responsive and resilient, in the overall performance and of each agent of the PFSC. Design/methodology/approach: Using a system dynamics model and design of experiments it is studied how the different structures and their combination, affect the behavior of inventory, transportation, responsiveness, efficiency, availability and quality-safety of the fresh fruits supply chain and each echelon. Findings: The studies of supply chains have been done for each structure in an independent way; investigations are scarce in supply chains of perishable foods. The structures modeled in this research do not show the better performance in all the metrics of the chain, neither in all agents for each structure. The above implies the presence of trade-offs. Research limitations/implications: The results show the need to investigate mixed structures with the FPSC´s own characteristics; the model can be applied in other supply chains of perishable foods. Practical implications: Management by combining structures in the FFSC, improves logistics performance and contributes to food security. Social implications: The agents of the FFSC can apply the structures found in this study, to improve their logistics performance and the food security. Originality/value: The dynamics of individual and combined structures were identified, which constitutes a contribution to the discussion in the literature of such problems for FFSC. The model includes six echelons: farmers, wholesalers, agro-industry, third-party logistics operators and retailers. The dynamic contemplates deterioration rate to model perishability and others losses.

Dynamic impact of the structure of the supply chain of perishable foods on logistics performance and food security

Directory of Open Access Journals (Sweden)

Javier Arturo Orjuela Castro

2017-10-01

Full Text Available Purpose: Understanding how the structure affects logistical performance and food security is critical in the supply chains of perishable foods (PFSC. This research proposes a system dynamics model to analyze the effects of structures: lean, agile, flexible, responsive and resilient, in the overall performance and of each agent of the PFSC. Design/methodology/approach: Using a system dynamics model and design of experiments it is studied how the different structures and their combination, affect the behavior of inventory, transportation, responsiveness, efficiency, availability and quality-safety of the fresh fruits supply chain and each echelon. Findings: The studies of supply chains have been done for each structure in an independent way; investigations are scarce in supply chains of perishable foods. The structures modeled in this research do not show the better performance in all the metrics of the chain, neither in all agents for each structure. The above implies the presence of trade-offs. Research limitations/implications: The results show the need to investigate mixed structures with the FPSC´s own characteristics; the model can be applied in other supply chains of perishable foods. Practical implications: Management by combining structures in the FFSC, improves logistics performance and contributes to food security. Social implications: The agents of the FFSC can apply the structures found in this study, to improve their logistics performance and the food security. Originality/value: The dynamics of individual and combined structures were identified, which constitutes a contribution to the discussion in the literature of such problems for FFSC. The model includes six echelons: farmers, wholesalers, agro-industry, third-party logistics operators and retailers. The dynamic contemplates deterioration rate to model perishability and others losses.

Dynamic impact of the structure of the supply chain of perishable foods on logistics performance and food security

International Nuclear Information System (INIS)

Castro, Javier Arturo Orjuela; Jaimes, Wilson Adarme

2017-01-01

Understanding how the structure affects logistical performance and food security is critical in the supply chains of perishable foods (PFSC). This research proposes a system dynamics model to analyze the effects of structures: lean, agile, flexible, responsive and resilient, in the overall performance and of each agent of the PFSC. Design/methodology/approach: Using a system dynamics model and design of experiments it is studied how the different structures and their combination, affect the behavior of inventory, transportation, responsiveness, efficiency, availability and quality-safety of the fresh fruits supply chain and each echelon. Findings: The studies of supply chains have been done for each structure in an independent way; investigations are scarce in supply chains of perishable foods. The structures modeled in this research do not show the better performance in all the metrics of the chain, neither in all agents for each structure. The above implies the presence of trade-offs. Research limitations/implications: The results show the need to investigate mixed structures with the FPSC´s own characteristics; the model can be applied in other supply chains of perishable foods. Practical implications: Management by combining structures in the FFSC, improves logistics performance and contributes to food security. Social implications: The agents of the FFSC can apply the structures found in this study, to improve their logistics performance and the food security. Originality/value: The dynamics of individual and combined structures were identified, which constitutes a contribution to the discussion in the literature of such problems for FFSC. The model includes six echelons: farmers, wholesalers, agro-industry, third-party logistics operators and retailers. The dynamic contemplates deterioration rate to model perishability and others losses.

Security system signal supervision

International Nuclear Information System (INIS)

Chritton, M.R.; Matter, J.C.

1991-09-01

This purpose of this NUREG is to present technical information that should be useful to NRC licensees for understanding and applying line supervision techniques to security communication links. A review of security communication links is followed by detailed discussions of link physical protection and DC/AC static supervision and dynamic supervision techniques. Material is also presented on security for atmospheric transmission and video line supervision. A glossary of security communication line supervision terms is appended. 16 figs

Operations Security (OPSEC) Guide

Science.gov (United States)

2011-04-01

Request for Proposal TAC Threat Analysis Center TECHINT Technical Intelligence TMAP Telecommunications Monitoring and Assessment Program TTP...communications security, use of secure telephones, and a robust Telecommunications Monitoring and Assessment Program ( TMAP ) prevents undetermined...and AFI 33-219, Telecommunications Monitoring and Assessment Program ( TMAP ), or Information Assurance (IA) or Communications Security (COMSEC

Security Enhancement of Knowledge-based User Authentication through Keystroke Dynamics

Directory of Open Access Journals (Sweden)

Roy Soumen

2016-01-01

Full Text Available Keystroke Dynamics is a behavioural biometrics characteristic in Biometric science, which solve the issues in user identification or verification. In Knowledge-based user authentication technique, we compromise with PIN or password which is unsafe due to different type of attacks. It is good to choose password with the combination of upper and lower case letter with some digits and symbols, but which is very hard to remember or generally we forget to distinguish those passwords for different access control systems. Our system not only takes the users’ entered texts but their typing style is also account for. In our experiment, we have not taken hard password type texts, we have chosen some daily used words where users are habituated and comfortable at typing and we obtained the consisting typing pattern. Different distance-based and data mining algorithms we have applied on collected typing pattern and obtained impressive results. As per our experiment, if we use keystroke dynamics in existing knowledge based user authentication system with minimum of five daily used common texts then it increases the security level up to 97.6% to 98.2% (if we remove some of the irrelevant feature sets.

Dynamic Assessment in School Psychology

Science.gov (United States)

Lidz, Carol S.

2009-01-01

Dynamic assessment (DA) is a generic term for a variety of procedures that embed intervention within the assessment itself. Typically administered in pretest-intervention-posttest format, DA procedures provide information about the response and responsiveness of the individual to intervention and generate ideas and evidence about potentially…

Flood Risk Assessment Based On Security Deficit Analysis

Science.gov (United States)

Beck, J.; Metzger, R.; Hingray, B.; Musy, A.

Risk is a human perception: a given risk may be considered as acceptable or unac- ceptable depending on the group that has to face that risk. Flood risk analysis of- ten estimates economic losses from damages, but neglects the question of accept- able/unacceptable risk. With input from land use managers, politicians and other stakeholders, risk assessment based on security deficit analysis determines objects with unacceptable risk and their degree of security deficit. Such a risk assessment methodology, initially developed by the Swiss federal authorities, is illustrated by its application on a reach of the Alzette River (Luxembourg) in the framework of the IRMA-SPONGE FRHYMAP project. Flood risk assessment always involves a flood hazard analysis, an exposed object vulnerability analysis, and an analysis combing the results of these two previous analyses. The flood hazard analysis was done with the quasi-2D hydraulic model FldPln to produce flood intensity maps. Flood intensity was determined by the water height and velocity. Object data for the vulnerability analysis, provided by the Luxembourg government, were classified according to their potential damage. Potential damage is expressed in terms of direct, human life and secondary losses. A thematic map was produced to show the object classification. Protection goals were then attributed to the object classes. Protection goals are assigned in terms of an acceptable flood intensity for a certain flood frequency. This is where input from land use managers and politicians comes into play. The perception of risk in the re- gion or country influences the protection goal assignment. Protection goals as used in Switzerland were used in this project. Thematic maps showing the protection goals of each object in the case study area for a given flood frequency were produced. Com- parison between an object's protection goal and the intensity of the flood that touched the object determine the acceptability of the risk and the

A DPSIR model for ecological security assessment through indicator screening: a case study at Dianchi Lake in China.

Directory of Open Access Journals (Sweden)

Zhen Wang

Full Text Available Given the important role of lake ecosystems in social and economic development, and the current severe environmental degradation in China, a systematic diagnosis of the ecological security of lakes is essential for sustainable development. A Driving-force, Pressure, Status, Impact, and Risk (DPSIR model, combined with data screening for lake ecological security assessment was developed to overcome the disadvantages of data selection in existing assessment methods. Correlation and principal component analysis were used to select independent and representative data. The DPSIR model was then applied to evaluate the ecological security of Dianchi Lake in China during 1988-2007 using an ecological security index. The results revealed a V-shaped trend. The application of the DPSIR model with data screening provided useful information regarding the status of the lake's ecosystem, while ensuring information efficiency and eliminating multicollinearity. The modeling approach described here is practical and operationally efficient, and provides an attractive alternative approach to assess the ecological security of lakes.

Cyber and Physical Security Vulnerability Assessment for IoT-Based Smart Homes.

Science.gov (United States)

Ali, Bako; Awad, Ali Ismail

2018-03-08

The Internet of Things (IoT) is an emerging paradigm focusing on the connection of devices, objects, or "things" to each other, to the Internet, and to users. IoT technology is anticipated to become an essential requirement in the development of smart homes, as it offers convenience and efficiency to home residents so that they can achieve better quality of life. Application of the IoT model to smart homes, by connecting objects to the Internet, poses new security and privacy challenges in terms of the confidentiality, authenticity, and integrity of the data sensed, collected, and exchanged by the IoT objects. These challenges make smart homes extremely vulnerable to different types of security attacks, resulting in IoT-based smart homes being insecure. Therefore, it is necessary to identify the possible security risks to develop a complete picture of the security status of smart homes. This article applies the operationally critical threat, asset, and vulnerability evaluation (OCTAVE) methodology, known as OCTAVE Allegro, to assess the security risks of smart homes. The OCTAVE Allegro method focuses on information assets and considers different information containers such as databases, physical papers, and humans. The key goals of this study are to highlight the various security vulnerabilities of IoT-based smart homes, to present the risks on home inhabitants, and to propose approaches to mitigating the identified risks. The research findings can be used as a foundation for improving the security requirements of IoT-based smart homes.

Quantitative Security Risk Assessment of Android Permissions and Applications

OpenAIRE

Wang , Yang; Zheng , Jun; Sun , Chen; Mukkamala , Srinivas

2013-01-01

Part 6: Mobile Computing; International audience; The booming of the Android platform in recent years has attracted the attention of malware developers. However, the permissions-based model used in Android system to prevent the spread of malware, has shown to be ineffective. In this paper, we propose DroidRisk, a framework for quantitative security risk assessment of both Android permissions and applications (apps) based on permission request patterns from benign apps and malware, which aims ...

LESSONS LEARNED FROM CYBER SECURITY ASSESSMENTS OF SCADA AND ENERGY MANAGEMENT SYSTEMS

Energy Technology Data Exchange (ETDEWEB)

Ray Fink

2006-10-01

The results from ten cyber security vulnerability assessments of process control, SCADA and energy management systems, or components of those systems were reviewed to identify common problem areas. The common vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. In each vulnerability category, relative measures were assigned to the severity of the vulnerability and ease with which an attacker could exploit the vulnerability. Suggested mitigations are identified in each category. Recommended mitigations having the highest impact on reducing vulnerability are listed for asset owners and system vendors.

Security of pipeline facilities

Energy Technology Data Exchange (ETDEWEB)

Lee, S.C. [Alberta Energy and Utilities Board, Calgary, AB (Canada); Van Egmond, C.; Duquette, L. [National Energy Board, Calgary, AB (Canada); Revie, W. [Canada Centre for Mineral and Energy Technology, Ottawa, ON (Canada)

2005-07-01

This working group provided an update on provincial, federal and industry directions regarding the security of pipeline facilities. The decision to include security issues in the NEB Act was discussed as well as the Pipeline Security Management Assessment Project, which was created to establish a better understanding of existing security management programs as well as to assist the NEB in the development and implementation of security management regulations and initiatives. Amendments to the NEB were also discussed. Areas of pipeline security management assessment include physical safety management; cyber and information security management; and personnel security. Security management regulations were discussed, as well as implementation policies. Details of the Enbridge Liquids Pipelines Security Plan were examined. It was noted that the plan incorporates flexibility for operations and is integrated with Emergency Response and Crisis Management. Asset characterization and vulnerability assessments were discussed, as well as security and terrorist threats. It was noted that corporate security threat assessment and auditing are based on threat information from the United States intelligence community. It was concluded that the oil and gas industry is a leader in security in North America. The Trans Alaska Pipeline Incident was discussed as a reminder of how costly accidents can be. Issues of concern for the future included geographic and climate issues. It was concluded that limited resources are an ongoing concern, and that the regulatory environment is becoming increasingly prescriptive. Other concerns included the threat of not taking international terrorism seriously, and open media reporting of vulnerability of critical assets, including maps. tabs., figs.

The Multimodal Assessment of Adult Attachment Security: Developing the Biometric Attachment Test.

Science.gov (United States)

Parra, Federico; Miljkovitch, Raphaële; Persiaux, Gwenaelle; Morales, Michelle; Scherer, Stefan

2017-04-06

Attachment theory has been proven essential for mental health, including psychopathology, development, and interpersonal relationships. Validated psychometric instruments to measure attachment abound but suffer from shortcomings common to traditional psychometrics. Recent developments in multimodal fusion and machine learning pave the way for new automated and objective psychometric instruments for adult attachment that combine psychophysiological, linguistic, and behavioral analyses in the assessment of the construct. The aim of this study was to present a new exposure-based, automatic, and objective adult-attachment assessment, the Biometric Attachment Test (BAT), which exposes participants to a short standardized set of visual and music stimuli, whereas their immediate reactions and verbal responses, captured by several computer sense modalities, are automatically analyzed for scoring and classification. We also aimed to empirically validate two of its assumptions: its capacity to measure attachment security and the viability of using themes as placeholders for rotating stimuli. A total of 59 French participants from the general population were assessed using the Adult Attachment Questionnaire (AAQ), the Adult Attachment Projective Picture System (AAP), and the Attachment Multiple Model Interview (AMMI) as ground truth for attachment security. They were then exposed to three different BAT stimuli sets, whereas their faces, voices, heart rate (HR), and electrodermal activity (EDA) were recorded. Psychophysiological features, such as skin-conductance response (SCR) and Bayevsky stress index; behavioral features, such as gaze and facial expressions; as well as linguistic and paralinguistic features, were automatically extracted. An exploratory analysis was conducted using correlation matrices to uncover the features that are most associated with attachment security. A confirmatory analysis was conducted by creating a single composite effects index and by testing it

Client-Focused Security Assessment of mHealth Apps and Recommended Practices to Prevent or Mitigate Transport Security Issues

Science.gov (United States)

Müthing, Jannis; Jäschke, Thomas

2017-01-01

Background Mobile health (mHealth) apps show a growing importance for patients and health care professionals. Apps in this category are diverse. Some display important information (ie, drug interactions), whereas others help patients to keep track of their health. However, insufficient transport security can lead to confidentiality issues for patients and medical professionals, as well as safety issues regarding data integrity. mHealth apps should therefore deploy intensified vigilance to protect their data and integrity. This paper analyzes the state of security in mHealth apps. Objective The objectives of this study were as follows: (1) identification of relevant transport issues in mHealth apps, (2) development of a platform for test purposes, and (3) recommendation of practices to mitigate them. Methods Security characteristics relevant to the transport security of mHealth apps were assessed, presented, and discussed. These characteristics were used in the development of a prototypical platform facilitating streamlined tests of apps. For the tests, six lists of the 10 most downloaded free apps from three countries and two stores were selected. As some apps were part of these top 10 lists in more than one country, 53 unique apps were tested. Results Out of the 53 apps tested from three European App Stores for Android and iOS, 21/53 (40%) showed critical results. All 21 apps failed to guarantee the integrity of data displayed. A total of 18 apps leaked private data or were observable in a way that compromised confidentiality between apps and their servers; 17 apps used unprotected connections; and two apps failed to validate certificates correctly. None of the apps tested utilized certificate pinning. Many apps employed analytics or ad providers, undermining user privacy. Conclusions The tests show that many mHealth apps do not apply sufficient transport security measures. The most common security issue was the use of any kind of unprotected connection. Some apps

L-Band Digital Aeronautical Communications System Engineering - Initial Safety and Security Risk Assessment and Mitigation

Science.gov (United States)

Zelkin, Natalie; Henriksen, Stephen

2011-01-01

This document is being provided as part of ITT's NASA Glenn Research Center Aerospace Communication Systems Technical Support (ACSTS) contract NNC05CA85C, Task 7: "New ATM Requirements--Future Communications, C-Band and L-Band Communications Standard Development." ITT has completed a safety hazard analysis providing a preliminary safety assessment for the proposed L-band (960 to 1164 MHz) terrestrial en route communications system. The assessment was performed following the guidelines outlined in the Federal Aviation Administration Safety Risk Management Guidance for System Acquisitions document. The safety analysis did not identify any hazards with an unacceptable risk, though a number of hazards with a medium risk were documented. This effort represents a preliminary safety hazard analysis and notes the triggers for risk reassessment. A detailed safety hazards analysis is recommended as a follow-on activity to assess particular components of the L-band communication system after the technology is chosen and system rollout timing is determined. The security risk analysis resulted in identifying main security threats to the proposed system as well as noting additional threats recommended for a future security analysis conducted at a later stage in the system development process. The document discusses various security controls, including those suggested in the COCR Version 2.0.

A review of cyber security risk assessment methods for SCADA systems

OpenAIRE

Cherdantseva, Yulia; Burnap, Peter; Blyth, Andrew; Eden, Peter; Jones, Kevin; Soulsby, Hugh; Stoddart, Kristan

2016-01-01

This paper reviews the state of the art in cyber security risk assessment of Supervisory Control and Data Acquisition (SCADA) systems. We select and in-detail examine twenty-four risk assessment methods developed for or applied in the context of a SCADA system. We describe the essence of the methods and then analyse them in terms of aim; application domain; the stages of risk management addressed; key risk management concepts covered; impact measurement; sources of probabilistic data; evaluat...

Leadership, Management, and Organization for National Security Space: Report to Congress of the Independent Assessment Panel on the Organization and Management of National Security Space

National Research Council Canada - National Science Library

Young, A. T; Anderson, Edward; Bien, Lyle; Fogleman, Ronald R; Hall, Keith; Lyles, Lester; Mark, Hans

2008-01-01

The Independent Assessment Panel (IAP) was chartered to review and assess the DoD management and organization of National Security in Space and make appropriate recommendations to strengthen the U.S. position...

Cyber and Physical Security Vulnerability Assessment for IoT-Based Smart Homes

Directory of Open Access Journals (Sweden)

Bako Ali

2018-03-01

Full Text Available The Internet of Things (IoT is an emerging paradigm focusing on the connection of devices, objects, or “things” to each other, to the Internet, and to users. IoT technology is anticipated to become an essential requirement in the development of smart homes, as it offers convenience and efficiency to home residents so that they can achieve better quality of life. Application of the IoT model to smart homes, by connecting objects to the Internet, poses new security and privacy challenges in terms of the confidentiality, authenticity, and integrity of the data sensed, collected, and exchanged by the IoT objects. These challenges make smart homes extremely vulnerable to different types of security attacks, resulting in IoT-based smart homes being insecure. Therefore, it is necessary to identify the possible security risks to develop a complete picture of the security status of smart homes. This article applies the operationally critical threat, asset, and vulnerability evaluation (OCTAVE methodology, known as OCTAVE Allegro, to assess the security risks of smart homes. The OCTAVE Allegro method focuses on information assets and considers different information containers such as databases, physical papers, and humans. The key goals of this study are to highlight the various security vulnerabilities of IoT-based smart homes, to present the risks on home inhabitants, and to propose approaches to mitigating the identified risks. The research findings can be used as a foundation for improving the security requirements of IoT-based smart homes.

Cyber and Physical Security Vulnerability Assessment for IoT-Based Smart Homes

Science.gov (United States)

2018-01-01

The Internet of Things (IoT) is an emerging paradigm focusing on the connection of devices, objects, or “things” to each other, to the Internet, and to users. IoT technology is anticipated to become an essential requirement in the development of smart homes, as it offers convenience and efficiency to home residents so that they can achieve better quality of life. Application of the IoT model to smart homes, by connecting objects to the Internet, poses new security and privacy challenges in terms of the confidentiality, authenticity, and integrity of the data sensed, collected, and exchanged by the IoT objects. These challenges make smart homes extremely vulnerable to different types of security attacks, resulting in IoT-based smart homes being insecure. Therefore, it is necessary to identify the possible security risks to develop a complete picture of the security status of smart homes. This article applies the operationally critical threat, asset, and vulnerability evaluation (OCTAVE) methodology, known as OCTAVE Allegro, to assess the security risks of smart homes. The OCTAVE Allegro method focuses on information assets and considers different information containers such as databases, physical papers, and humans. The key goals of this study are to highlight the various security vulnerabilities of IoT-based smart homes, to present the risks on home inhabitants, and to propose approaches to mitigating the identified risks. The research findings can be used as a foundation for improving the security requirements of IoT-based smart homes. PMID:29518023

Architecting security with Paradigm

NARCIS (Netherlands)

Andova, S.; Groenewegen, L.P.J.; Verschuren, J.H.S.; Vink, de E.P.; Lemos, de R.; Fabre, J.C.; Gacek, C.; Gadducci, F.; Beek, ter M.

2009-01-01

For large security systems a clear separation of concerns is achieved through architecting. Particularly the dynamic consistency between the architectural components should be addressed, in addition to individual component behaviour. In this paper, relevant dynamic consistency is specified through

Utilization of Integrated Assessment Modeling for determining geologic CO2 storage security

Science.gov (United States)

Pawar, R.

2017-12-01

Geologic storage of carbon dioxide (CO2) has been extensively studied as a potential technology to mitigate atmospheric concentration of CO2. Multiple international research & development efforts, large-scale demonstration and commercial projects are helping advance the technology. One of the critical areas of active investigation is prediction of long-term CO2 storage security and risks. A quantitative methodology for predicting a storage site's long-term performance is critical for making key decisions necessary for successful deployment of commercial scale projects where projects will require quantitative assessments of potential long-term liabilities. These predictions are challenging given that they require simulating CO2 and in-situ fluid movements as well as interactions through the primary storage reservoir, potential leakage pathways (such as wellbores, faults, etc.) and shallow resources such as groundwater aquifers. They need to take into account the inherent variability and uncertainties at geologic sites. This talk will provide an overview of an approach based on integrated assessment modeling (IAM) to predict long-term performance of a geologic storage site including, storage reservoir, potential leakage pathways and shallow groundwater aquifers. The approach utilizes reduced order models (ROMs) to capture the complex physical/chemical interactions resulting due to CO2 movement and interactions but are computationally extremely efficient. Applicability of the approach will be demonstrated through examples that are focused on key storage security questions such as what is the probability of leakage of CO2 from a storage reservoir? how does storage security vary for different geologic environments and operational conditions? how site parameter variability and uncertainties affect storage security, etc.

Fast Computation and Assessment Methods in Power System Analysis

Science.gov (United States)

Nagata, Masaki

Power system analysis is essential for efficient and reliable power system operation and control. Recently, online security assessment system has become of importance, as more efficient use of power networks is eagerly required. In this article, fast power system analysis techniques such as contingency screening, parallel processing and intelligent systems application are briefly surveyed from the view point of their application to online dynamic security assessment.

Climate Change and Water Security in South Africa; Assessing Conflict and Coping Strategies in KwaZulu-Natal

Science.gov (United States)

Hosea, P. O.

2017-12-01

The focus on the security implication of climate change was intensified after the 2007 United Nations Security Council debate on climate change as a threat multiplier. In the light of this, Africa is identified as the continent highly vulnerable to climate change impacts due to its high dependence on climate sensitive economy, high poverty prevalence rate, weak institutional coping capacity as well as poor social infrastructure. In the past decades, the peculiarity of South Africa vis-à-vis climate change vulnerability, especially water scarcity, has become an issue of political and economic concern. The country is water stressed due to its arid and semi-arid conditions. In light of this, the Council for Scientific and Industrial Research (CSIR) (2010) assert that while global temperature increased by 0.80C over the last century, the surface temperature around the Southern Africa region increased by 2.00C over the same period. This connotes that climate change and its impact is inevitable for the region. This will further exacerbate the already stress water resources within South Africa. Owing to Cilliers (2009) and the Council on Foreign Relations (2016) argument that most conflict in Africa are largely driven by resource competition which are masqueraded as issues based on politics, religion or ethnicity, this study investigates the propensity of conflict dynamics in relation to climate change and water security. Using eco-violence theory as a theoretical framework and on the premises of human security, the study assess the security implications triggered by the impact of climate change on water security of rural communities in uMkhanyakude District Municipality, KwaZulu-Natal, South Africa. It focused on the extent to which this might trigger conflict as a coping mechanism among rural dwellers to water insecurity in order to inform policy options. Data for the were sourced using a mixed method paradigm where 385 survey questionnaire were distributed using

A Cyber Security Risk Assessment of Hospital Infrastructure including TLS/SSL and other Threats

OpenAIRE

Millar, Stuart

2016-01-01

Cyber threats traditionally target governments, financial institutions and businesses. However, of growing concern is the threat to healthcare organizations. This study conducts a cyber security risk assessment of a theoretical hospital environment, to include TLS/SSL, which is an encryption protocol for network communications, plus other physical, logical and human threats. Despite significant budgets in the UK for the NHS, the spend on cyber security appears worryingly low and many hospital...

Substantiating the Target Level of Economic Security of Transport Enterprises and the Instrumentarium for Its Provision

Directory of Open Access Journals (Sweden)

Lebedko Sergiy A.

2017-10-01

Full Text Available The article is aimed at substantiating the methodology for assessing the economic security of transport enterprises, determining the target level and the instrumentarium for its provision. The proposed methodical approach to the assessment of the level of economic security of transport enterprises includes the determination of the level of counteracting threats and is based on the principles of integral estimation. The formed integrated indicator includes both indicators of counteracting the internal (human, managerial and technological, force majeure, financial and external threats (market, stakeholder, power-based, natural, infrastructural. Each measure of counteracting threats is determined by results of assessment of dynamics of the three indicators. A practical testing of the proposed approach is carried out in the case of transport enterprises. Based on the established equation of the regression relationship between the level of economic security and the financial strength, a target level of economic security of transport enterprises has been substantiated. The instrumentarium to provide a targeted level of economic security according to the threat types, including preventive and reactive measures, has been developed.

Security Risk Assessment in Software Development Projects

OpenAIRE

Svendsen, Heidi

2017-01-01

Software security is increasing in importance, linearly with vulnerabilities caused by software flaws. It is not possible to spend all the project s resources on software security. To spend the resources given to security in an effective way, one should know what is most important to protect. By performing a risk analysis the project know which vulnerabilities they face. A risk analysis will prioritise the vulnerabilities, and when the vulnerabilities are prioritised the project know where th...

Assessing the effect of marine reserves on household food security in Kenyan coral reef fishing communities.

Directory of Open Access Journals (Sweden)

Emily S Darling

Full Text Available Measuring the success or failure of natural resource management is a key challenge to evaluate the impact of conservation for ecological, economic and social outcomes. Marine reserves are a popular tool for managing coastal ecosystems and resources yet surprisingly few studies have quantified the social-economic impacts of marine reserves on food security despite the critical importance of this outcome for fisheries management in developing countries. Here, I conducted semi-structured household surveys with 113 women heads-of-households to investigate the influence of two old, well-enforced, no-take marine reserves on food security in four coastal fishing communities in Kenya, East Africa. Multi-model information-theoretic inference and matching methods found that marine reserves did not influence household food security, as measured by protein consumption, diet diversity and food coping strategies. Instead, food security was strongly influenced by fishing livelihoods and household wealth: fishing families and wealthier households were more food secure than non-fishing and poorer households. These findings highlight the importance of complex social and economic landscapes of livelihoods, urbanization, power and gender dynamics that can drive the outcomes of marine conservation and management.

Methods for Calculating Frequency of Maintenance of Complex Information Security System Based on Dynamics of Its Reliability

Science.gov (United States)

Varlataya, S. K.; Evdokimov, V. E.; Urzov, A. Y.

2017-11-01

This article describes a process of calculating a certain complex information security system (CISS) reliability using the example of the technospheric security management model as well as ability to determine the frequency of its maintenance using the system reliability parameter which allows one to assess man-made risks and to forecast natural and man-made emergencies. The relevance of this article is explained by the fact the CISS reliability is closely related to information security (IS) risks. Since reliability (or resiliency) is a probabilistic characteristic of the system showing the possibility of its failure (and as a consequence - threats to the protected information assets emergence), it is seen as a component of the overall IS risk in the system. As it is known, there is a certain acceptable level of IS risk assigned by experts for a particular information system; in case of reliability being a risk-forming factor maintaining an acceptable risk level should be carried out by the routine analysis of the condition of CISS and its elements and their timely service. The article presents a reliability parameter calculation for the CISS with a mixed type of element connection, a formula of the dynamics of such system reliability is written. The chart of CISS reliability change is a S-shaped curve which can be divided into 3 periods: almost invariable high level of reliability, uniform reliability reduction, almost invariable low level of reliability. Setting the minimum acceptable level of reliability, the graph (or formula) can be used to determine the period of time during which the system would meet requirements. Ideally, this period should not be longer than the first period of the graph. Thus, the proposed method of calculating the CISS maintenance frequency helps to solve a voluminous and critical task of the information assets risk management.

Development Of Dynamic Probabilistic Safety Assessment: The Accident Dynamic Simulator (ADS) Tool

International Nuclear Information System (INIS)

Chang, Y.H.; Mosleh, A.; Dang, V.N.

2003-01-01

The development of a dynamic methodology for Probabilistic Safety Assessment (PSA) addresses the complex interactions between the behaviour of technical systems and personnel response in the evolution of accident scenarios. This paper introduces the discrete dynamic event tree, a framework for dynamic PSA, and its implementation in the Accident Dynamic Simulator (ADS) tool. Dynamic event tree tools generate and quantify accident scenarios through coupled simulation models of the plant physical processes, its automatic systems, the equipment reliability, and the human response. The current research on the framework, the ADS tool, and on Human Reliability Analysis issues within dynamic PSA, is discussed. (author)

Development Of Dynamic Probabilistic Safety Assessment: The Accident Dynamic Simulator (ADS) Tool

Energy Technology Data Exchange (ETDEWEB)

Chang, Y.H.; Mosleh, A.; Dang, V.N

2003-03-01

The development of a dynamic methodology for Probabilistic Safety Assessment (PSA) addresses the complex interactions between the behaviour of technical systems and personnel response in the evolution of accident scenarios. This paper introduces the discrete dynamic event tree, a framework for dynamic PSA, and its implementation in the Accident Dynamic Simulator (ADS) tool. Dynamic event tree tools generate and quantify accident scenarios through coupled simulation models of the plant physical processes, its automatic systems, the equipment reliability, and the human response. The current research on the framework, the ADS tool, and on Human Reliability Analysis issues within dynamic PSA, is discussed. (author)

Client-Focused Security Assessment of mHealth Apps and Recommended Practices to Prevent or Mitigate Transport Security Issues.

Science.gov (United States)

Müthing, Jannis; Jäschke, Thomas; Friedrich, Christoph M

2017-10-18

Mobile health (mHealth) apps show a growing importance for patients and health care professionals. Apps in this category are diverse. Some display important information (ie, drug interactions), whereas others help patients to keep track of their health. However, insufficient transport security can lead to confidentiality issues for patients and medical professionals, as well as safety issues regarding data integrity. mHealth apps should therefore deploy intensified vigilance to protect their data and integrity. This paper analyzes the state of security in mHealth apps. The objectives of this study were as follows: (1) identification of relevant transport issues in mHealth apps, (2) development of a platform for test purposes, and (3) recommendation of practices to mitigate them. Security characteristics relevant to the transport security of mHealth apps were assessed, presented, and discussed. These characteristics were used in the development of a prototypical platform facilitating streamlined tests of apps. For the tests, six lists of the 10 most downloaded free apps from three countries and two stores were selected. As some apps were part of these top 10 lists in more than one country, 53 unique apps were tested. Out of the 53 apps tested from three European App Stores for Android and iOS, 21/53 (40%) showed critical results. All 21 apps failed to guarantee the integrity of data displayed. A total of 18 apps leaked private data or were observable in a way that compromised confidentiality between apps and their servers; 17 apps used unprotected connections; and two apps failed to validate certificates correctly. None of the apps tested utilized certificate pinning. Many apps employed analytics or ad providers, undermining user privacy. The tests show that many mHealth apps do not apply sufficient transport security measures. The most common security issue was the use of any kind of unprotected connection. Some apps used secure connections only for selected tasks

Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

OpenAIRE

Chockalingam, Sabarathinam; Hadziosmanovic, Dina; Pieters, Wolter; Teixeira, Andre; van Gelder, Pieter

2017-01-01

Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However, an overarching overview of these methods, systematizing the characteristics of such methods, is missing. In this paper, we conduct a systematic l...

A Feasibility Assessment of 6LoWPAN for Secure Communications in the U.S. Army

Science.gov (United States)

2016-06-01

bandwidth. 14. SUBJECT TERMS LoWPAN, 6LoWPAN, 802.15.4, energy , security, feasibility, wireless , networks, range, duration, wireless security...47 Figure 16. Total Energy Expended per Message for Various Data Rates and Transmission Powers...maximize transmission speeds and data throughput pay little concern to energy . This thesis presents a model that assesses 6LoWPAN in both a potential

On Consistency Test Method of Expert Opinion in Ecological Security Assessment.

Science.gov (United States)

Gong, Zaiwu; Wang, Lihong

2017-09-04

To reflect the initiative design and initiative of human security management and safety warning, ecological safety assessment is of great value. In the comprehensive evaluation of regional ecological security with the participation of experts, the expert's individual judgment level, ability and the consistency of the expert's overall opinion will have a very important influence on the evaluation result. This paper studies the consistency measure and consensus measure based on the multiplicative and additive consistency property of fuzzy preference relation (FPR). We firstly propose the optimization methods to obtain the optimal multiplicative consistent and additively consistent FPRs of individual and group judgments, respectively. Then, we put forward a consistency measure by computing the distance between the original individual judgment and the optimal individual estimation, along with a consensus measure by computing the distance between the original collective judgment and the optimal collective estimation. In the end, we make a case study on ecological security for five cities. Result shows that the optimal FPRs are helpful in measuring the consistency degree of individual judgment and the consensus degree of collective judgment.

BWS Open System Architecture Security Assessment

OpenAIRE

Cristian Ionita

2011-01-01

Business process management systems play a central role in supporting the business operations of medium and large organizations. Because of this the security characteristics of these systems are becoming very important. The present paper describes the BWS architecture used to implement the open process aware information system DocuMentor. Using the proposed platform, the article identifies the security characteristics of such systems, shows the correlation between these characteristics and th...

Use of risk assessment methods for security design and analysis of nuclear and radioactive facilities

International Nuclear Information System (INIS)

Vasconcelos, Vanderley de; Andrade, Marcos C.; Jordao, Elizabete

2011-01-01

The objective of this work is to evaluate the applicability of risk assessment methods for analyzing the physical protection of nuclear and radioactive facilities. One of the important processes for physical protection in nuclear and radioactive facilities is the identifying of areas containing nuclear materials, structures, systems or components to be protected from sabotage, which could directly or indirectly lead to unacceptable radiological consequences. A survey of the international guidelines and recommendations about vital area identification, design basis threat (DBT), and the security of nuclear and radioactive facilities was carried out. The traditional methods used for quantitative risk assessment, like FMEA (Failure Mode and Effect Analysis), Event and Decision Trees, Fault and Success Trees, Vulnerability Assessment, Monte Carlo Simulation, Probabilistic Safety Assessment, Scenario Analysis, and Game Theory, among others, are highlighted. The applicability of such techniques to security issues, their pros and cons, the general resources needed to implement them, as data or support software, are analyzed. Finally, an approach to security design and analysis, beginning with a qualitative and preliminary examination to determine the range of possible scenarios, outcomes, and the systems to be included in the analyses, and proceeding to a progressively use of more quantitative techniques is presented. (author)

Development Methodology of a Cyber Security Risk Analysis and Assessment Tool for Digital I and C Systems in Nuclear Power Plant

International Nuclear Information System (INIS)

Cha, K. H.; Lee, C. K.; Song, J. G.; Lee, Y. J.; Kim, J. Y.; Lee, J. W.; Lee, D. Y.

2011-01-01

With the use of digital computers and communication networks the hot issues on cyber security were raised about 10 years ago. The scope of cyber security application has now been extended from the safety Instrumentation and Control (I and C) system to safety important systems, plant security system, and emergency preparedness system. Therefore, cyber security should be assessed and managed systematically throughout the development life cycle of I and C systems in order for their digital assets to be protected from cyber attacks. Fig. 1 shows the concept of a cyber security risk management of digital I and C systems in nuclear power plants (NPPs). A lot of cyber security risk assessment methods, techniques, and supported tools have been developed for Information Technology (IT) systems, but they have not been utilized widely for cyber security risk assessments of the digital I and C systems in NPPs. The main reason is a difference in goals between IT systems and nuclear I and C systems. Confidentiality is important in IT systems, but availability and integrity are important in nuclear I and C systems. Last year, it was started to develop a software tool to be specialized for the development process of nuclear I and C systems. This paper presents a development methodology of the Cyber Security Risk analysis and Assessment Tool (CSRAT) for the digital I and C systems in NPP

Development Methodology of a Cyber Security Risk Analysis and Assessment Tool for Digital I and C Systems in Nuclear Power Plant

Energy Technology Data Exchange (ETDEWEB)

Cha, K. H.; Lee, C. K.; Song, J. G.; Lee, Y. J.; Kim, J. Y.; Lee, J. W.; Lee, D. Y. [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

2011-05-15

With the use of digital computers and communication networks the hot issues on cyber security were raised about 10 years ago. The scope of cyber security application has now been extended from the safety Instrumentation and Control (I and C) system to safety important systems, plant security system, and emergency preparedness system. Therefore, cyber security should be assessed and managed systematically throughout the development life cycle of I and C systems in order for their digital assets to be protected from cyber attacks. Fig. 1 shows the concept of a cyber security risk management of digital I and C systems in nuclear power plants (NPPs). A lot of cyber security risk assessment methods, techniques, and supported tools have been developed for Information Technology (IT) systems, but they have not been utilized widely for cyber security risk assessments of the digital I and C systems in NPPs. The main reason is a difference in goals between IT systems and nuclear I and C systems. Confidentiality is important in IT systems, but availability and integrity are important in nuclear I and C systems. Last year, it was started to develop a software tool to be specialized for the development process of nuclear I and C systems. This paper presents a development methodology of the Cyber Security Risk analysis and Assessment Tool (CSRAT) for the digital I and C systems in NPP

A Review of Cyber-Physical Energy System Security Assessment

DEFF Research Database (Denmark)

Rasmussen, Theis Bo; Yang, Guangya; Nielsen, Arne Hejde

2017-01-01

Increasing penetration of renewable energy resources (RES) and electrification of services by implementing distributed energy resources (DER) has caused a paradigm shift in the operation of the power system. The controllability of the power system is predicted to be shifted from the generation side...... to the consumption side. This transition entails that the future power system evolves into a complex cyber-physical energy system (CPES) with strong interactions between the power, communication and neighboring energy systems. Current power system security assessment methods are based on centralized computation...

Authentication and Data Security in ITS Telecommunications Solutions

Directory of Open Access Journals (Sweden)

Tomas Zelinka

2014-04-01

Full Text Available Paper presents telecommunications security issues with dynamically changing networking. Paper also presents performance indicators of authentication as an integral part of the approach to non-public information. Expected level of security depend on relevant ITS services requirements, different solutions require different levels of quality. Data volumes transferred both in private data vehicle on board networks as well as between vehicles and infrastructure or other vehicles significantly and progressively grow. This trend leads to increase of the fatal problems if security of the wide area networks is not relevantly treated. Relevant communications security treatment becomes crucial part of the ITS telecommunications solution because probability of hazards appearances grow if vehicles networks are integrated in the dynamically organized wide area networks. Besides of available "off shelf" security tools solution based on non-public universal identifier with dynamical extension and data selection according to actor role or category is presented including performances indicators for the authentication process.

Value of standard personality assessments in informing clinical decision - making in a medium secure unit.

Science.gov (United States)

Duggan, Conor; Mason, Lauren; Banerjee, Penny; Milton, John

2007-05-01

Assessing those with personality disorder for treatment in secure settings is known to be unsatisfactory. To examine the utility of a standardised assessment of offenders with personality disorder referred for treatment in secure care in a naturalistic study. A consecutive series of 89 men were assessed with a battery of four recommended instruments measuring personality and risk. Decisions on whether or not to admit were based on a multidisciplinary discussion informed by these assessments. Of the 89 comprehensively assessed referrals, 60 (67%) were offered admission. High scores on the Psychopathy Checklist-Revised (especially on Factor 1) was the only measure that was associated with rejection. Of 44 patients discharged, 29 (66%) failed to complete treatment; none of the pre-admission assessments distinguished ;completers' from ;non-completers'. Although skills were acquired on the unit, follow-up of 24 men in the community showed that this had only a marginal effect on re-offending rate (58%). Current recommended assessment methods appear unsatisfactory in identifying those who either (a) complete treatment or (b) benefit from treatment. Our results throw doubt on their value.

Environmental and climate security: improving scenario methodologies for science and risk assessment

Science.gov (United States)

Briggs, C. M.; Carlsen, H.

2010-12-01

Governments and popular discussions have increasingly referred to concepts of ‘climate security’, often with reference to IPCC data. Development of effective methodologies to translate complex, scientific data into risk assessments has lagged, resulting in overly simplistic political assumptions of potential impacts. Climate security scenarios have been developed for use by security and military agencies, but effective engagement by scientific communities requires an improved framework. Effective use of data requires improvement both of climate projections, and the mapping of cascading impacts across interlinked, complex systems. In this research we propose a process for systematic generation of subsets of scenarios (of arbitrary size) from a given set of variables with possible interlinkages. The variables could include climatic changes as well as other global changes of concerns in a security context. In coping with possible challenges associated with the nexus of climate change and security - where deep structural uncertainty and possible irreversible changes are of primary interest - it is important to explore the outer limits of the relevant uncertainties. Therefore the proposed process includes a novel method that will help scenario developers in generating scenario sets where the scenarios are in a quantifiable sense maximally different and therefore best ‘span’ the whole set of scenarios. When downscaled onto a regional level, this process can provide guidance to potentially significant and abrupt geophysical changes, where high uncertainty has often prevented communication of risks. Potential physical changes can then be used as starting points for mapping cascading effects across networks, including topological analysis to identify critically vulnerable nodes and fragile systems, the existence of positive or negative feedback loops, and possible intervention points. Advanced knowledge of both potential geo-physical shifts and related non

Assessment of deep dynamic mechanical sensitivity in individuals with tension-type headache: The dynamic pressure algometry.

Science.gov (United States)

Palacios-Ceña, M; Wang, K; Castaldo, M; Guerrero-Peral, Á; Caminero, A B; Fernández-de-Las-Peñas, C; Arendt-Nielsen, L

2017-09-01

To explore the validity of dynamic pressure algometry for evaluating deep dynamic mechanical sensitivity by assessing its association with headache features and widespread pressure sensitivity in tension-type headache (TTH). One hundred and eighty-eight subjects with TTH (70% women) participated. Deep dynamic sensitivity was assessed with a dynamic pressure algometry set (Aalborg University, Denmark © ) consisting of 11 different rollers including fixed levels from 500 g to 5300 g. Each roller was moved at a speed of 0.5 cm/s over a 60-mm horizontal line covering the temporalis muscle. Dynamic pain threshold (DPT-level of the first painful roller) was determined and pain intensity during DPT was rated on a numerical pain rate scale (NPRS, 0-10). Headache clinical features were collected on a headache diary. As gold standard, static pressure pain thresholds (PPT) were assessed over temporalis, C5/C6 joint, second metacarpal, and tibialis anterior muscle. Side-to-side consistency between DPT (r = 0.843, p  r > 0.656, all p headaches supporting that deep dynamic pressure sensitivity within the trigeminal area is consistent with widespread pressure sensitivity. Assessing deep static and dynamic somatic tissue pain sensitivity may provide new opportunities for differentiated diagnostics and possibly a new tool for assessing treatment effects. The current study found that dynamic pressure algometry in the temporalis muscle was associated with widespread pressure pain sensitivity in individuals with tension-type headache. The association was independent of the frequency of headaches. Assessing deep static and dynamic somatic tissue pain sensitivity may provide new opportunities for differentiated diagnostics and possibly a tool for assessing treatment effects. © 2017 European Pain Federation - EFIC®.

DOT Cyber Security Assessment Management -

Data.gov (United States)

Department of Transportation — This data set contains information about the security and compliance status of FISMA systems within the Department. The information contains detailed descriptions of...

Assessing national nutrition security: The UK reliance on imports to meet population energy and nutrient recommendations.

Science.gov (United States)

Macdiarmid, Jennie I; Clark, Heather; Whybrow, Stephen; de Ruiter, Henri; McNeill, Geraldine

2018-01-01

Nutrition security describes the adequacy of the food supply to meet not only energy but also macronutrient and micronutrient requirements for the population. The aim of this study was to develop a method to assess trends in national nutrition security and the contribution of imports to nutrition security, using the UK as a case study. Food supply data from FAO food balance sheets and national food composition tables were used to estimate the nutrient content of domestically produced food, imported food and exported food. Nutrition security was defined as the total nutrient supply (domestic production, minus exports, plus imports) to meet population-level nutrient requirements. The results showed that the UK was nutrition secure over the period 1961-2011 for energy, macronutrients and key micronutrients, with the exception of total carbohydrates and fibre, which may be due to the loss of fibre incurred by processing cereals into refined products. The supply of protein exceeded population requirements and could be met with domestic production alone. Even excluding all meat there was sufficient protein for population requirements. The supply of total fat, saturated fat and sugar considerably exceeded the current dietary recommendation. As regards nutrition security in 2010, the UK was reliant on imported foods to meet energy, fibre, total carbohydrate, iron, zinc and vitamin A requirements. This analysis demonstrates the importance of including nutrients other than energy to determine the adequacy of the food supply. The methodology also provides an alternative perspective on food security and self-sufficiency by assessing the dependency on imports to meet population level nutritional requirements.

Reliability, compliance, and security in web-based course assessments

Directory of Open Access Journals (Sweden)

Scott Bonham

2008-04-01

Full Text Available Pre- and postcourse assessment has become a very important tool for education research in physics and other areas. The web offers an attractive alternative to in-class paper administration, but concerns about web-based administration include reliability due to changes in medium, student compliance rates, and test security, both question leakage and utilization of web resources. An investigation was carried out in introductory astronomy courses comparing pre- and postcourse administration of assessments using the web and on paper. Overall no difference was seen in performance due to the medium. Compliance rates fluctuated greatly, and factors that seemed to produce higher rates are identified. Notably, email reminders increased compliance by 20%. Most of the 559 students complied with requests to not copy, print, or save questions nor use web resources; about 1% did copy some question text and around 2% frequently used other windows or applications while completing the assessment.

Concept for Energy Security Matrix

International Nuclear Information System (INIS)

Kisel, Einari; Hamburg, Arvi; Härm, Mihkel; Leppiman, Ando; Ots, Märt

2016-01-01

The following paper presents a discussion of short- and long-term energy security assessment methods and indicators. The aim of the current paper is to describe diversity of approaches to energy security, to structure energy security indicators used by different institutions and papers, and to discuss several indicators that also play important role in the design of energy policy of a state. Based on this analysis the paper presents a novel Energy Security Matrix that structures relevant energy security indicators from the aspects of Technical Resilience and Vulnerability, Economic Dependence and Political Affectability for electricity, heat and transport fuel sectors. Earlier publications by different authors have presented energy security assessment methodologies that use publicly available indicators from different databases. Current paper challenges viability of some of these indicators and introduces new indicators that would deliver stronger energy security policy assessments. Energy Security Matrix and its indicators are based on experiences that the authors have gathered as high-level energy policymakers in Estonia, where all different aspects of energy security can be observed. - Highlights: •Energy security should be analysed in technical, economic and political terms; •Energy Security Matrix provides a framework for energy security analyses; •Applicability of Matrix is limited due to the lack of statistical data and sensitivity of output.

A Secure, Scalable and Elastic Autonomic Computing Systems Paradigm: Supporting Dynamic Adaptation of Self-* Services from an Autonomic Cloud

Directory of Open Access Journals (Sweden)

Abdul Jaleel

2018-05-01

Full Text Available Autonomic computing embeds self-management features in software systems using external feedback control loops, i.e., autonomic managers. In existing models of autonomic computing, adaptive behaviors are defined at the design time, autonomic managers are statically configured, and the running system has a fixed set of self-* capabilities. An autonomic computing design should accommodate autonomic capability growth by allowing the dynamic configuration of self-* services, but this causes security and integrity issues. A secure, scalable and elastic autonomic computing system (SSE-ACS paradigm is proposed to address the runtime inclusion of autonomic managers, ensuring secure communication between autonomic managers and managed resources. Applying the SSE-ACS concept, a layered approach for the dynamic adaptation of self-* services is presented with an online ‘Autonomic_Cloud’ working as the middleware between Autonomic Managers (offering the self-* services and Autonomic Computing System (requiring the self-* services. A stock trading and forecasting system is used for simulation purposes. The security impact of the SSE-ACS paradigm is verified by testing possible attack cases over the autonomic computing system with single and multiple autonomic managers running on the same and different machines. The common vulnerability scoring system (CVSS metric shows a decrease in the vulnerability severity score from high (8.8 for existing ACS to low (3.9 for SSE-ACS. Autonomic managers are introduced into the system at runtime from the Autonomic_Cloud to test the scalability and elasticity. With elastic AMs, the system optimizes the Central Processing Unit (CPU share resulting in an improved execution time for business logic. For computing systems requiring the continuous support of self-management services, the proposed system achieves a significant improvement in security, scalability, elasticity, autonomic efficiency, and issue resolving time

On Issue of Algorithm Forming for Assessing Investment Attractiveness of Region Through Its Technospheric Security

Science.gov (United States)

Filimonova, L. A.; Skvortsova, N. K.

2017-11-01

The article examines the problematic aspects of assessing the investment attractiveness of a region associated with the consideration of methodological issues that require refinement from the point of view of its technospheric security. Such issues include the formation of a sound system of indicators for the assessment of man-made risk which has a particular impact on the level of investment attractiveness of the region. In the context of the instability of the economic situation in Russia, the problem of man-made risks assessing in the context of the regional investment attractiveness based on an integrated approach and taking into account such principles as flexibility, adaptability, innovative orientation has not only lost its relevance but was also transformed into one of the most important conditions for ensuring the effective management of all spheres of the regional activities. The article poses the classical problem of making decisions on the results of the assessment of the investment attractiveness of the region in a matrix format evaluating the utility function. The authors of the article recommended a universal risk assessment model with its subsequent synthesis into technospheric security for the comprehensive assessment of regional investment attractiveness. The principal distinguishing feature of the study results are the schemes for manipulation in the evaluation activity associated with the selection of the optimality criteria groups and models for their study. These iterations make it possible to substantiate the choice of the solution for preserving the technospheric security of the region, a field of compromises or an “ideal” solution to the problem of the regional investment attractiveness loss.

Nigeria; Publication of Financial Sector Assessment Program Documentation––Detailed Assessment of Implementation of IOSCO Objectives and Principles of Securities Regulation

OpenAIRE

International Monetary Fund

2013-01-01

An assessment of the level of implementation of the International Organization of Securities Commissions (IOSCO) Principles in Nigeria was conducted as part of the International Monetary Fund (IMF)-World Bank Financial Sector Assessment Program (FSAP). The ongoing global financial crisis has reinforced the need for assessors to make a judgment about supervisory practices and to determine whether they are sufficiently effective. The assessment methodology provides a set of assessment criteria ...

System Health Monitoring Using a Novel Method: Security Unified Process

Directory of Open Access Journals (Sweden)

Alireza Shameli-Sendi

2012-01-01

and change management, and project management. The dynamic dimension, or phases, contains inception, analysis and design, construction, and monitoring. Risk assessment is a major part of the ISMS process. In SUP, we present a risk assessment model, which uses a fuzzy expert system to assess risks in organization. Since, the classification of assets is an important aspect of risk management and ensures that effective protection occurs, a Security Cube is proposed to identify organization assets as an asset classification model. The proposed model leads us to have an offline system health monitoring tool that is really a critical need in any organization.

Assessment Analysis and Forecasting for Security Early Warning of Energy Consumption Carbon Emissions in Hebei Province, China

Directory of Open Access Journals (Sweden)

Yi Liang

2017-03-01

Full Text Available Against the backdrop of increasingly serious global climate change and the development of the low-carbon economy, the coordination between energy consumption carbon emissions (ECCE and regional population, resources, environment, economy and society has become an important subject. In this paper, the research focuses on the security early warning of ECCE in Hebei Province, China. First, an assessment index system of the security early warning of ECCE is constructed based on the pressure-state-response (P-S-R model. Then, the variance method and linearity weighted method are used to calculate the security early warning index of ECCE. From the two dimensions of time series and spatial pattern, the security early warning conditions of ECCE are analyzed in depth. Finally, with the assessment analysis of the data from 2000 to 2014, the prediction of the security early warning of carbon emissions from 2015 to 2020 is given, using a back propagation neural network based on a kidney-inspired algorithm (KA-BPNN model. The results indicate that: (1 from 2000 to 2014, the security comprehensive index of ECCE demonstrates a fluctuating upward trend in general and the trend of the alarm level is “Severe warning”–“Moderate warning”–“Slight warning”; (2 there is a big spatial difference in the security of ECCE, with relatively high-security alarm level in the north while it is relatively low in the other areas; (3 the security index shows the trend of continuing improvement from 2015 to 2020, however the security level will remain in the state of “Semi-secure” for a long time and the corresponding alarm is still in the state of “Slight warning”, reflecting that the situation is still not optimistic.

Fewer can be More: Nuclear Safety and Security Culture Self-Assessment in the Hungarian Public Ltd. for Radioactive Waste Management

International Nuclear Information System (INIS)

Horváth, K.; Solymosi, M.; Vass, G.

2016-01-01

The Hungarian regulator and operators show strong commitment towards robust nuclear safety and security culture. The paper discusses the evolution and the basis of the regulation of Hungarian safety and security culture. Because of security considerations nuclear safety incidents have always received and for sure will receive more publicity than malicious acts. That is probably the main reason behind that mostly nuclear safety incidents influence the common beliefs. This kind of primacy is noticeable as well in regulations and also in practice. Although there is a strong connection nuclear safety and security culture, their relationship has not been researched for a long time. The paper also presents an already achieved, combined nuclear safety and security culture survey type assessment. Survey is a well known type of organizational culture self assessment. The applied methods, relationship between these two cultures and of course some difficulties of the process are summarized. The presented method is appropriate to combine different guidance and characteristics to measure different attitude in a single survey. The method in practice is shown through the nuclear safety and security culture assessment conducted at Hungarian Public Ltd. Of Radioactive Waste Management. (author)

Information Analysis Methodology for Border Security Deployment Prioritization and Post Deployment Evaluation

International Nuclear Information System (INIS)

Booker, Paul M.; Maple, Scott A.

2010-01-01

Due to international commerce, cross-border conflicts, and corruption, a holistic, information driven, approach to border security is required to best understand how resources should be applied to affect sustainable improvements in border security. The ability to transport goods and people by land, sea, and air across international borders with relative ease for legitimate commercial purposes creates a challenging environment to detect illicit smuggling activities that destabilize national level border security. Smuggling activities operated for profit or smuggling operations driven by cross border conflicts where militant or terrorist organizations facilitate the transport of materials and or extremists to advance a cause add complexity to smuggling interdiction efforts. Border security efforts are further hampered when corruption thwarts interdiction efforts or reduces the effectiveness of technology deployed to enhance border security. These issues necessitate the implementation of a holistic approach to border security that leverages all available data. Large amounts of information found in hundreds of thousands of documents can be compiled to assess national or regional borders to identify variables that influence border security. Location data associated with border topics of interest may be extracted and plotted to better characterize the current border security environment for a given country or region. This baseline assessment enables further analysis, but also documents the initial state of border security that can be used to evaluate progress after border security improvements are made. Then, border security threats are prioritized via a systems analysis approach. Mitigation factors to address risks can be developed and evaluated against inhibiting factor such as corruption. This holistic approach to border security helps address the dynamic smuggling interdiction environment where illicit activities divert to a new location that provides less resistance

Food security assessment in the coastal area of Demak Regency

Science.gov (United States)

Harini, R.; Handayani, H. N.; Ramdani, F. R.

2018-04-01

Food security is an issue of national and global level. Food is a basic human need to live. Without food will threaten human life. This research was conducted in coastal area of Demak Regency. This research is to understand the potential of human resources, natural resources and assess the level of food security of coastal communities. The data used are primary data through interviews with the local community. Also used Secondary data from government agencies. Data analysis used qualitative and quantitative descriptive methods through graphs, tables and maps. The results showed that potential of human resources in Demak coastal area (Wedung, Purworejo, and Sidogemah villages) is low. It can be indicated from education level of respondents in Demak are elementary school and junior high school. Beside, total households income are about 2-4 million. This study found that the households sampled are 90% is food insecured households. The most of households in Demak coastal area are about 90% households include on insecurity food category.

Secure Java For Web Application Development

CERN Document Server

Bhargav, Abhay

2010-01-01

As the Internet has evolved, so have the various vulnerabilities, which largely stem from the fact that developers are unaware of the importance of a robust application security program. This book aims to educate readers on application security and building secure web applications using the new Java Platform. The text details a secure web application development process from the risk assessment phase to the proof of concept phase. The authors detail such concepts as application risk assessment, secure SDLC, security compliance requirements, web application vulnerabilities and threats, security

Assessing energy supply security: Outage costs in private households

International Nuclear Information System (INIS)

Praktiknjo, Aaron J.; Hähnel, Alexander; Erdmann, Georg

2011-01-01

The objective of this paper is to contribute to the topic of energy supply security by proposing a Monte Carlo-based and a survey based model to analyze the costs of power interruptions. Outage cost estimations are particularly important when deciding on investments to improve supply security (e.g. additional transmission lines) in order to compare costs to benefits. But also other policy decisions on measures that have direct or indirect consequences for the supply security (e.g. a phasing out of nuclear energy) need to be based on results from outage cost estimations. The main focus of this paper lies with residential consumers, but the model is applied to commercial, industrial and governmental consumers as well. There are limited studies that have approached the problem of evaluating outage cost. When comparing the results of these studies, they often display a high degree of diversification. As consumers have different needs and dependencies towards the supply of electricity because of varying circumstances and preferences, a great diversity in outage cost is a logical consequence. To take the high degree of uncertainties into account, a Monte Carlo simulation was conducted in this study for the case of private households in Germany. - Highlights: ► A macroeconomic model to assess outage cost is proposed. ► Possibilities for substitution are considered by analyzing individual preferences for the time-use. ► Uncertainties are taken into account by using a Monte Carlo simulation. ► This study reveals the distribution of outage costs to different electricity consumers. ► Implications for energy policy decisions are discussed.

A 3S Risk ?3SR? Assessment Approach for Nuclear Power: Safety Security and Safeguards.

Energy Technology Data Exchange (ETDEWEB)

Forrest, Robert; Reinhardt, Jason Christian; Wheeler, Timothy A.; Williams, Adam David

2017-11-01

Safety-focused risk analysis and assessment approaches struggle to adequately include malicious, deliberate acts against the nuclear power industry's fissile and waste material, infrastructure, and facilities. Further, existing methods do not adequately address non- proliferation issues. Treating safety, security, and safeguards concerns independently is inefficient because, at best, it may not take explicit advantage of measures that provide benefits against multiple risk domains, and, at worst, it may lead to implementations that increase overall risk due to incompatibilities. What is needed is an integrated safety, security and safeguards risk (or "3SR") framework for describing and assessing nuclear power risks that can enable direct trade-offs and interactions in order to inform risk management processes -- a potential paradigm shift in risk analysis and management. These proceedings of the Sandia ePRA Workshop (held August 22-23, 2017) are an attempt to begin the discussions and deliberations to extend and augment safety focused risk assessment approaches to include security concerns and begin moving towards a 3S Risk approach. Safeguards concerns were not included in this initial workshop and are left to future efforts. This workshop focused on four themes in order to begin building out a the safety and security portions of the 3S Risk toolkit: 1. Historical Approaches and Tools 2. Current Challenges 3. Modern Approaches 4. Paths Forward and Next Steps This report is organized along the four areas described above, and concludes with a summary of key points. 2 Contact: rforres@sandia.gov; +1 (925) 294-2728

Evaluation methodology based on physical security assessment results: a utility theory approach

International Nuclear Information System (INIS)

Bennett, H.A.; Olascoaga, M.T.

1978-03-01

This report describes an evaluation methodology which aggregates physical security assessment results for nuclear facilities into an overall measure of adequacy. This methodology utilizes utility theory and conforms to a hierarchical structure developed by the NRC. Implementation of the methodology is illustrated by several examples. Recommendations for improvements in the evaluation process are given

The contemporary dynamics of Sino-Indian relations: Examining maritime security, economics, energy and elite dialogue

Science.gov (United States)

Athwal, Amardeep

This dissertation examines the modern-day dynamics of the Sino-Indian relationship---with a particular focus on issues relating to maritime security, economics, energy and elite bilateral dialogue. In exploring the contemporary nature of the Sino-Indian relationship, the dissertation also seeks to assess the accuracy of predominant neorealist accounts of the Sino-Indian relationship. Since the 1962 Sino-Indian War, most analysts have continued to emphasize the conflictual and competitive elements within the Sino-Indian relationship. The dissertation first explores the crucial post-independence history of Sino-Indian relations to provide the appropriate contextual background (chapter one). Thereafter, the dissertation explores the geopolitical significance of the Indian Ocean in light of soaring (global) energy demands. This then leads into an analysis of China and India's naval modernization and China's strategic partnership with Pakistan and Myanmar (chapter two). While acknowledging the credibility of neorealist insights in the realm of maritime security by detailing China and India's naval buildup and naval strategy, overall, it is found that the security dilemma argument is overstated. There is both a lack of threat perception and the existence of alternate explanations for both Chinese and Indian activities in Southern Asia. The dissertation then moves on to explore the positive elements within the Sino-Indian relationship---growing economic interdependence, energy convergence and elite consensus. In the economic realm (chapter three) it is found that Sino-Indian bilateral trade is increasingly being framed institutionally and rapidly expanding every year. The areas where the Sino-Indian economic relationship could be fruitfully expanded are traced and the great potential of bilateral trade is discussed. Thereafter, the dissertation highlights how China and India are beginning to coordinate energy policy (chapter four) as well as the growing political will

Bioinspired Security Analysis of Wireless Protocols

DEFF Research Database (Denmark)

Petrocchi, Marinella; Spognardi, Angelo; Santi, Paolo

2016-01-01

work, this paper investigates feasibility of adopting fraglets as model for specifying security protocols and analysing their properties. In particular, we give concrete sample analyses over a secure RFID protocol, showing evolution of the protocol run as chemical dynamics and simulating an adversary...

Information Security Assessment of SMEs as Coursework -- Learning Information Security Management by Doing

Science.gov (United States)

Ilvonen, Ilona

2013-01-01

Information security management is an area with a lot of theoretical models. The models are designed to guide practitioners in prioritizing management resources in companies. Information security management education should address the gap between the academic ideals and practice. This paper introduces a teaching method that has been in use as…

Maternal secure-base scripts and children's attachment security in an adopted sample.

Science.gov (United States)

Veríssimo, Manuela; Salvaterra, Fernanda

2006-09-01

Studies of families with adopted children are of special interest to attachment theorists because they afford opportunities to probe assumptions of attachment theory with regard to the developmental timing of interactions necessary to form primary attachments and also with regard to effects of shared genes on child attachment quality. In Bowlby's model, attachment-relevant behaviors and interactions are observable from the moment of birth, but for adoptive families, these interactions cannot begin until the child enters the family, sometimes several months or even years post-partum. Furthermore, because adoptive parents and adopted children do not usually share genes by common descent, any correspondence between attachment representations of the parent and secure base behavior of the child must arise as a consequence of dyadic interaction histories. The objectives of this study were to evaluate whether the child's age at the time of adoption or at the time of attachment assessment predicted child attachment security in adoptive families and also whether the adoptive mother's internal attachment representation predicted the child's attachment security. The participants were 106 mother - child dyads selected from the 406 adoptions carried out through the Lisbon Department of Adoption Services over a period of 3 years. The Attachment Behavior Q-Set (AQS; Waters, 1995) was used to assess secure base behavior and an attachment script representation task was used to assess the maternal attachment representations. Neither child's age at the time of adoption, nor age of the child at assessment significantly predicted the AQS security score; however, scores reflecting the presence and quality of maternal secure base scripts did predict AQS security. These findings support the notion that the transmission of attachment security across generations involves mutual exchanges and learning by the child and that the exchanges leading to secure attachment need not begin at birth

Security Management Model in Cloud Computing Environment

OpenAIRE

Ahmadpanah, Seyed Hossein

2016-01-01

In the cloud computing environment, cloud virtual machine (VM) will be more and more the number of virtual machine security and management faced giant Challenge. In order to address security issues cloud computing virtualization environment, this paper presents a virtual machine based on efficient and dynamic deployment VM security management model state migration and scheduling, study of which virtual machine security architecture, based on AHP (Analytic Hierarchy Process) virtual machine de...

EMI Security Architecture

CERN Document Server

White, J.; Schuller, B.; Qiang, W.; Groep, D.; Koeroo, O.; Salle, M.; Sustr, Z.; Kouril, D.; Millar, P.; Benedyczak, K.; Ceccanti, A.; Leinen, S.; Tschopp, V.; Fuhrmann, P.; Heyman, E.; Konstantinov, A.

2013-01-01

This document describes the various architectures of the three middlewares that comprise the EMI software stack. It also outlines the common efforts in the security area that allow interoperability between these middlewares. The assessment of the EMI Security presented in this document was performed internally by members of the Security Area of the EMI project.

The RAppArmor Package: Enforcing Security Policies in R Using Dynamic Sandboxing on Linux

Directory of Open Access Journals (Sweden)

Jeroen Ooms

2013-11-01

Full Text Available The increasing availability of cloud computing and scientific super computers brings great potential for making R accessible through public or shared resources. This allows us to efficiently run code requiring lots of cycles and memory, or embed R functionality into, e.g., systems and web services. However some important security concerns need to be addressed before this can be put in production. The prime use case in the design of R has always been a single statistician running R on the local machine through the interactive console. Therefore the execution environment of R is entirely unrestricted, which could result in malicious behavior or excessive use of hardware resources in a shared environment. Properly securing an R process turns out to be a complex problem. We describe various approaches and illustrate potential issues using some of our personal experiences in hosting public web services. Finally we introduce the RAppArmor package: a Linux based reference implementation for dynamic sandboxing in R on the level of the operating system.

Uncertainty-embedded dynamic life cycle sustainability assessment framework: An ex-ante perspective on the impacts of alternative vehicle options

International Nuclear Information System (INIS)

Onat, Nuri Cihat; Kucukvar, Murat; Tatari, Omer

2016-01-01

Alternative vehicle technologies have a great potential to minimize the transportation-related environmental impacts, reduce the reliance of the U.S. on imported petroleum, and increase energy security. However, they introduce new uncertainties related to their environmental, economic, and social impacts and certain challenges for widespread adoption. In this study, a novel method, uncertainty-embedded dynamic life cycle sustainability assessment framework, is developed to address both methodological challenges and uncertainties in transportation sustainability research. The proposed approach provides a more comprehensive, system-based sustainability assessment framework by capturing the dynamic relations among the parameters within the U.S. transportation system as a whole with respect to its environmental, social, and economic impacts. Using multivariate uncertainty analysis, likelihood of the impact reduction potentials of different vehicle types, as well as the behavioral limits of the sustainability potentials of each vehicle type are analyzed. Seven sustainability impact categories are dynamically quantified for four different vehicle types (internal combustion, hybrid, plug-in hybrid, and battery electric vehicles) from 2015 to 2050. Although impacts of electric vehicles have the largest uncertainty, they are expected (90% confidence) to be the best alternative in long-term for reducing human health impacts and air pollution from transportation. While results based on deterministic (average) values indicate that electric vehicles have greater potential of reducing greenhouse gas emissions, plug-in hybrid vehicles have the largest potential according to the results with 90% confidence interval. - Highlights: • Uncertainty-embedded dynamic sustainability assessment framework, is developed. • Methodological challenges and uncertainties are addressed. • Seven impact categories are quantified for four different vehicle types.

Security Assessment of Payment Systems under PCI DSS Incompatibilities

OpenAIRE

Bahtiyar , Şerif; Gür , Gürkan; Altay , Levent

2014-01-01

Part 9: Malicious Behavior and Fraud; International audience; With the ubiquitous proliferation of electronic payment systems, data and application security has become more critical for financial operations. The Payment Card Industry Data Security Standard (PCI DSS) has been developed by the payment industry to provide a widely-applicable and definitive security compliance among all components in electronic payment infrastructure. However, the security impact of PCI DSS incompatibilities and ...

Assessing and managing security risk in IT systems a structured methodology

CERN Document Server

McCumber, John

2004-01-01

SECURITY CONCEPTSUsing ModelsIntroduction: Understanding, Selecting, and Applying Models Understanding AssetsLayered Security Using Models in Security Security Models for Information Systems Shortcomings of Models in SecuritySecurity in Context Reference Defining Information SecurityConfidentiality, Integrity, and Availability Information AttributesIntrinsic versus Imputed Value Information as an Asset The Elements of Security Security Is Security Only in Context Information as an Asset Introduction Determining Value Managing Information Resources ReferencesUnderstanding Threat and Its Relatio

Optimization of airport security process

Science.gov (United States)

Wei, Jianan

2017-05-01

In order to facilitate passenger travel, on the basis of ensuring public safety, the airport security process and scheduling to optimize. The stochastic Petri net is used to simulate the single channel security process, draw the reachable graph, construct the homogeneous Markov chain to realize the performance analysis of the security process network, and find the bottleneck to limit the passenger throughput. Curve changes in the flow of passengers to open a security channel for the initial state. When the passenger arrives at a rate that exceeds the processing capacity of the security channel, it is queued. The passenger reaches the acceptable threshold of the queuing time as the time to open or close the next channel, simulate the number of dynamic security channel scheduling to reduce the passenger queuing time.

Dynamical Analysis, Synchronization, Circuit Design, and Secure Communication of a Novel Hyperchaotic System

Directory of Open Access Journals (Sweden)

Li Xiong

2017-01-01

Full Text Available This paper is devoted to introduce a novel fourth-order hyperchaotic system. The hyperchaotic system is constructed by adding a linear feedback control level based on a modified Lorenz-like chaotic circuit with reduced number of amplifiers. The local dynamical entities, such as the basic dynamical behavior, the divergence, the eigenvalue, and the Lyapunov exponents of the new hyperchaotic system, are all investigated analytically and numerically. Then, an active control method is derived to achieve global chaotic synchronization of the novel hyperchaotic system through making the synchronization error system asymptotically stable at the origin based on Lyapunov stability theory. Next, the proposed novel hyperchaotic system is applied to construct another new hyperchaotic system with circuit deformation and design a new hyperchaotic secure communication circuit. Furthermore, the implementation of two novel electronic circuits of the proposed hyperchaotic systems is presented, examined, and realized using physical components. A good qualitative agreement is shown between the simulations and the experimental results around 500 kHz and below 1 MHz.

Factors of Formation of the tax Potential of the Securities Market

Directory of Open Access Journals (Sweden)

Gumenniy Anatoliy A.

2014-02-01

, namely – attraction of free money funds of the population. The prospect of further studies is development of methods of assessment of influence of each of the factors upon dynamics of the tax potential of the securities market.

Vehicular ad hoc network security and privacy

CERN Document Server

Lin, X

2015-01-01

Unlike any other book in this area, this book provides innovative solutions to security issues, making this book a must read for anyone working with or studying security measures. Vehicular Ad Hoc Network Security and Privacy mainly focuses on security and privacy issues related to vehicular communication systems. It begins with a comprehensive introduction to vehicular ad hoc network and its unique security threats and privacy concerns and then illustrates how to address those challenges in highly dynamic and large size wireless network environments from multiple perspectives. This book is richly illustrated with detailed designs and results for approaching security and privacy threats.

The Dynamic VPN Controller. Secure Information Sharing in a Coalition Environment

Science.gov (United States)

2005-03-01

coalitionName=" COALA "> <Security>Class A</Security> <Site siteName="SITE1"> <Remote> <Hostname>dvc.site1.com</Hostname> <IPAddress...34 COALA "> <Security>Class A</Security> <Site siteName="SITE1"> <Remote> <Hostname>dvc.site1.com</Hostname> <IPAddress>10.1.1.1

Computer security incident response team effectiveness : A needs assessment

NARCIS (Netherlands)

Kleij, R. van der; Kleinhuis, G.; Young, H.J.

2017-01-01

Computer security incident response teams (CSIRTs) respond to a computer security incident when the need arises. Failure of these teams can have far-reaching effects for the economy and national security. CSIRTs often have to work on an ad-hoc basis, in close cooperation with other teams, and in

Layered Location-Based Security Mechanism for Mobile Sensor Networks: Moving Security Areas

Directory of Open Access Journals (Sweden)

Ze Wang

2015-09-01

Full Text Available Network security is one of the most important issues in mobile sensor networks (MSNs. Networks are particularly vulnerable in hostile environments because of many factors, such as uncertain mobility, limitations on computation, and the need for storage in mobile nodes. Though some location-based security mechanisms can resist some malicious attacks, they are only suitable for static networks and may sometimes require large amounts of storage. To solve these problems, using location information, which is one of the most important properties in outdoor wireless networks, a security mechanism called a moving security area (MSA is proposed to resist malicious attacks by using mobile nodes’ dynamic location-based keys. The security mechanism is layered by performing different detection schemes inside or outside the MSA. The location-based private keys will be updated only at the appropriate moments, considering the balance of cost and security performance. By transferring parts of the detection tasks from ordinary nodes to the sink node, the memory requirements are distributed to different entities to save limited energy.

Layered Location-Based Security Mechanism for Mobile Sensor Networks: Moving Security Areas.

Science.gov (United States)

Wang, Ze; Zhang, Haijuan; Wu, Luqiang; Zhou, Chang

2015-09-25

Network security is one of the most important issues in mobile sensor networks (MSNs). Networks are particularly vulnerable in hostile environments because of many factors, such as uncertain mobility, limitations on computation, and the need for storage in mobile nodes. Though some location-based security mechanisms can resist some malicious attacks, they are only suitable for static networks and may sometimes require large amounts of storage. To solve these problems, using location information, which is one of the most important properties in outdoor wireless networks, a security mechanism called a moving security area (MSA) is proposed to resist malicious attacks by using mobile nodes' dynamic location-based keys. The security mechanism is layered by performing different detection schemes inside or outside the MSA. The location-based private keys will be updated only at the appropriate moments, considering the balance of cost and security performance. By transferring parts of the detection tasks from ordinary nodes to the sink node, the memory requirements are distributed to different entities to save limited energy.

The Underbelly of Global Security

DEFF Research Database (Denmark)

Mynster Christensen, Maya

2015-01-01

-militias, facilitated by a British security company and the Sierra Leone government. In doing so, the article contributes to the ongoing scholarly debate on the privatization of security by offering a “local” ethnographically informed perspective on the micro-dynamics of “global” security. It is argued that the supply......In the aftermath of the Sierra Leone civil war, demobilized militia soldiers have become an attractive resource to private security companies. Based on extensive ethnographic fieldwork, this article traces the outsourcing of security at American military bases in Iraq to Sierra Leonean ex...... of global security depends on a form of local immobility: on a population that is “stuck”, yet constantly on the move to seize opportunities for survival and recognition. Structured by a chronological account of the recruitment, deployment, and deportation of Sierra Leonean ex-militias, the article...

Evaluation of surface water dynamics for water-food security in seasonal wetlands, north-central Namibia

Directory of Open Access Journals (Sweden)

T. Hiyama

2014-09-01

Full Text Available Agricultural use of wetlands is important for food security in various regions. However, land-use changes in wetland areas could alter the water cycle and the ecosystem. To conserve the water environments of wetlands, care is needed when introducing new cropping systems. This study is the first attempt to evaluate the water dynamics in the case of the introduction of rice-millet mixed-cropping systems to the Cuvelai system seasonal wetlands (CSSWs in north-central Namibia. We first investigated seasonal changes in surface water coverage by using satellite remote sensing data. We also assessed the effect of the introduction of rice-millet mixed-cropping systems on evapotranspiration in the CSSWs region. For the former investigation, we used MODIS and AMSR-E satellite remote sensing data. These data showed that at the beginning of the wet season, surface water appears from the southern (lower part and then expands to the northern (higher part of the CSSWs. For the latter investigation, we used data obtained by the classical Bowen ratio-energy balance (BREB method at an experimental field site established in September 2012 on the Ogongo campus, University of Namibia. This analysis showed the importance of water and vegetation conditions when introducing mixed-cropping to the region.

Dynamic Assessment, Potential Giftedness and Mathematics Achievement in Elementary School

Science.gov (United States)

Popa, Nicoleta Laura; Pauc, Ramona Loredana

2015-01-01

Dynamic assessment is currently discussed in educational literature as one of the most promising practices in stimulating learning among various groups of students, including gifted and potentially gifted students. The present study investigates effects of dynamic assessment on mathematics achievement among elementary school students, with…

Security systems engineering overview

Science.gov (United States)

Steele, Basil J.

1997-01-01

Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at 70 billion dollars in direct costs and up to 300 billion dollars in indirect costs. Health insurance fraud alone is estimated to cost American businesses 100 billion dollars. Theft, warranty fraud, and counterfeiting of computer hardware totaled 3 billion dollars in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies; industrial espionage detection and prevention; security barrier technology.

Development of a security vulnerability assessment process for the RAMCAP chemical sector.

Science.gov (United States)

Moore, David A; Fuller, Brad; Hazzan, Michael; Jones, J William

2007-04-11

sector. This method was developed through the cooperation of the many organizations and the individuals involved from the chemical sector RAMCAP development activities. The RAMCAP SVA method is intended to provide a common basis for making vulnerability assessments and risk-based decisions for homeland security. Mr. Moore serves as the coordinator for the chemical manufacturing, petroleum refining, and LNG sectors for the RAMCAP project and Dr. Jones is the chief technology officer for ASME-ITI, LLC for RAMCAP.

Development of a security vulnerability assessment process for the RAMCAP chemical sector

International Nuclear Information System (INIS)

Moore, David A.; Fuller, Brad; Hazzan, Michael; Jones, J. William

2007-01-01

sector. This method was developed through the cooperation of the many organizations and the individuals involved from the chemical sector RAMCAP development activities. The RAMCAP SVA method is intended to provide a common basis for making vulnerability assessments and risk-based decisions for homeland security. Mr. Moore serves as the coordinator for the chemical manufacturing, petroleum refining, and LNG sectors for the RAMCAP project and Dr. Jones is the chief technology officer for ASME-ITI, LLC for RAMCAP

Challenges and opportunities for more integrated regional food security policy in the Caribbean Community

Directory of Open Access Journals (Sweden)

Kristen Lowitt

2016-01-01

Full Text Available The Caribbean Community (CARICOM has recognized regional integration as an important development strategy for addressing the unique vulnerabilities of its member small island developing states (SIDS. Food security in the Caribbean is a fundamental social and ecological challenge in which the dynamics of regional integration are increasingly playing out. CARICOM members have subsequently identified a number of shared food security problems and have endorsed regional goals and approaches to address them; however, progress towards solutions has been slow. Recognizing that evidence-based studies on the potential factors limiting sustained progress are lacking, we undertook a comparative policy analysis to understand better the various approaches and framings of food security at national and regional levels with a view to assessing coherence. We identify considerable divergence in how regional and local policy institutions frame and approach food security problems in CARICOM and then identify ways through which the policy integration objectives for enhanced regional food security might be progressed, with a particular focus on social learning.

Cyber Security as Social Experiment

NARCIS (Netherlands)

Pieters, Wolter; Hadziosmanovic, D.; Dechesne, Francien

2014-01-01

Lessons from previous experiences are often overlooked when deploying security-sensitive technology in the real world. At the same time, security assessments often suffer from a lack of real-world data. This appears similar to general problems in technology assessment, where knowledge about

Scenario-neutral Food Security Risk Assessment: A livestock Heat Stress Case Study

Science.gov (United States)

Broman, D.; Rajagopalan, B.; Hopson, T. M.

2015-12-01

Food security risk assessments can provide decision-makers with actionable information to identify critical system limitations, and alternatives to mitigate the impacts of future conditions. The majority of current risk assessments have been scenario-led and results are limited by the scenarios - selected future states of the world's climate system and socioeconomic factors. A generic scenario-neutral framework for food security risk assessments is presented here that uses plausible states of the world without initially assigning likelihoods. Measures of system vulnerabilities are identified and system risk is assessed for these states. This framework has benefited greatly by research in the water and natural resource fields to adapt their planning to provide better risk assessments. To illustrate the utility of this framework we develop a case study using livestock heat stress risk within the pastoral system of West Africa. Heat stress can have a major impact not only on livestock owners, but on the greater food production system, decreasing livestock growth, milk production, and reproduction, and in severe cases, death. A heat stress index calculated from daily weather is used as a vulnerability measure and is computed from historic daily weather data at several locations in the study region. To generate plausible states, a stochastic weather generator is developed to generate synthetic weather sequences at each location, consistent with the seasonal climate. A spatial model of monthly and seasonal heat stress provide projections of current and future livestock heat stress measures across the study region, and can incorporate in seasonal climate and other external covariates. These models, when linked with empirical thresholds of heat stress risk for specific breeds offer decision-makers with actionable information for use in near-term warning systems as well as for future planning. Future assessment can indicate under which states livestock are at greatest risk

Multilevel classification of security concerns in cloud computing

Directory of Open Access Journals (Sweden)

Syed Asad Hussain

2017-01-01

Full Text Available Threats jeopardize some basic security requirements in a cloud. These threats generally constitute privacy breach, data leakage and unauthorized data access at different cloud layers. This paper presents a novel multilevel classification model of different security attacks across different cloud services at each layer. It also identifies attack types and risk levels associated with different cloud services at these layers. The risks are ranked as low, medium and high. The intensity of these risk levels depends upon the position of cloud layers. The attacks get more severe for lower layers where infrastructure and platform are involved. The intensity of these risk levels is also associated with security requirements of data encryption, multi-tenancy, data privacy, authentication and authorization for different cloud services. The multilevel classification model leads to the provision of dynamic security contract for each cloud layer that dynamically decides about security requirements for cloud consumer and provider.

ASLan++ — A Formal Security Specification Language for Distributed Systems

DEFF Research Database (Denmark)

Von Oheimb, David; Mödersheim, Sebastian Alexander

2010-01-01

This paper introduces ASLan++, the AVANTSSAR Specification Language. ASLan++ has been designed for formally specifying dynamically composed security-sensitive web services and service-oriented architectures, their associated security policies, as well as their security properties, at both communi...

An integrated assessment of climate change, air pollution, and energy security policy

International Nuclear Information System (INIS)

Bollen, Johannes; Hers, Sebastiaan; Van der Zwaan, Bob

2010-01-01

This article presents an integrated assessment of climate change, air pollution, and energy security policy. Basis of our analysis is the MERGE model, designed to study the interaction between the global economy, energy use, and the impacts of climate change. For our purposes we expanded MERGE with expressions that quantify damages incurred to regional economies as a result of air pollution and lack of energy security. One of the main findings of our cost-benefit analysis is that energy security policy alone does not decrease the use of oil: global oil consumption is only delayed by several decades and oil reserves are still practically depleted before the end of the 21st century. If, on the other hand, energy security policy is integrated with optimal climate change and air pollution policy, the world's oil reserves will not be depleted, at least not before our modeling horizon well into the 22nd century: total cumulative demand for oil decreases by about 24%. More generally, we demonstrate that there are multiple other benefits of combining climate change, air pollution, and energy security policies and exploiting the possible synergies between them. These benefits can be large: for Europe the achievable CO 2 emission abatement and oil consumption reduction levels are significantly deeper for integrated policy than when a strategy is adopted in which one of the three policies is omitted. Integrated optimal energy policy can reduce the number of premature deaths from air pollution by about 14,000 annually in Europe and over 3 million per year globally, by lowering the chronic exposure to ambient particulate matter. Only the optimal strategy combining the three types of energy policy can constrain the global average atmospheric temperature increase to a limit of 3 C with respect to the pre-industrial level. (author)

Assessing the Effectiveness of Alternative Community-Led Security ...

International Development Research Centre (IDRC) Digital Library (Canada)

While many believe the state has a monopoly on the legitimate use of force, realities on the ground challenge this assertion, particularly in conflict and ... It will document alternative sources of governance, security, and justice that urban communities apply when state security forces are weak, unresponsive, or abusive.

Web security a whitehat perspective

CERN Document Server

Wu, Hanqing

2015-01-01

MY VIEW OF THE SECURITY WORLDView of the IT Security WorldBrief History of Web SecurityBrief History of Chinese HackersDevelopment Process of Hacking TechniquesRise of Web SecurityBlack Hat, White HatBack to Nature: The Essence of Secret SecuritySuperstition: There Is No Silver BulletSecurity Is an Ongoing ProcessSecurity ElementsHow to Implement Safety AssessmentAsset ClassificationThreat AnalysisRisk AnalysisDesign of Security ProgramsArt of War of White HatPrinciples of Secure by DefaultBlacklist, WhitelistPrinciple of Least PrivilegePrinciple of Defense in DepthPrinciples of Data and Code

Psychosocial aspects of nuclear developments: Psychiatric assessments of 100 prospective security inspectors for a nuclear establishment

International Nuclear Information System (INIS)

McKenney, J.R.

1984-01-01

This presentation has a dual purpose; (1) to encourage studies on psychosocial aspects of nuclear developments; and (2) to report conclusions made by the author during the course of more than 100 recent psychiatric assessments of applicants for security inspector positions at a nuclear establishment. An appreciable proportion of the applicants had prior military or police tactical experience. One conclusion involves the judgment of the applicants in handling a challenging security situation. Without additional training, personality structure as opposed to general knowledge, experience or intelligence may be the dominant factor in determining the use of an appropriate, nonviolent response in a security situation. A second conclusion involves the degree to which the applicants were uninformed about radiation

49 CFR 1522.121 - Security threat assessments for personnel of TSA-approved validation firms.

Science.gov (United States)

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security threat assessments for personnel of TSA... FOR ALL MODES OF TRANSPORTATION TSA-APPROVED VALIDATION FIRMS AND VALIDATORS TSA-Approved Validation... for personnel of TSA-approved validation firms. Each of the following must successfully complete a...

A critical assessment of the different approaches aimed to secure electricity generation supply

Energy Technology Data Exchange (ETDEWEB)

Batlle, C.; Rodilla, P. [Technological Research Institute, Pontifical University of Comillas, Sta. Cruz de Marcenado 26, 28015 Madrid (Spain)

2010-11-15

Since the very beginning of the power systems reform process, one of the key questions posed has been whether the market, of its own accord, is able to provide satisfactory security of supply at the power generation level or if some additional regulatory mechanism needs to be introduced, and in the latter case, which is the most suitable approach to tackle the problem. This matter is undoubtedly gaining importance and it has taken a key role in the energy regulators' agendas. In this paper, we critically review and categorize the different approaches regulators can opt for to deal with the problem of guaranteeing (or at least enhancing) security of supply in a market-oriented environment. We analyze the most relevant regulatory design elements throughout an updated assessment of the broad range of international experiences, highlighting the lessons we have learned so far in a variety of contexts. Based on the analysis, we conclude by providing a set of principles and criteria that should be considered by the regulator when designing a security of supply mechanism. (author)

A critical assessment of the different approaches aimed to secure electricity generation supply

International Nuclear Information System (INIS)

Batlle, C.; Rodilla, P.

2010-01-01

Since the very beginning of the power systems reform process, one of the key questions posed has been whether the market, of its own accord, is able to provide satisfactory security of supply at the power generation level or if some additional regulatory mechanism needs to be introduced, and in the latter case, which is the most suitable approach to tackle the problem. This matter is undoubtedly gaining importance and it has taken a key role in the energy regulators' agendas. In this paper, we critically review and categorize the different approaches regulators can opt for to deal with the problem of guaranteeing (or at least enhancing) security of supply in a market-oriented environment. We analyze the most relevant regulatory design elements throughout an updated assessment of the broad range of international experiences, highlighting the lessons we have learned so far in a variety of contexts. Based on the analysis, we conclude by providing a set of principles and criteria that should be considered by the regulator when designing a security of supply mechanism.

An Information Security Control Assessment Methodology for Organizations

Science.gov (United States)

Otero, Angel R.

2014-01-01

In an era where use and dependence of information systems is significantly high, the threat of incidents related to information security that could jeopardize the information held by organizations is more and more serious. Alarming facts within the literature point to inadequacies in information security practices, particularly the evaluation of…

Secure Hashing of Dynamic Hand Signatures Using Wavelet-Fourier Compression with BioPhasor Mixing and Discretization

Directory of Open Access Journals (Sweden)

Wai Kuan Yip

2007-01-01

Full Text Available We introduce a novel method for secure computation of biometric hash on dynamic hand signatures using BioPhasor mixing and discretization. The use of BioPhasor as the mixing process provides a one-way transformation that precludes exact recovery of the biometric vector from compromised hashes and stolen tokens. In addition, our user-specific discretization acts both as an error correction step as well as a real-to-binary space converter. We also propose a new method of extracting compressed representation of dynamic hand signatures using discrete wavelet transform (DWT and discrete fourier transform (DFT. Without the conventional use of dynamic time warping, the proposed method avoids storage of user's hand signature template. This is an important consideration for protecting the privacy of the biometric owner. Our results show that the proposed method could produce stable and distinguishable bit strings with equal error rates (EERs of and for random and skilled forgeries for stolen token (worst case scenario, and for both forgeries in the genuine token (optimal scenario.

Towards Information Security Metrics Framework for Cloud Computing

OpenAIRE

Muhammad Imran Tariq

2012-01-01

Cloud computing has recently emerged as new computing paradigm which basically aims to provide customized, reliable, dynamic services over the internet.  Cost and security are influential issues to deploy cloud computing in large enterprise.  Privacy and security are very important issues in terms of user trust and legal compliance. Information Security (IS) metrics are best tool used to measure the efficiency, performance, effectiveness and impact of the security constraints. It is very hard...

Secure base script and psychological dysfunction in Japanese young adults in the 21st century: Using the Attachment Script Assessment.

Science.gov (United States)

Umemura, Tomotaka; Watanabe, Manami; Tazuke, Kohei; Asada-Hirano, Shintaro; Kudo, Shimpei

2018-05-01

The universality of secure base construct, which suggests that one's use of an attachment figure as a secure base from which to explore the environment is an evolutionary outcome, is one of the core ideas of attachment theory. However, this universality idea has been critiqued because exploration is not as valued in Japanese culture as it is in Western cultures. Waters and Waters (2006) hypothesized that one's experiences of secure base behaviors are stored as a script in memory, and developed a narrative assessment called the Attachment Script Assessment (ASA) to evaluate one's secure base script. This study examined the validity of the ASA and the utility of secure base concept in Japanese culture. A sample of Japanese young adults (N = 89; M = 23.46; SD = 3.20; 57% = females) completed both the ASA and self-report questionnaires. The results revealed that the ASA score was associated with two dimensions of self-report questionnaires assessing parent-youth attachment relationships (trust and communication). The ASA score was not related to Japanese cultural values (amae acceptance, interdependent self-construal, and low independent self-construal). However, a low ASA score was related to a psychological dysfunction in the Japanese cultural context; hikikomori symptoms, which are defined as a desire to remain in his or her own room and his or her understanding of this behavior in other people. We concluded that since hikikomori can be interpreted as an extreme inhibition of exploration, the association between low secure base script and hikikomori symptoms suggests the utility of secure base construct in Japan. (PsycINFO Database Record (c) 2018 APA, all rights reserved).

A Security Audit Framework to Manage Information System Security

Science.gov (United States)

Pereira, Teresa; Santos, Henrique

The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

Automated security management

CERN Document Server

Al-Shaer, Ehab; Xie, Geoffrey

2013-01-01

In this contributed volume, leading international researchers explore configuration modeling and checking, vulnerability and risk assessment, configuration analysis, and diagnostics and discovery. The authors equip readers to understand automated security management systems and techniques that increase overall network assurability and usability. These constantly changing networks defend against cyber attacks by integrating hundreds of security devices such as firewalls, IPSec gateways, IDS/IPS, authentication servers, authorization/RBAC servers, and crypto systems. Automated Security Managemen

Architecture and Assessment: Privacy Preserving Biometrically Secured Electronic Documents

Science.gov (United States)

2015-01-01

very large public and private fingerprint databases comprehensive risk analysis and system security contribution to developing international ...Safety and Security Program which is led by Defence Research and Development Canada’s Centre for Security Science, in partnership with Public Safety...201 © Sa Majesté la Reine (en droit du Canada), telle que représentée par le ministre de la Défense nationale, 201 Science and Engineering

Water security, risk, and economic growth: Insights from a dynamical systems model

Science.gov (United States)

Dadson, Simon; Hall, Jim W.; Garrick, Dustin; Sadoff, Claudia; Grey, David; Whittington, Dale

2017-08-01

Investments in the physical infrastructure, human capital, and institutions needed for water resources management have been noteworthy in the development of most civilizations. These investments affect the economy in two distinct ways: (i) by improving the factor productivity of water in multiple economic sectors, especially those that are water intensive such as agriculture and energy and (ii) by reducing acute and chronic harmful effects of water-related hazards like floods, droughts, and water-related diseases. The need for capital investment to mitigate risks and promote economic growth is widely acknowledged, but prior conceptual work on the relationship between water-related investments and economic growth has focused on the productive and harmful roles of water in the economy independently. Here the two influences are combined using a simple, dynamical systems model of water-related investment, risk, and growth. In cases where initial water security is low, initial investment in water-related assets enables growth. Without such investment, losses due to water-related hazards exert a drag on economic growth and may create a poverty trap. The presence and location of the poverty trap is context-specific and depends on the exposure of productive water-related assets to water-related risk. Exogenous changes in water-related risk can potentially push an economy away from a growth path toward a poverty trap. Our investigation shows that an inverted-U-shaped investment relation between the level of investment in water security and the current level of water security leads to faster rates of growth than the alternatives that we consider here, and that this relation is responsible for the "S"-curve that is posited in the literature. These results illustrate the importance of accounting for environmental and health risks in economic models and offer insights for the design of robust policies for investment in water-related productive assets to manage risk, in the face

A Multi-Actor Dynamic Integrated Assessment Model (MADIAM)

OpenAIRE

Weber, Michael

2004-01-01

The interactions between climate and the socio-economic system are investigated with a Multi-Actor Dynamic Integrated Assessment Model (MADIAM) obtained by coupling a nonlinear impulse response model of the climate sub-system (NICCS) to a multi-actor dynamic economic model (MADEM). The main goal is to initiate a model development that is able to treat the dynamics of the coupled climate socio-economic system, including endogenous technological change, in a non-equilibrium situation, thereby o...

The complexity of an investment competition dynamical model with imperfect information in a security market

International Nuclear Information System (INIS)

Xin Baogui; Ma Junhai; Gao Qin

2009-01-01

We present a nonlinear discrete dynamical model of investment competition with imperfect information for N heterogeneous oligopolists in a security market. In this paper, our focus is on a given three-dimensional model which exhibits highly rich dynamical behaviors. Based on Wen's Hopf bifurcation criterion [Wen GL. Criterion to identify Hopf bifurcations in maps of arbitrary dimension. Phys Rev E 2005;72:026201-3; Wen GL, Xu DL, Han X. On creation of Hopf bifurcations in discrete-time nonlinear systems. Chaos 2002;12(2):350-5] and Kuznetsov's normal form theory [Kuznetsov YA. Elements of applied bifurcation theory. New York: Springer-Verlag; 1998. p. 125-37], we study the model's stability, criterion and direction of Neimark-Sacker bifurcation. Moreover, we numerically simulate a complexity evolution route: fixed point, closed invariant curve, double closed invariant curves, fourfold closed invariant curves, strange attractor, period-3 closed invariant curve, period-3 2-tours, period-4 closed invariant curve, period-4 2-tours.

Dynamic Analytics-Driven Assessment of Vulnerabilities and Exploitation

Science.gov (United States)

2016-07-15

scans and other observations such as network traffic capture, to assess the severity of a vulnerability in terms of its specific impact to a 3...straightforward proposition. There are literally hundreds, if not thousands, of security tools and information technology systems that generate data useful for...during the data modeling process, a common taxonomy or data dictionary for the data elements of interest should be established. The data

Surviving security how to integrate people, process, and technology

CERN Document Server

Andress, Amanda

2003-01-01

WHY DO I NEED SECURITY? Introduction The Importance of an Effective Security Infrastructure People, Process, and Technology What Are You Protecting Against? Types of Attacks Types of Attackers Security as a Competitive Advantage Choosing a Solution Finding Security Employees The Layered Approach UNDERSTANDING REQUIREMENTS AND RISK What Is Risk? Embracing Risk Information Security Risk Assessment Assessing Risk Insurance SECURITY POLICIES AND PROCEDURES Internal Focus Is Key Security Awareness and Education Policy Life Cycle Developing Policies Components of a Security Policy Sample Security Po

75 FR 28046 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-002...

Science.gov (United States)

2010-05-19

... security, law enforcement, immigration, intelligence, or other functions consistent with the routine uses... transportation operators, flight students, and others, where appropriate, for services related to security threat.... Enforce safety- and security-related regulations and requirements; 3. Assess and distribute intelligence...

Audit Characteristics for Information System Security

OpenAIRE

Marius POPA; Mihai DOINEA

2007-01-01

The paper presents the main aspects regarding the development of the information security and assurance of their security. The information systems, standards and audit processes definitions are offered. There are presented the most important security standards used in information system security assessment

The potential impact of multidimesional geriatric assessment in the social security system.

Science.gov (United States)

Corbi, Graziamaria; Ambrosino, Immacolata; Massari, Marco; De Lucia, Onofrio; Simplicio, Sirio; Dragone, Michele; Paolisso, Giuseppe; Piccioni, Massimo; Ferrara, Nicola; Campobasso, Carlo Pietro

2018-01-12

To evaluate the efficacy of multidimensional geriatric assessment (MGA/CGA) in patients over 65 years old in predicting the release of the accompaniment allowance (AA) indemnity by a Local Medico-Legal Committee (MLC-NHS) and by the National Institute of Social Security Committee (MLC-INPS). In a longitudinal observational study, 200 Italian elder citizens requesting AA were first evaluated by MLC-NHS and later by MLC-INPS. Only MLC-INPS performed a MGA/CGA (including SPMSQ, Barthel Index, GDS-SF, and CIRS). This report was written according to the STROBE guidelines. The data analysis was performed on January 2016. The evaluation by the MLC-NHS and by the MLC-INPS was in agreement in 66% of cases. In the 28%, the AA benefit was recognized by the MLC-NHS, but not by the MLC-INPS. By the multivariate analysis, the best predictors of the AA release, by the MLC-NHS, were represented by gender and the Barthel Index score. The presence of carcinoma, the Barthel Index score, and the SPMQ score were the best predictors for the AA release by MLC-INPS. MGA/CGA could be useful in saving financial resources reducing the risk of incorrect indemnity release. It can improve the accuracy of the impairment assessment in social security system.

Impact of Security Awareness Programs on End-User Security Behavior: A Quantitative Study of Federal Workers

Science.gov (United States)

Smith, Gwendolynn T.

2012-01-01

The increasing dependence on technology presented more vulnerability to security breaches of information and the need to assess security awareness levels in federal organizations, as well as other organizations. Increased headlines of security breaches of federal employees' security actions prompted this study. The research study reviewed the…

On the Road to Holistic Decision Making in Adaptive Security

Directory of Open Access Journals (Sweden)

Mahsa Emami-Taba

2013-08-01

Full Text Available Security is a critical concern in today's software systems. Besides the interconnectivity and dynamic nature of network systems, the increasing complexity in modern software systems amplifies the complexity of IT security. This fact leaves attackers one step ahead in exploiting vulnerabilities and introducing new cyberattacks. The demand for new methodologies in addressing cybersecurity is emphasized by both private and national corporations. A practical solution to dynamically manage the high complexity of IT security is adaptive security, which facilitates analysis of the system's behaviour and hence the prevention of malicious attacks in complex systems. Systems that feature adaptive security detect and mitigate security threats at runtime with little or no administrator involvement. In these systems, decisions at runtime are balanced according to quality and performance goals. This article describes the necessity of holistic decision making in such systems and paves the road to future research.

A Novel Computer Virus Propagation Model under Security Classification

Directory of Open Access Journals (Sweden)

Qingyi Zhu

2017-01-01

Full Text Available In reality, some computers have specific security classification. For the sake of safety and cost, the security level of computers will be upgraded with increasing of threats in networks. Here we assume that there exists a threshold value which determines when countermeasures should be taken to level up the security of a fraction of computers with low security level. And in some specific realistic environments the propagation network can be regarded as fully interconnected. Inspired by these facts, this paper presents a novel computer virus dynamics model considering the impact brought by security classification in full interconnection network. By using the theory of dynamic stability, the existence of equilibria and stability conditions is analysed and proved. And the above optimal threshold value is given analytically. Then, some numerical experiments are made to justify the model. Besides, some discussions and antivirus measures are given.

A METHODOLOGICAL APPROACH TO THE STRATEGIC ANALYSIS OF FOOD SECURITY

Directory of Open Access Journals (Sweden)

Anastasiia Mostova

2017-12-01

Full Text Available The objective of present work is to substantiate the use of tools for strategic analysis in order to develop a strategy for the country’s food security under current conditions and to devise the author’s original technique to perform strategic analysis of food security using a SWOT-analysis. The methodology of the study. The article substantiates the need for strategic planning of food security. The author considers stages in strategic planning and explains the importance of the stage of strategic analysis of the country’s food security. It is proposed to apply a SWOT-analysis when running a strategic analysis of food security. The study is based on the system of indicators and characteristics of the country’s economy, agricultural sector, market trends, material-technical, financial, human resources, which are essential to obtain an objective assessment of the impact of trends and factors on food security, and in order to further develop the procedure for conducting a strategic analysis of the country’s food security. Results of the study. The procedure for strategic analysis of food security is developed based on the tool of a SWOT-analysis, which implies three stages: a strategic analysis of weaknesses and strengths, opportunities and threats; construction of the matrix of weaknesses and strengths, opportunities, and threats (SWOT-analysis matrix; formation of the food security strategy based on the SWOT-analysis matrix. A list of characteristics was compiled in order to conduct a strategic analysis of food security and to categorize them as strengths or weaknesses, threats, and opportunities. The characteristics are systemized into strategic groups: production, market; resources; consumption: this is necessary for the objective establishing of strategic directions, responsible performers, allocation of resources, and effective control, for the purpose of further development and implementation of the strategy. A strategic analysis

Common Operating Picture: UAV Security Study

Science.gov (United States)

2004-01-01

This initial communication security study is a top-level assessment of basic security issues related to the operation of Unmanned Aerial Vehicles (UAVs) in the National Airspace System (NAS). Security considerations will include information relating to the use of International Civil Aviation Organization (ICAO) Aeronautical Telecommunications Network (ATN) protocols and applications identifying their maturity, as well as the use of IPV4 and a version of mobile IPV6. The purpose of this assessment is to provide an initial analysis of the security implications of introducing UAVs into the NAS.

Human-Technology Centric In Cyber Security Maintenance For Digital Transformation Era

Science.gov (United States)

Ali, Firkhan Ali Bin Hamid; Zalisham Jali, Mohd, Dr

2018-05-01

The development of the digital transformation in the organizations has become more expanding in these present and future years. This is because of the active demand to use the ICT services among all the organizations whether in the government agencies or private sectors. While digital transformation has led manufacturers to incorporate sensors and software analytics into their offerings, the same innovation has also brought pressure to offer clients more accommodating appliance deployment options. So, their needs a well plan to implement the cyber infrastructures and equipment. The cyber security play important role to ensure that the ICT components or infrastructures execute well along the organization’s business successful. This paper will present a study of security management models to guideline the security maintenance on existing cyber infrastructures. In order to perform security model for the currently existing cyber infrastructures, combination of the some security workforces and security process of extracting the security maintenance in cyber infrastructures. In the assessment, the focused on the cyber security maintenance within security models in cyber infrastructures and presented a way for the theoretical and practical analysis based on the selected security management models. Then, the proposed model does evaluation for the analysis which can be used to obtain insights into the configuration and to specify desired and undesired configurations. The implemented cyber security maintenance within security management model in a prototype and evaluated it for practical and theoretical scenarios. Furthermore, a framework model is presented which allows the evaluation of configuration changes in the agile and dynamic cyber infrastructure environments with regard to properties like vulnerabilities or expected availability. In case of a security perspective, this evaluation can be used to monitor the security levels of the configuration over its lifetime and

Biofuels and Food Security. A report by the High Level Panel of Experts on Food Security and Nutrition

Energy Technology Data Exchange (ETDEWEB)

NONE

2013-06-15

In October 2011, the UN Committee on World Food Security (CFS) recommended a ''review of biofuels policies -- where applicable and if necessary -- according to balanced science-based assessments of the opportunities and challenges that they may represent for food security so that biofuels can be produced where it is socially, economically and environmentally feasible to do so''. In line with this, the CFS requested the HLPE (High Level Panel of Experts) to ''conduct a science-based comparative literature analysis taking into consideration the work produced by the FAO and Global Bioenergy Partnership (GBEP) of the positive and negative effects of biofuels on food security''. Recommendations from the report include the following. Food security policies and biofuel policies cannot be separated because they mutually interact. Food security and the right to food should be priority concerns in the design of any biofuel policy. Governments should adopt the principle: biofuels shall not compromise food security and therefore should be managed so that food access or the resources necessary for the production of food, principally land, biodiversity, water and labour are not put at risk. The CFS should undertake action to ensure that this principle is operable in the very varied contexts in which all countries find themselves. Given the trend to the emergence of a global biofuels market, and a context moving from policy-driven to market-driven biofuels, there is an urgent need for close and pro-active coordination of food security, biofuel/bioenergy policies and energy policies, at national and international levels, as well as rapid response mechanisms in case of crisis. There is also an urgent need to create an enabling, responsible climate for food and non-food investments compatible with food security. The HLPE recommends that governments adopt a coordinated food security and energy security strategy, which would require articulation around the following five axes

Biofuels and Food Security. A report by the High Level Panel of Experts on Food Security and Nutrition

Energy Technology Data Exchange (ETDEWEB)

NONE

2013-06-15

In October 2011, the UN Committee on World Food Security (CFS) recommended a ''review of biofuels policies -- where applicable and if necessary -- according to balanced science-based assessments of the opportunities and challenges that they may represent for food security so that biofuels can be produced where it is socially, economically and environmentally feasible to do so''. In line with this, the CFS requested the HLPE (High Level Panel of Experts) to ''conduct a science-based comparative literature analysis taking into consideration the work produced by the FAO and Global Bioenergy Partnership (GBEP) of the positive and negative effects of biofuels on food security''. Recommendations from the report include the following. Food security policies and biofuel policies cannot be separated because they mutually interact. Food security and the right to food should be priority concerns in the design of any biofuel policy. Governments should adopt the principle: biofuels shall not compromise food security and therefore should be managed so that food access or the resources necessary for the production of food, principally land, biodiversity, water and labour are not put at risk. The CFS should undertake action to ensure that this principle is operable in the very varied contexts in which all countries find themselves. Given the trend to the emergence of a global biofuels market, and a context moving from policy-driven to market-driven biofuels, there is an urgent need for close and pro-active coordination of food security, biofuel/bioenergy policies and energy policies, at national and international levels, as well as rapid response mechanisms in case of crisis. There is also an urgent need to create an enabling, responsible climate for food and non-food investments compatible with food security. The HLPE recommends that governments adopt a coordinated food security and energy security strategy, which would require articulation

The AgMIP Coordinated Global and Regional Assessments (CGRA) of Climate Change Impacts on Agriculture and Food Security

Science.gov (United States)

Ruane, Alex; Rosenzweig, Cynthia; Elliott, Joshua; Antle, John

2015-01-01

The Agricultural Model Intercomparison and Improvement Project (AgMIP) has been working since 2010 to construct a protocol-based framework enabling regional assessments (led by regional experts and modelers) that can provide consistent inputs to global economic and integrated assessment models. These global models can then relay important global-level information that drive regional decision-making and outcomes throughout an interconnected agricultural system. AgMIPs community of nearly 800 climate, crop, livestock, economics, and IT experts has improved the state-of-the-art through model intercomparisons, validation exercises, regional integrated assessments, and the launch of AgMIP programs on all six arable continents. AgMIP is now launching Coordinated Global and Regional Assessments (CGRA) of climate change impacts on agriculture and food security to link global and regional crop and economic models using a protocol-based framework. The CGRA protocols are being developed to utilize historical observations, climate projections, and RCPsSSPs from CMIP5 (and potentially CMIP6), and will examine stakeholder-driven agricultural development and adaptation scenarios to provide cutting-edge assessments of climate changes impact on agriculture and food security. These protocols will build on the foundation of established protocols from AgMIPs 30+ activities, and will emphasize the use of multiple models, scenarios, and scales to enable an accurate assessment of related uncertainties. The CGRA is also designed to provide the outputs necessary to feed into integrated assessment models (IAMs), nutrition and food security assessments, nitrogen and carbon cycle models, and additional impact-sector assessments (e.g., water resources, land-use, biomes, urban areas). This presentation will describe the current status of CGRA planning and initial prototype experiments to demonstrate key aspects of the protocols before wider implementation ahead of the IPCC Sixth Assessment

The AgMIP Coordinated Global and Regional Assessments (CGRA) of Climate Change Impacts on Agriculture and Food Security

Science.gov (United States)

Ruane, A. C.; Rosenzweig, C.; Antle, J. M.; Elliott, J. W.

2015-12-01

The Agricultural Model Intercomparison and Improvement Project (AgMIP) has been working since 2010 to construct a protocol-based framework enabling regional assessments (led by regional experts and modelers) that can provide consistent inputs to global economic and integrated assessment models. These global models can then relay important global-level information that drive regional decision-making and outcomes throughout an interconnected agricultural system. AgMIP's community of nearly 800 climate, crop, livestock, economics, and IT experts has improved the state-of-the-art through model intercomparisons, validation exercises, regional integrated assessments, and the launch of AgMIP programs on all six arable continents. AgMIP is now launching Coordinated Global and Regional Assessments (CGRA) of climate change impacts on agriculture and food security to link global and regional crop and economic models using a protocol-based framework. The CGRA protocols are being developed to utilize historical observations, climate projections, and RCPs/SSPs from CMIP5 (and potentially CMIP6), and will examine stakeholder-driven agricultural development and adaptation scenarios to provide cutting-edge assessments of climate change's impact on agriculture and food security. These protocols will build on the foundation of established protocols from AgMIP's 30+ activities, and will emphasize the use of multiple models, scenarios, and scales to enable an accurate assessment of related uncertainties. The CGRA is also designed to provide the outputs necessary to feed into integrated assessment models (IAMs), nutrition and food security assessments, nitrogen and carbon cycle models, and additional impact-sector assessments (e.g., water resources, land-use, biomes, urban areas). This presentation will describe the current status of CGRA planning and initial prototype experiments to demonstrate key aspects of the protocols before wider implementation ahead of the IPCC Sixth Assessment

Security Components of Globalization

Directory of Open Access Journals (Sweden)

Florin Iftode

2015-05-01

Full Text Available The objective of this paper is our intention to present what are the main connections between globalization and international security. In terms of global security we can perceive the globalization as a process by which global state is represented by the UN, with a single world system, represented by major security organizations and with global effects. We will present from the beginning the main theoretical aspects that define the phenomenon of globalization, and then our contribution in assessing the implications of this phenomenon on the regional and global security. The results of our research are materialized in the last part of the paper. They emphasize the personal assessments on how the phenomenon of globalization has direct effect on global security. When talking about government, we think of norms, rules and decisionmaking procedures in the management of international life. The value that we add to the new scientific interpretation of the definition of globalization is represented, primarily, by the valuable bibliographic used resources and the original approach on the concept that refers to the links between globalization and security. This article may be, at any time, a starting point in an interesting research direction in the field of global security.

Model-Driven Information Security Risk Assessment of Socio-Technical Systems

NARCIS (Netherlands)

Ionita, Dan

2018-01-01

As more aspects of life transition to the digital domain, computer systems become increasingly complex but also more social. But assessing a socio-technical system is no trivial task: it often requires intimate knowledge of the system, awareness of the social dynamics and trust relationships of its

Security for Key Management Interfaces

OpenAIRE

Kremer , Steve; Steel , Graham; Warinschi , Bogdan

2011-01-01

International audience; We propose a much-needed formal definition of security for cryptographic key management APIs. The advantages of our definition are that it is general, intuitive, and applicable to security proofs in both symbolic and computational models of cryptography. Our definition relies on an idealized API which allows only the most essential functions for generating, exporting and importing keys, and takes into account dynamic corruption of keys. Based on this we can define the ...

The International Test Commission Guidelines on the Security of Tests, Examinations, and Other Assessments

Science.gov (United States)

International Journal of Testing, 2016

2016-01-01

The amount and severity of security threats have increased considerably over the past two decades, calling into question the validity of assessments administered around the world. These threats have increased for a number of reasons, including the popular use of computerized and online technologies for test administration and the use of almost…

Security systems engineering overview

International Nuclear Information System (INIS)

Steele, B.J.

1996-01-01

Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at $70 billion in direct costs and up to $300 billion in indirect costs. Health insurance fraud alone is estimated to cost American businesses $100 billion. Theft, warranty fraud, and counterfeiting of computer hardware totaled $3 billion in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies (counterfeit currency, cellular phone billing, credit card fraud, health care fraud, passport, green cards, and questionable documents); industrial espionage detection and prevention (intellectual property, computer chips, etc.); and security barrier technology (creation of delay such as gates, vaults, etc.)

Understanding human factors in cyber security as a dynamic system

NARCIS (Netherlands)

Young, H.J.; Vliet, A.J. van; Ven, J.G.S. van de; Jol, S.C.; Broekman, C.C.M.T.

2018-01-01

The perspective of human factors is largely missing from the wider cyber security dialogue and its scope is often limited. We propose a framework in which we consider cyber security as a state of a system. System change is brought on by an entity’s behavior. Interventions are ways of changing

Comprehensive Assessment of Industries Economic Security: Regional Aspect

Directory of Open Access Journals (Sweden)

Viktoriya Viktorovna Akberdina

2017-12-01

Full Text Available The article investigates the interaction of the forms of network integration and the development of complimentary production networks in terms of economic security. Currently, the most developed countries are occurring a transition from the industrial society to the information society. The industry 4.0 as the continuous communication at all levels and characterizes the production processes, in which technologies and devices interact automatically in the value-added chain. Under these new conditions, the former types of organizational structures of economic entities are not sufficiently effective. Therefore, there is a need to create new, modern types of organizational structures. One of these types is network structures. Currently, they are becoming characteristic features of the new economy. Regional economic security depends on internal and external threats, which lead to unstable situations. Regional crisis situations are influenced by both macroeconomic crisis processes and local features of economic and social development, as well as the resource potential, geographical location, national and other peculiarities. The article defines the specific characteristics of the regions of the Ural Federal District, as well as the current situation of the regional economy and threats to the region. The authors have evaluated the economic security of complimentary production networks at the regional level. This evaluation has revealed the interconnection between complimentary production networks and the construction industry in the national economy. We have defined the economic security of complimentary production networks and specified the concept of complimentary production networks. The research findings may be applied by organizations as a new perspective of industry using network forms related to economic security

Assessing the Need for an On-Line Educational Module for Volunteer Leaders on Bio-Security in Washington State 4-H Livestock Projects

Science.gov (United States)

Stevenson, Jill L.; Moore, Dale A.; Newman, Jerry; Schmidt, Janet L.; Smith, Sarah M.; Smith, Jean; Kerr, Susan; Wallace, Michael; BoyEs, Pat

2011-01-01

4-H livestock projects present disease transmission risks that can be reduced by the use of bio-security practices. The responsibility of teaching bio-security to youth belongs primarily to volunteer leaders, who may not be aware of the importance of these practices. A needs assessment for an online educational module about bio-security revealed…

Validity evidence for the Security Scale as a measure of perceived attachment security in adolescence.

Science.gov (United States)

Van Ryzin, Mark J; Leve, Leslie D

2012-04-01

In this study, the validity of a self-report measure of children's perceived attachment security (the Kerns Security Scale) was tested using adolescents. With regards to predictive validity, the Security Scale was significantly associated with (1) observed mother-adolescent interactions during conflict and (2) parent- and teacher-rated social competence. With regards to convergent validity, the Security Scale was significantly associated with all subscales of the Adult Attachment Scale (i.e., Depend, Anxiety, and Close) as measured 3 years later. Further, these links were found even after controlling for mother-child relationship quality as assessed by the Inventory of Parent and Peer Attachment (IPPA), and chi-square difference tests indicated that the Security Scale was generally a stronger predictor as compared to the IPPA. These results suggest that the Security Scale can be used to assess perceived attachment security across both childhood and adolescence, and thus could contribute significantly to developmental research during this period. Copyright © 2011 The Foundation for Professionals in Services for Adolescents. Published by Elsevier Ltd. All rights reserved.

Assessment of Available Numerical Tools for Dynamic Mooring Analysis

DEFF Research Database (Denmark)

Thomsen, Jonas Bjerg; Eskilsson, Claes; Ferri, Francesco

This report covers a preliminary assessment of available numerical tools to be used in upcoming full dynamic analysis of the mooring systems assessed in the project _Mooring Solutions for Large Wave Energy Converters_. The assessments tends to cover potential candidate software and subsequently c...

A new algorithm for combined dynamic economic emission dispatch with security constraints

International Nuclear Information System (INIS)

Arul, R.; Velusami, S.; Ravi, G.

2015-01-01

The primary objective of CDEED (combined dynamic economic emission dispatch) problem is to determine the optimal power generation schedule for the online generating units over a time horizon considered and simultaneously minimizing the emission level and satisfying the generators and system constraints. The CDEED problem is bi-objective optimization problem, where generation cost and emission are considered as two competing objective functions. This bi-objective CDEED problem is represented as a single objective optimization problem by assigning different weights for each objective functions. The weights are varied in steps and for each variation one compromise solution are generated and finally fuzzy based selection method is used to select the best compromise solution from the set of compromise solutions obtained. In order to reflect the test systems considered as real power system model, the security constraints are also taken into account. Three new versions of DHS (differential harmony search) algorithms have been proposed to solve the CDEED problems. The feasibility of the proposed algorithms is demonstrated on IEEE-26 and IEEE-39 bus systems. The result obtained by the proposed CSADHS (chaotic self-adaptive differential harmony search) algorithm is found to be better than EP (evolutionary programming), DHS, and the other proposed algorithms in terms of solution quality, convergence speed and computation time. - Highlights: • In this paper, three new algorithms CDHS, SADHS and CSADHS are proposed. • To solve DED with emission, poz's, spinning reserve and security constraints. • Results obtained by the proposed CSADHS algorithm are better than others. • The proposed CSADHS algorithm has fast convergence characteristic than others

Execution of a self-directed risk assessment methodology to address HIPAA data security requirements

Science.gov (United States)

Coleman, Johnathan

2003-05-01

This paper analyzes the method and training of a self directed risk assessment methodology entitled OCTAVE (Operationally Critical Threat Asset and Vulnerability Evaluation) at over 170 DOD medical treatment facilities. It focuses specifically on how OCTAVE built interdisciplinary, inter-hierarchical consensus and enhanced local capabilities to perform Health Information Assurance. The Risk Assessment Methodology was developed by the Software Engineering Institute at Carnegie Mellon University as part of the Defense Health Information Assurance Program (DHIAP). The basis for its success is the combination of analysis of organizational practices and technological vulnerabilities. Together, these areas address the core implications behind the HIPAA Security Rule and can be used to develop Organizational Protection Strategies and Technological Mitigation Plans. A key component of OCTAVE is the inter-disciplinary composition of the analysis team (Patient Administration, IT staff and Clinician). It is this unique composition of analysis team members, along with organizational and technical analysis of business practices, assets and threats, which enables facilities to create sound and effective security policies. The Risk Assessment is conducted in-house, and therefore the process, results and knowledge remain within the organization, helping to build consensus in an environment of differing organizational and disciplinary perspectives on Health Information Assurance.

Methodology for evaluation of economic security of industrial enterprises

OpenAIRE

Kopytko Marta Ivanovna

2014-01-01

This paper investigates the features of evaluation of ensuring economic security of industrial enterprises and the algorithm of complex evaluation of the economic security of industrial enterprises over time and the system of criteria and their limit values ​​and the dynamics of change to determine the level of economic security industrial enterprise in terms of its components.

Architecture and Knowledge-Driven Self-Adaptive Security in Smart Space

Directory of Open Access Journals (Sweden)

Antti Evesti

2013-03-01

Full Text Available Dynamic and heterogeneous smart spaces cause challenges for security because it is impossible to anticipate all the possible changes at design-time. Self-adaptive security is an applicable solution for this challenge. This paper presents an architectural approach for security adaptation in smart spaces. The approach combines an adaptation loop, Information Security Measuring Ontology (ISMO and a smart space security-control model. The adaptation loop includes phases to monitor, analyze, plan and execute changes in the smart space. The ISMO offers input knowledge for the adaptation loop and the security-control model enforces dynamic access control policies. The approach is novel because it defines the whole adaptation loop and knowledge required in each phase of the adaptation. The contributions are validated as a part of the smart space pilot implementation. The approach offers reusable and extensible means to achieve adaptive security in smart spaces and up-to-date access control for devices that appear in the space. Hence, the approach supports the work of smart space application developers.

How strong is the Social Security safety net? Using the Elder Index to assess gaps in economic security.

Science.gov (United States)

Mutchler, Jan E; Li, Yang; Xu, Ping

2018-04-16

Older Americans rely heavily on Social Security benefits (SSBs) to support independent lifestyles, and many have few or no additional sources of income. We establish the extent to which SSBs adequately support economic security, benchmarked by the Elder Economic Security Standard Index. We document variability across U.S. counties in the adequacy levels of SSBs among older adults. We find that the average SSBs fall short of what is required for economic security in every county in the United States, but the level of shortfall varies considerably by location. Policy implications relating to strengthening Social Security and other forms of retirement income are discussed.

Dynamical systems probabilistic risk assessment

Energy Technology Data Exchange (ETDEWEB)

Denman, Matthew R. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Ames, Arlo Leroy [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

2014-03-01

Probabilistic Risk Assessment (PRA) is the primary tool used to risk-inform nuclear power regulatory and licensing activities. Risk-informed regulations are intended to reduce inherent conservatism in regulatory metrics (e.g., allowable operating conditions and technical specifications) which are built into the regulatory framework by quantifying both the total risk profile as well as the change in the risk profile caused by an event or action (e.g., in-service inspection procedures or power uprates). Dynamical Systems (DS) analysis has been used to understand unintended time-dependent feedbacks in both industrial and organizational settings. In dynamical systems analysis, feedback loops can be characterized and studied as a function of time to describe the changes to the reliability of plant Structures, Systems and Components (SSCs). While DS has been used in many subject areas, some even within the PRA community, it has not been applied toward creating long-time horizon, dynamic PRAs (with time scales ranging between days and decades depending upon the analysis). Understanding slowly developing dynamic effects, such as wear-out, on SSC reliabilities may be instrumental in ensuring a safely and reliably operating nuclear fleet. Improving the estimation of a plant's continuously changing risk profile will allow for more meaningful risk insights, greater stakeholder confidence in risk insights, and increased operational flexibility.

Cloud Security Requirements - A checklist with security and privacy requirements for public cloud services

OpenAIRE

Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje

2015-01-01

- This document contains a checklist that can be used to develop or evaluate security and privacy requirements for Cloud computing services. The content has been gathered from established industry standards and best practices, supplemented with requirements from European data protection legislation, and taking into account security issues identified in recent research on Cloud security. The document is intended to be used by potential cloud customers that need to assess the security of a c...

An integrative approach to threat assessment and management: security and mental health response to a threatening client.

Science.gov (United States)

Farkas, Gary M; Tsukayama, John K

2012-01-01

Workplace violence threat assessment and management practices represent an interdisciplinary approach to the diversion of potentially dangerous employees and clients. This case study illustrates such an intervention in a complex situation involving a social service agency and its client. Following a curtailment of services and an arrest, the client developed an escalating homicidal anger toward the agency administrator. Once a Tarasoff warning was received, the agency contacted a security company who organized a threat assessment and management plan involving interdisciplinary collaboration. Information developed in the course of the assessment was presented to prosecutors, who facilitated the client's arrest and involuntary psychiatric commitment until he was judged to be no longer dangerous. This case ultimately involved an integration of the services of security, law enforcement, mental health professionals, prosecutors, the courts and the state mental health system in leading to a successful diversion of the client from a path of intended violence.

Executives' speech expressiveness: analysis of perceptive and acoustic aspects of vocal dynamics.

Science.gov (United States)

Marquezin, Daniela Maria Santos Serrano; Viola, Izabel; Ghirardi, Ana Carolina de Assis Moura; Madureira, Sandra; Ferreira, Léslie Piccolotto

2015-01-01

To analyze speech expressiveness in a group of executives based on perceptive and acoustic aspects of vocal dynamics. Four male subjects participated in the research study (S1, S2, S3, and S4). The assessments included the Kingdomality test to obtain the keywords of communicative attitudes; perceptive-auditory assessment to characterize vocal quality and dynamics, performed by three judges who are speech language pathologists; perceptiveauditory assessment to judge the chosen keywords; speech acoustics to assess prosodic elements (Praat software); and a statistical analysis. According to the perceptive-auditory analysis of vocal dynamics, S1, S2, S3, and S4 did not show vocal alterations and all of them were considered with lowered habitual pitch. S1: pointed out as insecure, nonobjective, nonempathetic, and unconvincing with inappropriate use of pauses that are mainly formed by hesitations; inadequate separation of prosodic groups with breaking of syntagmatic constituents. S2: regular use of pauses for respiratory reload, organization of sentences, and emphasis, which is considered secure, little objective, empathetic, and convincing. S3: pointed out as secure, objective, empathetic, and convincing with regular use of pauses for respiratory reload and organization of sentences and hesitations. S4: the most secure, objective, empathetic, and convincing, with proper use of pauses for respiratory reload, planning, and emphasis; prosodic groups agreed with the statement, without separating the syntagmatic constituents. The speech characteristics and communicative attitudes were highlighted in two subjects in a different manner, in such a way that the slow rate of speech and breaks of the prosodic groups transmitted insecurity, little objectivity, and nonpersuasion.

Dynamic (2, 3) Threshold Quantum Secret Sharing of Secure Direct Communication

International Nuclear Information System (INIS)

Lai Hong; Xiao Jing-Hua; Mehmet, Orgun A.; Josef, Pieprzyk; Xue Li-Yin

2015-01-01

In this paper, we show that a (2, 3) discrete variable threshold quantum secret sharing scheme of secure direct communication can be achieved based on recurrence using the same devices as in BB84. The scheme is devised by first placing the shares of smaller secret pieces into the shares of the largest secret piece, converting the shares of the largest secret piece into corresponding quantum state sequences, inserting nonorthogonal state particles into the quantum state sequences with the purpose of detecting eavesdropping, and finally sending the new quantum state sequences to the three participants respectively. Consequently, every particle can on average carry up to 1.5-bit messages due to the use of recurrence. The control codes are randomly prepared using the way to generate fountain codes with pre-shared source codes between Alice and Bob, making three participants can detect eavesdropping by themselves without sending classical messages to Alice. Due to the flexible encoding, our scheme is also dynamic, which means that it allows the participants to join and leave freely. (paper)

HOW TO CALCULATE INFORMATION VALUE FOR EFFECTIVE SECURITY RISK ASSESSMENT

Directory of Open Access Journals (Sweden)

Mario Sajko

2006-12-01

Full Text Available The actual problem of information security (infosec risk assessment is determining the value of information property or asset. This is particularly manifested through the use of quantitative methodology in which it is necessary to state the information value in quantitative sizes. The aim of this paper is to describe the evaluation possibilities of business information values, and the criteria needed for determining importance of information. For this purpose, the dimensions of information values will be determined and the ways used to present the importance of information contents will be studied. There are two basic approaches that can be used in evaluation: qualitative and quantitative. Often they are combined to determine forms of information content. The proposed criterion is the three-dimension model, which combines the existing experiences (i.e. possible solutions for information value assessment with our own criteria. An attempt for structuring information value in a business environment will be made as well.

Assessing hypotheses about nesting site occupancy dynamics

Science.gov (United States)

Bled, Florent; Royle, J. Andrew; Cam, Emmanuelle

2011-01-01

Hypotheses about habitat selection developed in the evolutionary ecology framework assume that individuals, under some conditions, select breeding habitat based on expected fitness in different habitat. The relationship between habitat quality and fitness may be reflected by breeding success of individuals, which may in turn be used to assess habitat quality. Habitat quality may also be assessed via local density: if high-quality sites are preferentially used, high density may reflect high-quality habitat. Here we assessed whether site occupancy dynamics vary with site surrogates for habitat quality. We modeled nest site use probability in a seabird subcolony (the Black-legged Kittiwake, Rissa tridactyla) over a 20-year period. We estimated site persistence (an occupied site remains occupied from time t to t + 1) and colonization through two subprocesses: first colonization (site creation at the timescale of the study) and recolonization (a site is colonized again after being deserted). Our model explicitly incorporated site-specific and neighboring breeding success and conspecific density in the neighborhood. Our results provided evidence that reproductively "successful'' sites have a higher persistence probability than "unsuccessful'' ones. Analyses of site fidelity in marked birds and of survival probability showed that high site persistence predominantly reflects site fidelity, not immediate colonization by new owners after emigration or death of previous owners. There is a negative quadratic relationship between local density and persistence probability. First colonization probability decreases with density, whereas recolonization probability is constant. This highlights the importance of distinguishing initial colonization and recolonization to understand site occupancy. All dynamics varied positively with neighboring breeding success. We found evidence of a positive interaction between site-specific and neighboring breeding success. We addressed local

Assessment of Information Security Management System based on ISO/IEC 27001:2013 On Subdirectorate of Data Center and Data Recovery Center in Ministry of Internal Affairs

Science.gov (United States)

Kurnianto, Ari; Isnanto, Rizal; Widodo, Aris Puji

2018-02-01

Information security is a problem effected business process of an organization, so it needs special concern. Information security assessment which is good and has international standard is done using Information Security Management System (ISMS) ISO/IEC 27001:2013. In this research, the high level assessment has been done using ISO/IEC 27001:2013 to observe the strength of information secuity in Ministry of Internal Affairs. The research explains about the assessment of information security management which is built using PHP. The input data use primary and secondary data which passed observation. The process gets maturity using the assessment of ISO/IEC 27001:2013. GAP Analysis observes the condition now a days and then to get recommendation and road map. The result of this research gets all of the information security process which has not been already good enough in Ministry of Internal Affairs, gives recommendation and road map to improve part of all information system being running. It indicates that ISO/IEC 27001:2013 is good used to rate maturity of information security management. As the next analyzation, this research use Clause and Annex in ISO/IEC 27001:2013 which is suitable with condition of Data Center and Data Recovery Center, so it gets optimum result and solving problem of the weakness information security.

A Holistic and Immune System inspired Security Framework

OpenAIRE

Mwakalinga, G. Jeffy; Yngström, Louise; Kowalski, Stewart

2009-01-01

This paper presents a Framework for adaptive information security systems for securing information systems. Information systems today are vulnerable and not adaptive to the dynamic environments because initial development of these systems focused on computer technology and communications protocol only. Most research in information security does not consider culture of users, system environments and does not pay enough attention to the enemies of information systems. As a result, users serve t...

Security option file - After closure (DOS-AF)

International Nuclear Information System (INIS)

2016-01-01

A first volume presents the context and scope of the Cigeo project, and the scope of this document. It proposes a general presentation of Cigeo, the regulatory framework and standards. It describes the different aspects and components of the security strategy: principles, security functions after closure, objectives of protection, global approach. It proposes a security assessment: objectives, consistency with international practices, assessment steps, scenarios, scenario quantitative assessment. The next part addresses security management. The second volume contains a description of the storage system: site characteristics, types of stored parcels, the future of the installation after its closure. The third volume proposes a security assessment. It addresses the management of risks and uncertainties, describes a scenario of normal evolution and also scenarios of altered evolutions, scenarios of unintentional human intrusion, and what-if type scenarios. The fourth volume reports lessons at the current stage of the project, and gives an overview of important activities from storage design to storage closure

Cyber Security and Resilient Systems

Energy Technology Data Exchange (ETDEWEB)

Robert S. Anderson

2009-07-01

The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

Cyber Security and Resilient Systems

International Nuclear Information System (INIS)

Anderson, Robert S.

2009-01-01

The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation's cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested - both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

Improving L2 Reading Comprehension through Emotionalized Dynamic Assessment Procedures.

Science.gov (United States)

Abdolrezapour, Parisa

2017-06-01

The paper reports a study on an emotionally-loaded dynamic assessment procedure used with Iranian EFL learners. It focuses on the effect of using emotional intelligence characteristics (based on Goleman's framework) as a tool for motivating learners while performing reading tasks. The study with 50 intermediate learners aged 12-15 used three modalities: a control group, which was taught under institute's normal procedures; a comparison group, which received dynamic assessment (DA); and an experimental group, which received emotionalized dynamic assessment (EDA) procedures, in the form of an intervention focusing on characteristics of Goleman's emotional intelligence framework with the express purpose of inducing them to work with their emotions. Results showed that applying EDA procedures to reading assessment tasks made a difference in learners' level of performance in comparison to those who went through pure DA procedures who in turn performed significantly better than those who did not received DA in any form.

[Assessment and early warning of land ecological security in rapidly urbanizing coastal area: A case study of Caofeidian new district, Hebei, China].

Science.gov (United States)

Zhang, Li; Chen, Ying; Wang, Shu-tao; Men, Ming-xin; Xu, Hao

2015-08-01

Assessment and early warning of land ecological security (LES) in rapidly urbanizing coastal area is an important issue to ensure sustainable land use and effective maintenance of land ecological security. In this study, an index system for the land ecological security of Caofeidian new district was established based on the Pressure-State-Response (P-S-R) model. Initial assessment units of 1 km x 1 km created with the remote sensing data and GIS methods were spatially interpolated to a fine pixel size of 30 m x 30 m, which were combined with the early warning method (using classification tree method) to evaluate the land ecological security of Caofeidian in 2005 and 2013. The early warning level was classed into four categories: security with degradation potential, sub-security with slow degradation, sub-security with rapid degradation, and insecurity. Result indicated that, from 2005 to 2013, the average LES of Caofeidian dropped from 0.55 to 0.52, indicating a degradation of land ecological security from medium security level to medium-low security level. The areas at the levels of insecurity with rapid degradation were mainly located in the rapid urbanization areas, illustrating that rapid expansion of urban construction land was the key factor to the deterioration of the regional land ecological security. Industrial District, Shilihai town and Nanpu saltern, in which the lands at the levels of insecurity and sub-security with rapid degradation or slow degradation accounted for 58.3%, 98.9% and 81.2% of their respective districts, were at the stage of high early warning. Thus, land ecological security regulation for these districts should be strengthened in near future. The study could provide a reference for land use planning and ecological protection of Caofeidian new district.

Austria; Financial Sector Assessment Program Update Technical Note: Factual Update and Analysis of the IOSCO Objectives and Principles of Securities Regulation

OpenAIRE

International Monetary Fund

2008-01-01

This technical note focuses on the International Organization of Securities Commissions objectives and principles of securities regulations of Austria. The 2003 assessment found that Austria had fully broadly implemented a large majority of principles. The human resources of the Securities Supervision Department of the Financial Market Authority (FMA) should be increased, especially to conduct on-site inspections, in addition to the 14 planned appointments. Administrative fines should be rais...

Security and SCADA protocols

International Nuclear Information System (INIS)

Igure, V. M.; Williams, R. D.

2006-01-01

Supervisory control and data acquisition (SCADA) networks have replaced discrete wiring for many industrial processes, and the efficiency of the network alternative suggests a trend toward more SCADA networks in the future. This paper broadly considers SCADA to include distributed control systems (DCS) and digital control systems. These networks offer many advantages, but they also introduce potential vulnerabilities that can be exploited by adversaries. Inter-connectivity exposes SCADA networks to many of the same threats that face the public internet and many of the established defenses therefore show promise if adapted to the SCADA differences. This paper provides an overview of security issues in SCADA networks and ongoing efforts to improve the security of these networks. Initially, a few samples from the range of threats to SCADA network security are offered. Next, attention is focused on security assessment of SCADA communication protocols. Three challenges must be addressed to strengthen SCADA networks. Access control mechanisms need to be introduced or strengthened, improvements are needed inside of the network to enhance security and network monitoring, and SCADA security management improvements and policies are needed. This paper discusses each of these challenges. This paper uses the Profibus protocol as an example to illustrate some of the vulnerabilities that arise within SCADA networks. The example Profibus security assessment establishes a network model and an attacker model before proceeding to a list of example attacks. (authors)

A Nonverbal Phoneme Deletion Task Administered in a Dynamic Assessment Format

Science.gov (United States)

Gillam, Sandra Laing; Fargo, Jamison; Foley, Beth; Olszewski, Abbie

2011-01-01

Purpose: The purpose of the project was to design a nonverbal dynamic assessment of phoneme deletion that may prove useful with individuals who demonstrate complex communication needs (CCN) and are unable to communicate using natural speech or who present with moderate-severe speech impairments. Method: A nonverbal dynamic assessment of phoneme…

Coccygeal movement: Assessment with dynamic MRI

International Nuclear Information System (INIS)

Grassi, Roberto; Lombardi, Giulio; Reginelli, Alfonso; Capasso, Francesco; Romano, Francesco; Floriani, Irene; Colacurci, Nicola

2007-01-01

Purpose: Chronic coccygodynia is a difficult problem diagnostically and therapeutically. Moreover, there is no deep knowledge especially in the field of imaging of chronic coccygodynia. In this study several possible measurements are proposed, which all are able to demonstrate coccygeal movement during defecation, in order to assess coccygeal mobility using dynamic MRI during maximum contraction and during straining-evacuation. Materials and methods: A dynamic MRI study of the pelvic floor was performed in 112 patients. Five methods of measurement were assessed. Coccygeal movements were determined through the evaluation of three angles pair and two different distances measured during the phase of maximum contraction and during the phase of straining-evacuation. Results were compared according to age, sex, parity and experience of minor trauma. No patient included in the study had coccygodynia. Measurements taken by two radiologist were compared to determine interobserver agreement. Results: The maximum measurement values of the two distances are homogeneous, between 9 and 9.4 mm. The maximum measurement values of the three angles showed a difference that is between 21 deg. and 38 deg. Two of three angles showed a major measurement values in the funtional texts. In only one patient the coccyx was not mobile. Conclusion: Our dynamic MRI study indicates that the coccyx is mobile during defecation and that it is possible to demonstrate coccygeal excursions by assessing the difference between its positions at maximum contraction and during straining-evacuation. The measurement methods used in this study for evaluating coccygeal movements resulted in variably sized observed differences, but all yielded statistically significant results in demonstrating coccygeal excursion. Among the five measurement methods, two resulted in the largest differences. Our data indicate no correlation between coccygeal movements and age, sex, parity, minor trauma and coccygodynia

Emerging trends in ICT security

CERN Document Server

Akhgar, Babak

2013-01-01

Emerging Trends in ICT Security, an edited volume, discusses the foundations and theoretical aspects of ICT security; covers trends, analytics, assessments and frameworks necessary for performance analysis and evaluation; and gives you the state-of-the-art knowledge needed for successful deployment of security solutions in many environments. Application scenarios provide you with an insider's look at security solutions deployed in real-life scenarios, including but limited to smart devices, biometrics, social media, big data security, and crowd sourcing. Provides a multidisciplinary approach

Health Information Security in Hospitals: the Application of Security Safeguards.

Science.gov (United States)

Mehraeen, Esmaeil; Ayatollahi, Haleh; Ahmadi, Maryam

2016-02-01

A hospital information system has potentials to improve the accessibility of clinical information and the quality of health care. However, the use of this system has resulted in new challenges, such as concerns over health information security. This paper aims to assess the status of information security in terms of administrative, technical and physical safeguards in the university hospitals. This was a survey study in which the participants were information technology (IT) managers (n=36) who worked in the hospitals affiliated to the top ranked medical universities (university A and university B). Data were collected using a questionnaire. The content validity of the questionnaire was examined by the experts and the reliability of the questionnaire was determined using Cronbach's coefficient alpha (α=0.75). The results showed that the administrative safeguards were arranged at a medium level. In terms of the technical safeguards and the physical safeguards, the IT managers rated them at a strong level. According to the results, among three types of security safeguards, the administrative safeguards were assessed at the medium level. To improve it, developing security policies, implementing access control models and training users are recommended.

An Impact Assessment Model for Distributed Adaptive Security Situation Assessment

National Research Council Canada - National Science Library

Heckman, Mark; Joshi, Nikhil; Tylutki, Marcus; Levitt, Karl; Just, James; Clough, Lawrence

2005-01-01

The goal of any intrusion detection, anti-virus, firewall or other security mechanism is not simply to stop attacks, but to protect a computing resource so that the resource can continue to perform its function...

Communications and Information: Emission Security

National Research Council Canada - National Science Library

1998-01-01

The Air Force EMSEC process has experienced many changes. Although these changes were attempts to meet the variances of a dynamic world, they require security protection measures far beyond the needs of the average user...

Risk Assessment for Mobile Systems Through a Multilayered Hierarchical Bayesian Network.

Science.gov (United States)

Li, Shancang; Tryfonas, Theo; Russell, Gordon; Andriotis, Panagiotis

2016-08-01

Mobile systems are facing a number of application vulnerabilities that can be combined together and utilized to penetrate systems with devastating impact. When assessing the overall security of a mobile system, it is important to assess the security risks posed by each mobile applications (apps), thus gaining a stronger understanding of any vulnerabilities present. This paper aims at developing a three-layer framework that assesses the potential risks which apps introduce within the Android mobile systems. A Bayesian risk graphical model is proposed to evaluate risk propagation in a layered risk architecture. By integrating static analysis, dynamic analysis, and behavior analysis in a hierarchical framework, the risks and their propagation through each layer are well modeled by the Bayesian risk graph, which can quantitatively analyze risks faced to both apps and mobile systems. The proposed hierarchical Bayesian risk graph model offers a novel way to investigate the security risks in mobile environment and enables users and administrators to evaluate the potential risks. This strategy allows to strengthen both app security as well as the security of the entire system.

Information Security and Integrity Systems

Science.gov (United States)

1990-01-01

Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

Assessment of brain phenylalanine dynamics in phenylketonuria patients

International Nuclear Information System (INIS)

Bik-Multanowski, M.; Pietrzyk, J. J.; Pasowicz, M.; Banys, R.P.

2006-01-01

Phenylketonuria (PKU) is the most common inborn error of metabolism in man. Brain phenylalanine kinetics can determine neurological treatment outcome in phenylketonuria. The aim of our study wa sto test a simplified magnetic resonance spectroscopy method for assessment of brain phenylalanine dynamics in PKU patients. Brain phenylalanine concentration (measured by means of magnetic resonance spectroscopy) and blood phenylalanine concentrations changes occurring within 24 hours after oral phenylalanine loading were analyzed in 5 PKU patients. The brain/blood phenylalanine ratio in 3 persons with normal intelligence was lower than in 2 with borderline intelligence or mild mental retardation. In our opinion the proposed method could be useful for assessment of brain phenylalanine dynamics in PKU patients. (author)

Making instruction and assessment responsive to diverse students' progress: group-administered dynamic assessment in teaching mathematics.

Science.gov (United States)

Jeltova, Ida; Birney, Damian; Fredine, Nancy; Jarvin, Linda; Sternberg, Robert J; Grigorenko, Elena L

2011-01-01

This study entailed a 3 (instructional intervention) × 2 (assessment-type) between-subjects experimental design employing a pretest-intervention-posttest methodology. The instructional interventions were administered between subjects in three conditions: (a) dynamic instruction, (b) triarchic or theory of successful intelligence-control instruction, and (c) standard-control instruction. The assessment-type consisted between subjects of either (a) a group-administered dynamic posttest or (b) the same group-administered posttest interspersed with a control filler activity. Performance in different mathematics content areas taught in fourth grade was investigated. In total, 1,332 students and 63 classroom teachers in 24 schools across six school districts participated in the study. The results indicate the advantages of using dynamic instruction and assessment in regular classrooms while teaching mathematics, especially when the student body is highly ethnically diverse.

Secure File Allocation and Caching in Large-scale Distributed Systems

DEFF Research Database (Denmark)

Di Mauro, Alessio; Mei, Alessandro; Jajodia, Sushil

2012-01-01

In this paper, we present a file allocation and caching scheme that guarantees high assurance, availability, and load balancing in a large-scale distributed file system that can support dynamic updates of authorization policies. The scheme uses fragmentation and replication to store files with hi......-balancing, and reducing delay of read operations. The system offers a trade-off-between performance and security that is dynamically tunable according to the current level of threat. We validate our mechanisms with extensive simulations in an Internet-like network.......In this paper, we present a file allocation and caching scheme that guarantees high assurance, availability, and load balancing in a large-scale distributed file system that can support dynamic updates of authorization policies. The scheme uses fragmentation and replication to store files with high...... security requirements in a system composed of a majority of low-security servers. We develop mechanisms to fragment files, to allocate them into multiple servers, and to cache them as close as possible to their readers while preserving the security requirement of the files, providing load...

Assessing the dynamic material criticality of infrastructure transitions: A case of low carbon electricity

International Nuclear Information System (INIS)

Roelich, Katy; Dawson, David A.; Purnell, Phil; Knoeri, Christof; Revell, Ruairi; Busch, Jonathan; Steinberger, Julia K.

2014-01-01

Highlights: • We present a method to analyse material criticality of infrastructure transitions. • Criticality is defined as the potential for, and exposure to, supply disruption. • Our method is dynamic reducing the probability of lock-in to at-risk technologies. • We show that supply disruption potential is reducing but exposure is increasing. - Abstract: Decarbonisation of existing infrastructure systems requires a dynamic roll-out of technology at an unprecedented scale. The potential disruption in supply of critical materials could endanger such a transition to low-carbon infrastructure and, by extension, compromise energy security more broadly because low carbon technologies are reliant on these materials in a way that fossil-fuelled energy infrastructure is not. Criticality is currently defined as the combination of the potential for supply disruption and the exposure of a system of interest to that disruption. We build on this definition and develop a dynamic approach to quantifying criticality, which monitors the change in criticality during the transition towards a low-carbon infrastructure goal. This allows us to assess the relative risk of different technology pathways to reach a particular goal and reduce the probability of being ‘locked in’ to currently attractive but potentially future-critical technologies. To demonstrate, we apply our method to criticality of the proposed UK electricity system transition, with a focus on neodymium. We anticipate that the supply disruption potential of neodymium will decrease by almost 30% by 2050; however, our results show the criticality of low carbon electricity production increases ninefold over this period, as a result of increasing exposure to neodymium-reliant technologies

Synchrophasor Sensing and Processing based Smart Grid Security Assessment for Renewable Energy Integration

Science.gov (United States)

Jiang, Huaiguang

With the evolution of energy and power systems, the emerging Smart Grid (SG) is mainly featured by distributed renewable energy generations, demand-response control and huge amount of heterogeneous data sources. Widely distributed synchrophasor sensors, such as phasor measurement units (PMUs) and fault disturbance recorders (FDRs), can record multi-modal signals, for power system situational awareness and renewable energy integration. An effective and economical approach is proposed for wide-area security assessment. This approach is based on wavelet analysis for detecting and locating the short-term and long-term faults in SG, using voltage signals collected by distributed synchrophasor sensors. A data-driven approach for fault detection, identification and location is proposed and studied. This approach is based on matching pursuit decomposition (MPD) using Gaussian atom dictionary, hidden Markov model (HMM) of real-time frequency and voltage variation features, and fault contour maps generated by machine learning algorithms in SG systems. In addition, considering the economic issues, the placement optimization of distributed synchrophasor sensors is studied to reduce the number of the sensors without affecting the accuracy and effectiveness of the proposed approach. Furthermore, because the natural hazards is a critical issue for power system security, this approach is studied under different types of faults caused by natural hazards. A fast steady-state approach is proposed for voltage security of power systems with a wind power plant connected. The impedance matrix can be calculated by the voltage and current information collected by the PMUs. Based on the impedance matrix, locations in SG can be identified, where cause the greatest impact on the voltage at the wind power plants point of interconnection. Furthermore, because this dynamic voltage security assessment method relies on time-domain simulations of faults at different locations, the proposed approach

Security Inequalities in North America: Reassessing Regional Security Complex Theory

Directory of Open Access Journals (Sweden)

Richard Kilroy

2017-12-01

Full Text Available This article re-evaluates earlier work done by the authors on Regional Security Complex Theory (RSCT in North America, using sectoral analysis initially developed by Buzan and Waever, but also adding the variables of institutions, identity, and interests. These variables are assessed qualitatively in the contemporary context on how they currently impress upon the process of securitization within sectoral relations between Canada, Mexico, and the United States. The article reviews the movement from bilateral security relations between these states to the development of a trilateral response to regional security challenges post- 9/11. It further addresses the present period and what appears to be a security process derailed by recent political changes and security inequalities, heightened by the election of Donald Trump in 2016. The article argues that while these three states initially evinced a convergence of regional security interests after 9/11, which did create new institutional responses, under the current conditions, divergence in political interests and security inequalities have reduced the explanatory power of RSCT in North America. Relations between states in North American are becoming less characterized by the role of institutions and interests and more by identity politics in the region.

Energy systems security

CERN Document Server

Voeller, John G

2014-01-01

Energy Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to electricity transmission grids and their protection, risk assessment of energy systems, analysis of interdependent energy networks. Methods to manage electricity transmission disturbances so as to avoid blackouts are discussed, and self-healing energy system and a nano-enabled power source are presented.

Assessment of Information Security Management System based on ISO/IEC 27001:2013 On Subdirectorate of Data Center and Data Recovery Center in Ministry of Internal Affairs

Directory of Open Access Journals (Sweden)

Kurnianto Ari

2018-01-01

Full Text Available Information security is a problem effected business process of an organization, so it needs special concern. Information security assessment which is good and has international standard is done using Information Security Management System (ISMS ISO/IEC 27001:2013. In this research, the high level assessment has been done using ISO/IEC 27001:2013 to observe the strength of information secuity in Ministry of Internal Affairs. The research explains about the assessment of information security management which is built using PHP. The input data use primary and secondary data which passed observation. The process gets maturity using the assessment of ISO/IEC 27001:2013. GAP Analysis observes the condition now a days and then to get recommendation and road map. The result of this research gets all of the information security process which has not been already good enough in Ministry of Internal Affairs, gives recommendation and road map to improve part of all information system being running. It indicates that ISO/IEC 27001:2013 is good used to rate maturity of information security management. As the next analyzation, this research use Clause and Annex in ISO/IEC 27001:2013 which is suitable with condition of Data Center and Data Recovery Center, so it gets optimum result and solving problem of the weakness information security.

Argumentation-Based Security Requirements Elicitation: The Next Round

NARCIS (Netherlands)

Ionita, Dan; Bullee, Jan-Willem; Wieringa, Roelf J.

2014-01-01

Information Security Risk Assessment can be viewed as part of requirements engineering because it is used to translate security goals into security requirements, where security requirements are the desired system properties that mitigate threats to security goals. To improve the defensibility of

Assessment of Performance Measures for Security of the Maritime Transportation Network, Port Security Metrics : Proposed Measurement of Deterrence Capability

Science.gov (United States)

2007-01-03

This report is the thirs in a series describing the development of performance measures pertaining to the security of the maritime transportation network (port security metrics). THe development of measures to guide improvements in maritime security ...

Integrated Nuclear Security Support Plan (INSSP)

International Nuclear Information System (INIS)

Moore, G.M.

2010-01-01

Integrated Nuclear Security Support Plan (INSSP) purposes the framework for a comprehensive approach to addressing specific national security needs. It provides means for coordinating nuclear security assistance to member states. Identifies responsible parties for completion of nuclear security activities which are necessary to build sustainable nuclear security programs. International Atomic Energy Agency INSSP development process is based on findings and recommendations from a range of nuclear security missions and other information needs assessments. Takes into account of the ongoing work activities of other bilateral assistance.

Evaluation of Data Security Measures in a Network Environment Towards Developing Cooperate Data Security Guidelines

OpenAIRE

Ayub Hussein Shirandula; Dr. G. Wanyembi; Mr. Maina karume

2012-01-01

Data security in a networked environment is a topic that has become significant in organizations. As companies and organizations rely more on technology to run their businesses, connecting system to each other in different departments for efficiency data security is the concern for administrators. This research assessed the data security measures put in place at Mumias Sugar Company and the effort it was using to protect its data. The researcher also highlighted major security issues that wer...

Survey of cyber security issues in smart grids

Science.gov (United States)

Chen, Thomas M.

2010-04-01

The future smart grid will enable cost savings and lower energy use by means of smart appliances and smart meters which support dynamic load management and real-time monitoring of energy use and distribution. The introduction of two-way communications and control into power grid introduces security and privacy concerns. This talk will survey the security and privacy issues in smart grids using the NIST reference model, and relate these issues to cyber security in the Internet.

Ambulatory assessment of ankle and foot dynamics

NARCIS (Netherlands)

Schepers, H. Martin; Koopman, Hubertus F.J.M.; Veltink, Petrus H.

Ground reaction force (GRF) measurement is important in the analysis of human body movements. The main drawback of the existing measurement systems is the restriction to a laboratory environment. This paper proposes an ambulatory system for assessing the dynamics of ankle and foot, which integrates

Ontario Hydro looks at security

International Nuclear Information System (INIS)

Green, B.J.; Kee, B.

1995-01-01

Ontario Hydro operates 20 CANDU reactors on three different sites. Since 1984, a review of security arrangements on all the sites has taken place on a five-yearly basis. The review process for 1995 is outlined. The three objectives were as follows: to assess current security threats and risks to the stations; to assess the adequacy of the existing programme to protect against current threats; by comparing the security programme against those of comparable entities to establish benchmarks for good practice as a basis for improvements at Ontario Hydro. Valuable insights gained through the review are listed. These could be useful to other utilities. (UK)

Assessing food security status among farming households in Ibadan ...

African Journals Online (AJOL)

... relative to urban farming practices was found to influence the food security status of the respondents. This is justified from the χ2 value of 9.263 and 6.443 returned for this factor and which is significant at 0.05 level of significance. Keywords: Food security; Odds; Urban farming. Moor Journal of Agricultural Research Vol.

ADMINISTRATIVE EXPENDITURES OF SOCIAL SECURITY FUNDS IN UKRAINE

Directory of Open Access Journals (Sweden)

Nataliia Ivanchuk

2017-12-01

Full Text Available Along with the expenditures for social protection, social security funds finance administrative direction, which should correspond to the amount of functions performed by a particular fund. The purpose of the paper is to determine ways to reduce administrative expenditures of state social security funds in the conditions of reforming Ukrainian economy. For this purpose, the authors investigate distribution of the expenditures between social security funds, analyse dynamics and structure of assignments for fund administration, and suggest possible ways to rationalize maintenance cost for these institutions. Methodology. Administrative expenditures are an integral part of the cost of social security funds and include particular items of expenses in the budget of these institutions. Applying a systematic approach to calculating the administrative costs of social security funds of Ukraine the authors have taken into account the expenditures related to funding management, support for information systems, and organization of work with insured people. Results of the survey showed that in 2007–2016 Pension Fund of Ukraine incurred the largest part of social expenditures (more than 90% compared with other social insurance funds (less than 10%. At the same time, the administrative expenses were divided approximately into two halves between Pension Fund and other social security funds. In 2015, the government launched a reform of social insurance funds that aimed to reduce funds to three institutions but a decrease in the total amount of administrative expenditures has not been achieved yet. In addition, Pension Fund of Ukraine was least burdened with administrative expenses, while other social security funds with a relatively small share of social expenditures were burdened with administrative expenditures much more. Practical implications. Research showed that nowadays the existence of several social security funds in Ukraine is economically

PLANNING INTELLIGENCE ACTIVITIES IN A DYNAMIC SECURITY ENVIRONMENT

Directory of Open Access Journals (Sweden)

Anca Pavel

2016-10-01

Full Text Available The hypothesis introduced by this article is that, in order to perform intelligence missions and to obtain valuable intelligence for the consumers it is necessary to implement processes and tools to support planning activities. Today's challenges consist rather in the ability of intelligence organizations to identify and initiate new connections, processes and communication flows with other partners operating in the security environment than to plan in their own name secret operations. From this point of view, planning activities should focus on new procedures, at a much more extensive level in order to align institutional efforts beyond the boundaries of their own organization and the national community of information. Also, in order to coordinate intelligence activities, strategic planning must be anchored into a complex analysis of the potential impact of existing and possible future global phenomena that shape the security environment and thus identify better ways of improving results.

Chair Report Consultancy Meeting on Nuclear Security Assessment Methodologies (NUSAM) Transport Case Study Working Group

Energy Technology Data Exchange (ETDEWEB)

Shull, Doug [Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)

2015-08-19

The purpose of the consultancy assignment was to (i) apply the NUSAM assessment methods to hypothetical transport security table top exercise (TTX) analyses and (ii) document its results to working materials of NUSAM case study on transport. A number of working group observations, using the results of TTX methodologies, are noted in the report.

Understanding Application Behaviours for Android Security: A Systematic Characterization

OpenAIRE

Cai, Haipeng; Ryder, Barbara

2016-01-01

In contrast to most existing research on Android focusing on specific security issues, there is little broad understanding of Android application run-time characteristics and their security implications. To mitigate this gap, we present the first dynamic characterization study of Android applications that targets such a broad understanding for Android security. Through lightweight method-level profiling, we have collected 33GB traces of method calls and inter-component communication (ICC) fro...

Distributed security framework for modern workforce

Energy Technology Data Exchange (ETDEWEB)

Balatsky, G.; Scherer, C. P., E-mail: gbalatsky@lanl.gov, E-mail: scherer@lanl.gov [Los Alamos National Laboratory, Los Alamos, NM (United States)

2014-07-01

Safe and sustainable nuclear power production depends on strict adherence to nuclear security as a necessary prerequisite for nuclear power. This paper considers the current challenges for nuclear security, and proposes a conceptual framework to address those challenges. We identify several emerging factors that affect nuclear security: 1. Relatively high turnover rates in the nuclear workforce compared to the earlier years of the nuclear industry, when nuclear workers were more likely to have secure employment, a lifelong career at one company, and retirement on a pension plan. 2. Vulnerabilities stemming from the ubiquitous presence of modern electronics and their patterns of use by the younger workforce. 3. Modern management practices, including outsourcing and short-term contracting (which relates to number 1 above). In such a dynamic and complex environment, nuclear security personnel alone cannot effectively guarantee adequate security. We propose that one solution to this emerging situation is a distributed security model in which the components of nuclear security become the responsibility of each and every worker at a nuclear facility. To implement this model, there needs to be a refurbishment of current workforce training and mentoring practices. The paper will present an example of distributed security framework model, and how it may look in practice. (author)

Distributed security framework for modern workforce

International Nuclear Information System (INIS)

Balatsky, G.; Scherer, C. P.

2014-01-01

Safe and sustainable nuclear power production depends on strict adherence to nuclear security as a necessary prerequisite for nuclear power. This paper considers the current challenges for nuclear security, and proposes a conceptual framework to address those challenges. We identify several emerging factors that affect nuclear security: 1. Relatively high turnover rates in the nuclear workforce compared to the earlier years of the nuclear industry, when nuclear workers were more likely to have secure employment, a lifelong career at one company, and retirement on a pension plan. 2. Vulnerabilities stemming from the ubiquitous presence of modern electronics and their patterns of use by the younger workforce. 3. Modern management practices, including outsourcing and short-term contracting (which relates to number 1 above). In such a dynamic and complex environment, nuclear security personnel alone cannot effectively guarantee adequate security. We propose that one solution to this emerging situation is a distributed security model in which the components of nuclear security become the responsibility of each and every worker at a nuclear facility. To implement this model, there needs to be a refurbishment of current workforce training and mentoring practices. The paper will present an example of distributed security framework model, and how it may look in practice. (author)

Truck shipment risks for assessing hazardous materials - a new paradigm incorporating safety and security

Energy Technology Data Exchange (ETDEWEB)

Greenberg, A.; McSweeney, T.; Allen, J.; Lepofsky, M. [Battelle Memorial Inst., Columbus, OH (United States); Abkowitz, M. [Dept. of Civil Engineering, Vanderbilt Univ., Nashville, TN (United States)

2004-07-01

Recent terrorist events, most notably September 11, 2001, have taught us that transportation risk management must be performed with a different lens to accommodate terrorism scenarios that would have previously been considered unlikely to warrant serious attention. Given these circumstances, a new paradigm is needed for managing the risks associated with highway transport of hazardous materials. In particular, this paradigm must: 1) more explicitly consider security threat and vulnerability, and 2) integrate security considerations into an overall framework for addressing natural and man-made disasters, be they accidental or planned. This paper summarizes the results of a study sponsored by the U.S. Department of Transportation, Federal Motor Carrier Safety Administration for the purpose of exploring how a paradigm might evolve in which both safety and security risks can be evaluated as a systematic, integrated process. The work was directed at developing a methodology for assessing the impacts of hazardous materials safety and security incident consequences when transported by highway. This included consideration of the manner in which these materials could be involved in initiating events as well as potential outcomes under a variety of release conditions. The methodology is subsequently applied to various classes of hazardous materials to establish an economic profile of the impacts that might be expected if a major release were to occur. The paper concludes with a discussion of the findings and implications associated with this effort.

Truck shipment risks for assessing hazardous materials - a new paradigm incorporating safety and security

International Nuclear Information System (INIS)

Greenberg, A.; McSweeney, T.; Allen, J.; Lepofsky, M.; Abkowitz, M.

2004-01-01

Recent terrorist events, most notably September 11, 2001, have taught us that transportation risk management must be performed with a different lens to accommodate terrorism scenarios that would have previously been considered unlikely to warrant serious attention. Given these circumstances, a new paradigm is needed for managing the risks associated with highway transport of hazardous materials. In particular, this paradigm must: 1) more explicitly consider security threat and vulnerability, and 2) integrate security considerations into an overall framework for addressing natural and man-made disasters, be they accidental or planned. This paper summarizes the results of a study sponsored by the U.S. Department of Transportation, Federal Motor Carrier Safety Administration for the purpose of exploring how a paradigm might evolve in which both safety and security risks can be evaluated as a systematic, integrated process. The work was directed at developing a methodology for assessing the impacts of hazardous materials safety and security incident consequences when transported by highway. This included consideration of the manner in which these materials could be involved in initiating events as well as potential outcomes under a variety of release conditions. The methodology is subsequently applied to various classes of hazardous materials to establish an economic profile of the impacts that might be expected if a major release were to occur. The paper concludes with a discussion of the findings and implications associated with this effort

33 CFR 101.405 - Maritime Security (MARSEC) Directives.

Science.gov (United States)

2010-07-01

... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Maritime Security (MARSEC... SECURITY MARITIME SECURITY MARITIME SECURITY: GENERAL Control Measures for Security § 101.405 Maritime... necessary to respond to a threat assessment or to a specific threat against the maritime elements of the...

The Firewall and Security of Information Systems

OpenAIRE

Radut Carmen; Albici Mihaela; Tenovici Cristina Otilia

2010-01-01

Information security is a broader concept which refers to ensuring the integrity, confidentiality and availability of information. The dynamics of information technology to induce new risks to which organizations must implement new measures of control. Technological development has been accompanied by security solutions, equipment manufacturers and applications including technical methods of protection performance. However, while in information technology change is exponential, the human comp...

An Assessment of Teacher Retention on Job Security in Private Secondary Schools in Ogun State, Nigeria

Directory of Open Access Journals (Sweden)

M.F. Faremi

2017-12-01

Full Text Available This study assessed the relationship between teacher retention and job security in private secondary schools in Ogun state, Nigeria. The study assessed ade-quacy in teaching and learning infrastructure, evaluated mode of recruitment of teachers, the factors responsible for high teacher turnover and teachers retention strategies employed in private secondary schools. Descriptive research of the survey design was employed in this study. Data were collected using questionnaire. Multistage sampling technique was used for data collection among 200 teachers including the school principals. Data collected were analyzed with a mixture of descriptive and inferential statistics. Percentages, mean and frequency counts were used to answer the research questions raised while Pearson Moment Correlation Coefficient and t-test analysis were used to test the formulated hypotheses at 0.05 level of significance. The findings from this study revealed that teaching and learning infrastructure were inadequate in most of the schools. It was observed that books, classroom and teachers were very adequate in some of the schools. However, few of the schools had internet facility for knowledge transfer and student exposure to the worldwide web. The study also showed that the proprietors were primarily responsible for staff recruitment although there were instances where formal advertisement for recruitment was made. The study further revealed a significant relationship between teacher retention strategies and job security in private secondary schools in Osun state. The study also showed a significant relationship between teacher turnover and job security in the schools. In addition, the findings showed a significant relationship between teacher turnover and job security in private secondary schools in Osun state. Lastly, the study revealed a significant difference in the mean rate and female teachers' turnover in the selected private secondary schools. Based on the

Secure and Fair Cluster Head Selection Protocol for Enhancing Security in Mobile Ad Hoc Networks

Directory of Open Access Journals (Sweden)

B. Paramasivan

2014-01-01

Full Text Available Mobile ad hoc networks (MANETs are wireless networks consisting of number of autonomous mobile devices temporarily interconnected into a network by wireless media. MANETs become one of the most prevalent areas of research in the recent years. Resource limitations, energy efficiency, scalability, and security are the great challenging issues in MANETs. Due to its deployment nature, MANETs are more vulnerable to malicious attack. The secure routing protocols perform very basic security related functions which are not sufficient to protect the network. In this paper, a secure and fair cluster head selection protocol (SFCP is proposed which integrates security factors into the clustering approach for achieving attacker identification and classification. Byzantine agreement based cooperative technique is used for attacker identification and classification to make the network more attack resistant. SFCP used to solve this issue by making the nodes that are totally surrounded by malicious neighbors adjust dynamically their belief and disbelief thresholds. The proposed protocol selects the secure and energy efficient cluster head which acts as a local detector without imposing overhead to the clustering performance. SFCP is simulated in network simulator 2 and compared with two protocols including AODV and CBRP.

Secure and fair cluster head selection protocol for enhancing security in mobile ad hoc networks.

Science.gov (United States)

Paramasivan, B; Kaliappan, M

2014-01-01

Mobile ad hoc networks (MANETs) are wireless networks consisting of number of autonomous mobile devices temporarily interconnected into a network by wireless media. MANETs become one of the most prevalent areas of research in the recent years. Resource limitations, energy efficiency, scalability, and security are the great challenging issues in MANETs. Due to its deployment nature, MANETs are more vulnerable to malicious attack. The secure routing protocols perform very basic security related functions which are not sufficient to protect the network. In this paper, a secure and fair cluster head selection protocol (SFCP) is proposed which integrates security factors into the clustering approach for achieving attacker identification and classification. Byzantine agreement based cooperative technique is used for attacker identification and classification to make the network more attack resistant. SFCP used to solve this issue by making the nodes that are totally surrounded by malicious neighbors adjust dynamically their belief and disbelief thresholds. The proposed protocol selects the secure and energy efficient cluster head which acts as a local detector without imposing overhead to the clustering performance. SFCP is simulated in network simulator 2 and compared with two protocols including AODV and CBRP.

Iran's Security Policy in the Post-Revolutionary Era

National Research Council Canada - National Science Library

Byman, Daniel

2001-01-01

This report assesses Iran's security policy. It examines broad drivers of Iran's security policy, describes important security institutions, explores decisionmaking, and reviews Iran's relations with key countries...

The National Security Council: An Organizational Assessment

National Research Council Canada - National Science Library

Best Jr, Richard A

2009-01-01

The National Security Council (NSC) was established by statute in 1947 to create an interdepartmental body to advise the President with respect to the integration of domestic, foreign, and military policies relating to the national...

Secure Storage Architectures

Energy Technology Data Exchange (ETDEWEB)

Aderholdt, Ferrol [Tennessee Technological University; Caldwell, Blake A [ORNL; Hicks, Susan Elaine [ORNL; Koch, Scott M [ORNL; Naughton, III, Thomas J [ORNL; Pogge, James R [Tennessee Technological University; Scott, Stephen L [Tennessee Technological University; Shipman, Galen M [ORNL; Sorrillo, Lawrence [ORNL

2015-01-01

The purpose of this report is to clarify the challenges associated with storage for secure enclaves. The major focus areas for the report are: - review of relevant parallel filesystem technologies to identify assets and gaps; - review of filesystem isolation/protection mechanisms, to include native filesystem capabilities and auxiliary/layered techniques; - definition of storage architectures that can be used for customizable compute enclaves (i.e., clarification of use-cases that must be supported for shared storage scenarios); - investigate vendor products related to secure storage. This study provides technical details on the storage and filesystem used for HPC with particular attention on elements that contribute to creating secure storage. We outline the pieces for a a shared storage architecture that balances protection and performance by leveraging the isolation capabilities available in filesystems and virtualization technologies to maintain the integrity of the data. Key Points: There are a few existing and in-progress protection features in Lustre related to secure storage, which are discussed in (Chapter 3.1). These include authentication capabilities like GSSAPI/Kerberos and the in-progress work for GSSAPI/Host-keys. The GPFS filesystem provides native support for encryption, which is not directly available in Lustre. Additionally, GPFS includes authentication/authorization mechanisms for inter-cluster sharing of filesystems (Chapter 3.2). The limitations of key importance for secure storage/filesystems are: (i) restricting sub-tree mounts for parallel filesystem (which is not directly supported in Lustre or GPFS), and (ii) segregation of hosts on the storage network and practical complications with dynamic additions to the storage network, e.g., LNET. A challenge for VM based use cases will be to provide efficient IO forwarding of the parallel filessytem from the host to the guest (VM). There are promising options like para-virtualized filesystems to

Energy and water tradeoffs in enhancing food security: A selective international assessment

International Nuclear Information System (INIS)

Mushtaq, Shahbaz; Maraseni, Tek Narayan; Maroulis, Jerry; Hafeez, Mohsin

2009-01-01

Rice is the major staple food in most Asian countries. However, with rapidly growing populations, sustained high productivity and yields through improving water productivity is critically important. Increasingly complex energy-agriculture relationships require an in-depth understanding of water and energy tradeoffs. This study contributes to energy and food policies by analysing the complex energy, water and economics dynamics across a selection of major rice growing countries. The results show that tradeoffs exist between yield and energy inputs with high yield attributed to higher levels of energy input. The selected developed countries show higher energy productivity, relative to all other energy inputs, compared to the selected developing counties, owing to enhanced mechanisation, on-farm technology and improved farm management. Among all countries, China has the highest water productivity due to water-saving irrigation practices. These practices offer opportunities for developed and developing countries to increase water productivity at the same time taking advantage of economic and energy benefits of reduced pumping. Sustained production from agriculture is vital to food security. Improved irrigation practices can offset environmental footprints in the short run but their large-scale implementation remains an issue. In the long run, investments are needed to buffer the negative impacts of food production on the environment. Investments to boost water productivity and improved energy use efficiency in crop production are two pathways to reduce energy dependency, enhanced natural resource sustainability and ensuring future food security.

Privacy and security in teleradiology

International Nuclear Information System (INIS)

Ruotsalainen, Pekka

2010-01-01