Full Text Available Rapidly increasing numbers of sophisticated mobile devices (smart phones, tab computers, etc. all over the world mean that ensuring information security will only become a more pronounced problem for individuals and organizations. It’s important to effectively protect data stored on or accessed by mobile devices, and also during transmission of data between devices and between device and information system. Technological and other trends show, that the cyber threats are also rapidly developing and spreading. It's crucial to educate users about safe usage and to increase their awareness of security issues. Ideally, users should keep-up with technological trends and be well equipped with knowledge otherwise mobile technology will significantly increase security risks. Most important is that we start educating youth so that our next generations of employees will be part of a culture of data and information security awareness.
No university seems immune to cyber attacks. For many universities, such events have served as wake-up calls to develop a comprehensive information security and privacy strategy. This is no simple task, however. It involves balancing a culture of openness with a need for security and privacy. Security and privacy are not the same, and the…
Shahri, Ahmad Bakhtiyari; Ismail, Zuraini; Mohanna, Shahram
The security effectiveness based on users' behaviors is becoming a top priority of Health Information System (HIS). In the first step of this study, through the review of previous studies 'Self-efficacy in Information Security' (SEIS) and 'Security Competency' (SCMP) were identified as the important factors to transforming HIS users to the first line of defense in the security. Subsequently, a conceptual model was proposed taking into mentioned factors for HIS security effectiveness. Then, this quantitative study used the structural equation modeling to examine the proposed model based on survey data collected from a sample of 263 HIS users from eight hospitals in Iran. The result shows that SEIS is one of the important factors to cultivate of good end users' behaviors toward HIS security effectiveness. However SCMP appears a feasible alternative to providing SEIS. This study also confirms the mediation effects of SEIS on the relationship between SCMP and HIS security effectiveness. The results of this research paper can be used by HIS and IT managers to implement their information security process more effectively.
Waddell, Stanie Adolphus
Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and…
Peltier, Thomas R
Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise's effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.The book examines the elements of computer security, employee roles and r
Hartel, Pieter H.; Suryana Herman, Nanna; Leukfeldt, E.R.; Stol, W.Ph.
Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is
Dube, Kudakwashe; Shoniregun, Charles A
The ever-increasing healthcare expenditure and pressing demand for improved quality and efficiency of patient care services are driving innovation in healthcare information management. The domain of healthcare has become a challenging testing ground for information security due to the complex nature of healthcare information and individual privacy. ""Electronic Healthcare Information Security"" explores the challenges of e-healthcare information and security policy technologies. It evaluates the effectiveness of security and privacy implementation systems for anonymization methods and techniqu
F. N. Shago
Full Text Available Quality assessment of information security management system is an important step for obtaining baseline data for analysis of the security system control effectiveness, and evaluating implementation of the specified information security requirements of the organization. Proceeding from current analysis practice of information security management systems effectiveness assessment, it can be concluded that, in most cases, independent measurement of security control is carried out without regard to their interaction. The uncertainty of the stochastic nature of the measured security controls is not taken into account. There is a list of related measures for control and management; however, structural elements for measuring of these interactions are absent. Thus, there is an important and urgent task of improving the effectiveness assessing methodology for information security management system that can be solved by introducing a new integral effectiveness indicator of the system, which would give the possibility to take into account the above-mentioned shortcomings. The author proposes the usage of a new integral efficiency indicator - system response time to information security incidents. This efficiency indicator will make it possible to pass from the binary effectiveness assessment of the system "approve or disapprove" to a quantitative one. New performance indicator gives the possibility to take into account the uncertainty of the stochastic nature of the attributes and measures of management and control, provides a quantitative assessment of the information security state and has a clear physical interpretation for the organization management and information security officers. Dynamics of the indicator change from test to test will assess the information security management system state in general and effectiveness of taken control and management measures. The method for calculating of the new information security management system performance
Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles
Perez, Rafael G.
The purpose of this quantitative inferential study is to determine the level of correlation between the organizational factors of information security awareness, balanced security processes, and organizational structure with the size of the estimation gap of information security implementations mediated by the end user intentionality. The study…
Bazavan, Ioana V
While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner.Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book demonstrates how to design the best security strategy with the resources you have available. Organized into five sections, the book-Focuses on setting the right road map so that you can be most effective in your information security implementationsDiscusses cost-effective staffing, the single biggest expense to the security organizationPresents practical ways to build and manage the documentation that details strategy, provides resources for operating annual audits, and illustrates how to advertise accomplishments to senior management effectivelyI...
Knapp, Kenneth J
...: user training, security culture, policy relevance, and policy enforcement. Prior research has not yet examined the mediation factors between management support and information security effectiveness...
Francois, Michael T.
Today's organizations rely heavily on information technology to conduct their daily activities. Therefore, their information security systems are an area of heightened security concern. As a result, organizations implement information security programs to address and mitigate that concern. However, even with the emphasis on information security,…
Companies and organizations world-wide depend more and more on IT infrastructure and operations. Computer systems store vital information and sensitive data; computing services are essential for main business processes. This high dependency comes with a number of security risks, which have to be managed correctly on technological, organizational and human levels. Addressing the human aspects of information security often boils down just to procedures, training and awareness raising. On the other hand, employees and collaborators do not adopt security attitude and habits simply when told to do so – a real change in behaviour requires an established security culture. But how to introduce a security culture? This thesis outlines the need of developing or improving security culture, and discusses how this can be done. The proposed approach is to gradually build security knowledge and awareness, and influence behaviours. The way to achieve this is to make security communication pervasive by embedding security me...
Okolo, Nkiru Benjamin
Information systems of today face more potential security infringement than ever before. The regular susceptibility of data to breaches is a function of systems users' disinclination to follow appropriate security measures. A well-secured system maintains integrity, confidentiality, and availability, while providing appropriate and consistent…
Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu
The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.
Full Text Available The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.
Full Text Available The integrity of lawyers trust accounts has come under scrutiny in the last few years. There are strong possibilities of information technology security breaches happening within the firms, either accidental or deliberate. The damage caused by these security breaches could be extreme. For example, a trust account fund in an Australian law firm was misused in a security breach in which Telstra charged. A$50,000 for phone usage, mainly for ISD calls to Hong Kong.Our study involved interviewing principles of ten law companies to find out solicitors attitudes to computer security and the possibility of breaches of their trust accounts. We simultaneously carried out a survey to see if the trends identified in our case-studies could be backed up with broader quantitative data. We have also conducted in-depth interviews of 5 trust account regulators from the Law society of South Australia to know their view points on security threats on trust accounts. An overall finding highlights that law firms were not current with technology to combat computer crime, and inadequate access control was a major concern in safeguarding account data. Our conclusions revealed the urgent need for law firms to adopt security controls, implement information security policies and procedures and obtain cooperation from management to communicate these policies to staff.
Chaula, Job Asheri
This thesis examines the concepts of Information System (IS) security assurance using a socio-technical framework. IS security assurance deals with the problem of estimating how well a particular security system will function efficiently and effectively in a specific operational environment. In such environments, the IS interact with other systems such as ethical, legal, operational and administrative. Security failure in any of these systems may result in security failure of the whole system...
Muhammad Siddique Ansari
Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers
Shaw, R. S.; Chen, Charlie C.; Harris, Albert L.; Huang, Hui-Jou
In recent years, rapid progress in the use of the internet has resulted in huge losses in many organizations due to lax security. As a result, information security awareness is becoming an important issue to anyone using the Internet. To reduce losses, organizations have made information security awareness a top priority. The three main barriers…
Mohsen Shafiei Nikabadi; Ahmad Jafarian; Azam Jalili Bolhasani
: The major purpose of this article was that how information security management has effect on supply chain integration and the effect of implementing "information security management system" on enhancing supplies chain integration. In this respect, current research was seeking a combination overview to these tow approaches (Information Security Management and Organizational Processes Integration by Enterprise Resources Planning System) and after that determined factors of these two import...
Lundgren, Björn; Möller, Niklas
This article proposes a new definition of information security, the 'Appropriate Access' definition. Apart from providing the basic criteria for a definition-correct demarcation and meaning concerning the state of security-it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called 'soft issues' of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security-the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.
Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.; O' Neil, Lori Ross; Leitch, Rosalyn; Johnson, Christopher; Lewis, John G.; Rodger, Robert M.
The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to cover information security best practices, planning for an information security management system, and implementing security controls for information security.
This document is the second of a planned four-volume work that comprehensively discusses the security classification of information. The main focus of Volume 2 is on the principles for classification of information. Included herein are descriptions of the two major types of information that governments classify for national security reasons (subjective and objective information), guidance to use when determining whether information under consideration for classification is controlled by the government (a necessary requirement for classification to be effective), information disclosure risks and benefits (the benefits and costs of classification), standards to use when balancing information disclosure risks and benefits, guidance for assigning classification levels (Top Secret, Secret, or Confidential) to classified information, guidance for determining how long information should be classified (classification duration), classification of associations of information, classification of compilations of information, and principles for declassifying and downgrading information. Rules or principles of certain areas of our legal system (e.g., trade secret law) are sometimes mentioned to .provide added support to some of those classification principles.
The Information Security Management Handbook continues its tradition of consistently communicating the fundamental concepts of security needed to be a true CISSP. In response to new developments, Volume 4 supplements the previous volumes with new information covering topics such as wireless, HIPAA, the latest hacker attacks and defenses, intrusion detection, and provides expanded coverage on security management issues and applications security. Even those that don't plan on sitting for the CISSP exam will find that this handbook is a great information security reference.The changes in the tech
Tipton, Harold F
Since 1993, the Information Security Management Handbook has served not only as an everyday reference for information security practitioners but also as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination. Now completely revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a complete understanding of all the items in it. This is a ...must have... book, both for preparing for the CISSP exam and as a c
Information security standards, best practices and literature all identify the need for Training & Awareness, the theory is clear. The surveys studied show that in the real world the situation is different: the focus of businesses is still on technical information security controls aimed at the external attacker. And although threats and vulnerabilities point out that personnel security becomes more important, the attitude of managers and employees does not reflect tha...
Taylor, Andy; Finch, Amanda; Sutton, David; Taylor, Andy
In today's technology-driven environment, there is an ever-increasing demand for information delivery. A compromise has to be struck between security and availability. This book is a pragmatic guide to information assurance for both business professionals and technical experts. This second edition includes the security of cloud-based resources.
D. I. Persanov
Full Text Available The present report highlights the points of information security incident management in an enterprise. Some aspects of the incident and event classification are given. The author presents his view of the process scheme over the monitoring and processing information security events. Also, the report determines a few critical points of the listed process and gives the practical recommendations over its development and optimization.
International Organization for Standardization. Geneva
ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...
Tipton, Harold F
Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Application Program Security. Cryptography. Computer, System, and Security Architecture. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigation and Ethics. Physical Security.
Financial institutions are increasingly finding difficulty defending against information security risks and threats, as they are often the number one target for information thieves. An effective information security training and awareness program can be a critical component of protecting an organization's information assets. Many financial…
Denning, Dorothy E.
in Grave New World: Global Dangers in the 21st Century (Michael Brown ed.), Georgetown Press, 2003. (.pdf of prepublication version) This paper examines key trends and developments in information technology, and the implications of those developments on stability and security. Focus is on cyber threats to computer networks, including information theft and sabotage, and acts that disrupt or deny services. Seven trend areas are examined: ubiquity, mobility, hacking tools, perform...
... 46 CFR Part 503 RIN 3072-AC40 Information Security Program AGENCY: Federal Maritime Commission... relating to its Information Security Program to reflect the changes implemented by Executive Order 13526--Classified National Security Information--that took effect January 5, 2010, and which prescribes a uniform...
Marcelo Bérgolo; Guillermo Cruces
This paper studies the incentive effects of social security benefits on labor market informality following a policy reform in Uruguay. The reform extended health benefits to dependent children of private sector salaried workers, and thus altered the incentive structure of holding formal jobs within the household. The identification strategy of the reform¿s effects relies on a comparison between workers with children (affected by the reform) and those without children (unaffected by the reform...
Kegel, Roeland Hendrik,Pieter
The human element is often found to be the weakest link in the information security chain. The Personal Information Security Assistant project aims to address this by improving the privacy and security awareness of end-users and by aligning the user's personal IT environment to the user's security
Humaidi, Norshima; Balakrishnan, Vimala
Health information systems are innovative products designed to improve the delivery of effective healthcare, but they are also vulnerable to breaches of information security, including unauthorised access, use, disclosure, disruption, modification or destruction, and duplication of passwords. Greater openness and multi-connectedness between heterogeneous stakeholders within health networks increase the security risk. The focus of this research was on the indirect effects of management support (MS) on user compliance behaviour (UCB) towards information security policies (ISPs) among health professionals in selected Malaysian public hospitals. The aim was to identify significant factors and provide a clearer understanding of the nature of compliance behaviour in the health sector environment. Using a survey design and stratified random sampling method, self-administered questionnaires were distributed to 454 healthcare professionals in three hospitals. Drawing on theories of planned behaviour, perceived behavioural control (self-efficacy (SE) and MS components) and the trust factor, an information system security policies compliance model was developed to test three related constructs (MS, SE and perceived trust (PT)) and their relationship to UCB towards ISPs. Results showed a 52.8% variation in UCB through significant factors. Partial least squares structural equation modelling demonstrated that all factors were significant and that MS had an indirect effect on UCB through both PT and SE among respondents to this study. The research model based on the theory of planned behaviour in combination with other human and organisational factors has made a useful contribution towards explaining compliance behaviour in relation to organisational ISPs, with trust being the most significant factor. In adopting a multidimensional approach to management-user interactions via multidisciplinary concepts and theories to evaluate the association between the integrated management
Information Security Maturity Model
To ensure security, it is important to build-in security in both the planning and the design phases andadapt a security architecture which makes sure that regular and security related tasks, are deployedcorrectly. Security requirements must be linked to the business goals. We identified four domains thataffect security at an organization namely, organization governance, organizational culture, thearchitecture of the systems, and service management. In order to identify and explore the strengt...
Now updated-your expert guide to twenty-first century information security Information security is a rapidly evolving field. As businesses and consumers become increasingly dependent on complex multinational information systems, it is more imperative than ever to protect the confidentiality and integrity of data. Featuring a wide array of new information on the most current security issues, this fully updated and revised edition of Information Security: Principles and Practice provides the skills and knowledge readers need to tackle any information security challenge. Taking a pract
Intended for IT managers and assets protection professionals, this work aims to bridge the gap between information security, information systems security and information warfare. It covers topics such as the role of the corporate security officer; Corporate cybercrime; Electronic commerce and the global marketplace; Cryptography; and, more.
Syed (Shawon) M. Rahman; Shannon E. Donahue,
As physical and information security boundaries have become increasingly blurry many organizations are experiencing challenges with how to effectively and efficiently manage security within the corporate. There is no current standard or best practice offered by the security community regarding convergence; however many organizations such as the Alliance for Enterprise Security Risk Management (AESRM) offer some excellent suggestions for integrating a converged security program. This paper rep...
Full Text Available The information and communication technologies advances made available enormous and vast amounts of information. This availability generates also significant risks to computer systems, information and to the critical operations and infrastructures they support. In spite of significant advances in the information security area many information systems are still vulnerable to inside or outside attacks. The existence of an internal audit for information system security increases the probability of adopting adequate security measures and preventing these attacks or lowering the negative consequences. The paper presents an exploratory study on informatics audit for information systems security.
Anthony, Denise; Campbell, Andrew T; Candon, Thomas; Gettinger, Andrew; Kotz, David; Marsch, Lisa A; Molina-Markham, Andrés; Page, Karen; Smith, Sean W; Gunter, Carl A; Johnson, M Eric
Dartmouth College's Institute for Security, Technology, and Society conducted three workshops on securing information technology in healthcare, attended by a diverse range of experts in the field. This article summarizes the three workshops.
Anthony, Denise; Andrew T. Campbell; Candon, Thomas; Gettinger, Andrew; Kotz, David; Marsch, Lisa A.; Molina-Markham, Andrés; Page, Karen; Smith, Sean W.; Gunter, Carl A.; Johnson, M. Eric
Dartmouth College’s Institute for Security, Technology, and Society conducted three workshops on securing information technology in healthcare, attended by a diverse range of experts in the field. This article summarizes the three workshops.
Amy Poh Ai Ling; Mukaidono Masao
This paper describes the background of smart information infrastructure and the needs for smart grid information security. It introduces the conceptual analysis to the methodology with the application ofhermeneutic circle and information security functional requirement identification. Information security for the grid market cover matters includes automation and communications industry that affects the operation of electric power systems and the functioning of the utilities that manage them ...
... Classified National Security Information AGENCY: Marine Mammal Commission. ACTION: Notice. SUMMARY: This..., ``Classified National Security Information,'' and 32 CFR part 2001, ``Classified National Security Information.... Executive Order 13526, ``Classified National Security Information,'' December 29, 2009 b. 32 CFR part 2001...
Thompson, Dale R.; Di, Jia; Daugherty, Michael K.
The future cyber security workforce needs radio frequency identification (RFID) information systems security (INFOSEC) and threat modeling educational materials. A complete RFID security course with new learning materials and teaching strategies is presented here. A new RFID Reference Model is used in the course to organize discussion of RFID,…
Voeller, John G
Communication and Information Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering strategies for protecting the telecommunications sector, wireless security, advanced web based technology for emergency situations. Science and technology for critical infrastructure consequence mitigation are also discussed.
This comprehensive and timely resource examines security risks related to IT outsourcing, clearly showing you how to recognize, evaluate, minimize, and manage these risks. Unique in its scope, this single volume offers you complete coverage of the whole range of IT security services and fully treats the IT security concerns of outsourcing. The book helps you deepen your knowledge of the tangible and intangible costs and benefits associated with outsourcing IT and IS functions.
Alexander A. Galushkin
In the present article author analyzes value of the concepts "national security", "information security", "national information security". Author gives opinions of scientists-jurists, definitions given by legislators and normotvorets in various regulations.
Jašek, Roman; Králík, Lukáš; Popelka, Miroslav
This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework.
This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.
Advanced Cross-Domain Solutions • Advanced Cryptography • Quantum Computing, Comms, and Crypto • Biometrics • Code Verification and Compliance...Advanced vulnerability analysis, automated reverse engineering, real-time forensics tools • High speed encryption, quantum communication, and... quantum encryption for confidentiality and integrity 14 DISTRIBUTION STATEMENT A – Unclassified, Unlimited Distribution INFO OPS AND SECURITY
Prof. Ph.D. Gheorghe Popescu; Prof. Ph.D. Adriana Popescu; University Junior Assistant, Ph.D. Attendant Cristina Raluca Popescu
The rapid and dramatic advances in information technology (IT) in recent years have without question generated tremendous benefits. At the same time, information technology has created significant, nunprecedented risks to government and to entities operations. So, computer security has become much more important as all levels of government and entities utilize information systems security measures to avoid data tampering, fraud, disruptions in critical operations, and inappropriate disclosure...
Full Text Available Cooperation of suppliers of raw materials, semi-finished products, finished products, wholesalers, retailers in the form of the supply chain, as well as outsourcing of specialized logistics service require ensuring adequate support of information. It concerns the use of appropriate computer tools. The security of information in such conditions of collaboration becomes the important problem for parties of contract. The objective of the paper is to characterize main issues relating to security of information in logistics cooperation.
Armstead, Stanley K.
In today's dynamic military environment, information technology plays a crucial role in the support of mission preparedness and operational readiness. This research examined the effectiveness of information technology security simulation and awareness training on U.S. military personnel in Iraq and Afghanistan. Also, the study analyzed whether…
Vacca, John R
The second edition of this comprehensive handbook of computer and information security provides the most complete view of computer security and privacy available. It offers in-depth coverage of security theory, technology, and practice as they relate to established technologies as well as recent advances. It explores practical solutions to many security issues. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors' respective areas of expertise. The book is organized into 10 parts comprised of 70 contributed
... Forest Service Information Collection; Financial Information Security Request Form AGENCY: Forest Service... extension with revision of a currently approved information collection, Financial Information Security... Time, Monday through Friday. SUPPLEMENTARY INFORMATION: Title: Financial Information Security Request...
Prof. Ph.D . Gheorghe Popescu
Full Text Available The rapid and dramatic advances in information technology (IT in recent years have withoutquestion generated tremendous benefits. At the same time, information technology has created significant,nunprecedented risks to government and to entities operations. So, computer security has become muchmore important as all levels of government and entities utilize information systems security measures toavoid data tampering, fraud, disruptions in critical operations, and inappropriate disclosure of sensitiveinformation. Obviously, uses of computer security become essential in minimizing the risk of malicious attacksfrom individuals and groups, considering that there are many current computer systems with onlylimited security precautions in place.As we already know financial audits are the most common examinations that a business manager en-counters.This is a familiar area for most executives: they know that financial auditors are going to examine the financial records and how those records are used. They may even be familiar with physical securityaudits. However, they are unlikely to be acquainted with information security audits; that is an audit ofhow the confidentiality, availability and integrity of an organizations information are assured. Any way,if not, they should be, especially that an information security audit is one of the best ways to determine thesecurity of an organizations information without incurring the cost and other associated damages of a securityincident.
Fransen, F.; Smulders, A.C.M.; Kerkdijk, H.
The last couple of years we have seen an increase in interests and initiatives in establishing threat intelligence sharing communities, and on the development of standards and platforms for automated cyber security information sharing. These initiatives are focused on helping organisations to
Martins, José; Dos Santos, Henrique
The principle objective of this article is to present a literature review for the methods used in the security of information at the level of organizations. Some of the principle problems are identified and a first group of relevant dimensions is presented for an efficient management of information security. The study is based on the literature review made, using some of the more relevant certified articles of this theme, in international reports and in the principle norms of management of information security. From the readings that were done, we identified some of the methods oriented for risk management, norms of certification and good practice of security of information. Some of the norms are oriented for the certification of the product or system and others oriented to the processes of the business. There are also studies with the proposal of Frameworks that suggest the integration of different approaches with the foundation of norms focused on technologies, in processes and taking into consideration the organizational and human environment of the organizations. In our perspective, the biggest contribute to the security of information is the development of a method of security of information for an organization in a conflicting environment. This should make available the security of information, against the possible dimensions of attack that the threats could exploit, through the vulnerability of the organizational actives. This method should support the new concepts of "Network centric warfare", "Information superiority" and "Information warfare" especially developed in this last decade, where information is seen simultaneously as a weapon and as a target.
manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…
Trinckes, John J
Supplying a complete overview of the concepts executives need to know, this book provides the tools needed to ensure your organization has an effective information security management program in place. It also includes a ready-to use security framework for developing workable programs and supplies proven tips for avoiding common pitfalls.
Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.
Full Text Available With the rapid growth of the Internet, a lot of electronic patient records (EPRs have been developed for e-medicine systems. The security and privacy issues of EPRs are important for the patients in order to understand how the hospitals control the use of their personal information, such as name, address, e-mail, medical records, etc. of a particular patient. Recently, Lee et al. proposed a simple group password-based authenticated key agreement protocol for the integrated EPR information system (SGPAKE. However, in this paper, we show that Lee et al.’s protocol is vulnerable to the off-line weak password guessing attack and as a result, their scheme does not provide users’ privacy. To withstand this security weakness found in Lee et al.’s scheme, we aim to propose an effective dynamic group password-based authenticated key exchange scheme for the integrated EPR information system, which retains the original merits of Lee et al.’s scheme. Through the informal and formal security analysis, we show that our scheme provides users’ privacy, perfect forward security and known-key security, and also protects online and offline password guessing attacks. Furthermore, our scheme efficiently supports the dynamic group password-based authenticated key agreement for the integrated EPR information system. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications tool and show that our scheme is secure against passive and active attacks.
The purpose of this study was to evaluate the impact of supply chain management, information security, Iran's auto industry is doing hide Strengthen accountability orders. With these two issues in the study of literature, various factors were identified with the help of factor analysis, factors were determined in the automotive industry. Furthermore, the correlation analysis, how the ISMS impact on supply chains has been Strengthen accountability orders. Studies of the impact of various aspec...
Dan Constantin TOFAN
The information security audit is definitely a tool for determining, achieving, and maintaining a proper level of security in an organization. This article offers a comprehensive review of the world's most popular standards related to information systems security audit.
Full Text Available or advertisement on the screen without causing any serious damage to the information or systems being used. However, rare cases of attacks with the potential to harm information economic and political uncertainty and secondly to the pres- sure from consumers... was screened by a security officer before the user could start the identification and authentication process. Since there were few terminals it was easy to keep track of all logged-in users and their activities. However, since there were no security...
Peltier, Thomas R
Effective Risk AnalysisQualitative Risk AnalysisValue AnalysisOther Qualitative MethodsFacilitated Risk Analysis Process (FRAP)Other Uses of Qualitative Risk AnalysisCase StudyAppendix A: QuestionnaireAppendix B: Facilitated Risk Analysis Process FormsAppendix C: Business Impact Analysis FormsAppendix D: Sample of ReportAppendix E: Threat DefinitionsAppendix F: Other Risk Analysis OpinionsIndex
Cazemier, Jacques A; Peters, Louk
This groundbreaking new title looks at Information Security from defining what security measures positively support the business, to implementation to maintaining the required level and anticipating required changes. It covers:Fundamentals of information security ? providing readers insight and give background about what is going to be managed. Topics covered include: types of security controls, business benefits and the perspectives of business, customers, partners, service providers, and auditors.Fundamentals of management of information security - explains what information security manageme
Nykänen, Riku; Kärkkäinen, Tommi
Assuring information security is a necessity in modern organizations. Many recommendations for information security management exist, which can be used to define a baseline of information security requirements. ISO/ IEC 27001 prescribes a process for an information security management system, and guidance to implement security controls is provided in ISO/IEC 27002. Finnish National Security Auditing Criteria (KATAKRI) has been developed by the national authorities in Finland as a ...
Dmitriy Nikolaevich Bespalov
Full Text Available The article presents the opposite, but dependent on each other's reality - Revolutionary War information,information security goals and objectives of their study within the scheme "challenge-response", methodological and analytical support, the role of elites and the information society in promoting information security. One of the features of contemporaneityis the global spread of ICT, combined with poor governance and other difficulties in the construction of innovation infrastructures that are based on them in some countries. This leads to the reproduction of threats, primarily related to the ability to use ICT for purposes that are inconsistent with the objectives of maintaining international peace and security, compliance with the principles of non-use of force, non-interference in the internal affairs of states, etc. In this regard, include such terms as "a threat of information warfare", "information terrorism" and so forth. Information warfare, which stay in the policy declared the struggle for existence, and relationships are defined in terms of "friend-enemy", "ours-foreign". Superiority over the opponent or "capture of its territory" is the aim of political activity. And information security, serving activities similar process of political control, including a set of components, is a technology until their humanitarian. From the context and the decision itself is the ratio of the achieved results of information and political influence to the target - a positive image of Russia. Bringing its policy in line with the demands of a healthy public opinion provides conductivity of theauthorities initiatives in the country and increases the legitimacy of the Russian Federation actions in the world.
Brotby, W Krag
Other books on information security metrics discuss number theory and statistics in academic terms. Light on mathematics and heavy on utility, PRAGMATIC Security Metrics: Applying Metametrics to Information Security breaks the mold. This is the ultimate how-to-do-it guide for security metrics.Packed with time-saving tips, the book offers easy-to-follow guidance for those struggling with security metrics. Step by step, it clearly explains how to specify, develop, use, and maintain an information security measurement system (a comprehensive suite of metrics) to
Full Text Available The paper presents the main aspects regarding the development of the information security and assurance of their security. The information systems, standards and audit processes definitions are offered. There are presented the most important security standards used in information system security assessment
Marius POPA; Mihai DOINEA
The paper presents the main aspects regarding the development of the information security and assurance of their security. The information systems, standards and audit processes definitions are offered. There are presented the most important security standards used in information system security assessment
This is the first book to provide an in-depth coverage of all the developments, issues and challenges in secure databases and applications. It provides directions for data and application security, including securing emerging applications such as bioinformatics, stream information processing and peer-to-peer computing. Divided into eight sections, each of which focuses on a key concept of secure databases and applications, this book deals with all aspects of technology, including secure relational databases, inference problems, secure object databases, secure distributed databases and emerging
... SECURITY Homeland Security Information Network Advisory Committee AGENCY: Department of Homeland Security... Applicants for Appointment to Homeland Security Information Network Advisory Committee. SUMMARY: The Secretary of Homeland Security has determined that the renewal of the Homeland Security Information Network...
... SPACE ADMINISTRATION 48 CFR Parts 1804 and 1852 RIN 2700-AD46 Information Technology (IT) Security... NASA FAR Supplement (NFS) to update requirements related to Information Technology Security, consistent with Federal policies for the security of unclassified information and information systems. The rule...
Full Text Available Today’s technology development in the field of computer along with internet of things made huge difference in the transformation of our lives. Basic computer framework and web client need to make significant login signify getting to mail, long range interpersonal communication, internet keeping money, booking tickets, perusing online daily papers, and so forth. The login user name and secret key mapping validate if the logging user is the intended client. Secret key is assumed an indispensable part in security. The objective of MFA is to make a layered safeguard and make it more troublesome for an unauthenticated entity to get to an objective, for example, a physical area, processing gadget, system, or database. In the event that one element is bargained or broken, the assailant still has two more boundaries to rupture before effectively breaking into the objective. An endeavor has been made by utilizing three variable types of authentication. In this way managing additional secret key includes an additional layer of security.
Ayatollahi, Haleh; Shagerdi, Ghazal
To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies.
Information Security Architecture, Second Edition incorporates the knowledge developed during the past decade that has pushed the information security life cycle from infancy to a more mature, understandable, and manageable state. It simplifies security by providing clear and organized methods and by guiding you to the most effective resources available.
... 32 CFR Part 1902 Information Security Regulations AGENCY: Central Intelligence Agency. ACTION: Final rule. SUMMARY: The Central Intelligence agency is removing certain information security regulations... Information security regulations. PART 1902 Sec. 1902.13 0 Accordingly, under the authority of Executive Order...
Full Text Available Methodological problems related to the lack of guidance in the provisions (standards of accounting on the reflection in the accounting and financial reporting of the research object. In this connection, it is proposed to amend the provisions (standards of accounting. This will allow to come to the consistency of accounting methods of operations with elements of investment activity. Based on analysis of the information needs of users suggested indicators identikativnye blocks (block corporate finance unit assess the relationship with financial institutions, block the fulfillment of obligations according to the calculations, the investment unit, a science and innovation, investment security and developed forms of internal accounting controls and improvements to existing forms financial statements for the investment activities of the enterprise. Using enterprise data reporting forms provide timely and reliable information on the identity and structure of investment security and enable the company to effectively plan and develop personnel policies for enterprise management.
Ködmön, József; Csajbók, Zoltán Ernő
Doctors, nurses and other medical professionals are spending more and more time in front of the computer, using applications developed for general practitioners, specialized care, or perhaps an integrated hospital system. The data they handle during healing and patient care are mostly sensitive data and, therefore, their management is strictly regulated. Finding our way in the jungle of laws, regulations and policies is not simple. Notwithstanding, our lack of information does not waive our responsibility. This study summarizes the most important points of international recommendations, standards and legal regulations of the field, as well as giving practical advices for managing medical and patient data securely and in compliance with the current legal regulations.
Full Text Available Information is the factor which can decide about the potential and market value of a company. An increase in the value of intellectual capital of an information-driven company requires development of an effective security management system. More and more often companies develop information security management systems (ISMS based on already verified models. In the article, the main problems with management of information security were discussed. Security models were described, as well as the risk analysis in information security management.
Lee, Chul Ho
This dissertation studies three incentive issues in information security management. The first essay studies contract issues between a firm that outsources security functions and a managed security service provider (MSSP) that provides security functions to the firm. Since MSSP and firms cannot observe each other's actions, both can suffer…
Trabelsi, Zouheir; McCoey, Margaret
Teaching offensive security (ethical hacking) is becoming a necessary component of information security curricula with a goal of developing better security professionals. The offensive security components extend curricula beyond system defense strategies. This paper identifies and discusses the learning outcomes achieved as a result of hands-on…
...; ] DEPARTMENT OF AGRICULTURE Forest Service Information Collection; Financial Information Security Request Form... Information Security Request Form. DATES: Comments must be received in writing on or before July 23, 2010 to... INFORMATION: Title: Financial Information Security Request Form. OMB Number: 0596-0204. Expiration Date of...
Full Text Available Information communication technology has increased globalisation in higher learning institution all over the world. This has been achieved through introduction of systems that ease operations related to information handling in the institutions. The paper assessed and analysed the information systems security performance status in higher learning institutions of Uganda. The existing policies that govern the information security have also been analysed together with the current status of information systems security in Uganda. Citations related management of information systems security and policies have been identified and analysed. A proposed model illustrating the effective management of information in higher learning institutions have been developed. Relevant recommendations and conclusions have also been developed.
Brey, Philip A.E.; Petkovic, M.; Jonker, Willem
This chapter reviews ethical aspects of computer and information security and privacy. After an introduction to ethical approaches to information technology, the focus is first on ethical aspects of computer security. These include the moral importance of computer security, the relation between
Sharma, Aditya; Murphy, Marianne C.; Rosso, Mark A.; Grant, Donna
Information Systems Security as a specialized area of study has mostly been taught at the graduate level. This paper highlights the efforts of establishing an Information Systems (IS) Security track at the undergraduate level. As there were many unanswered questions and concerns regarding the Security curriculum, focus areas, the benefit of…
Farzaneh Sadat Jalayer; Akbar Nabiollahi
Information security against hacking, altering, corrupting, and divulging data is vital and inevitable and it requires an effective management in every organization. Some of the upcoming challenges can be the study of available frameworks in Enterprise Information Security Architecture (EISA) as well as criteria extraction in this field. In this study a method has been adopted in order to extract and categorize important and effective criteria in the field of information security by studyi...
Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today’s healthcare enterprise. Recent work on ‘nationwide health information network’ architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set t...
Corona, Carlos Orozco
Scholars and security practitioners seem to converge in the understanding that Information Security is in great part a problem about people; hence the need for a more holistic approach in order to understand human behaviour in the Information Security field which requires a multidisciplinary approach. Recent events such as the “Interdisciplinary Workshop on Security and Human Behaviour” hosted in Boston, Massachusetts in June 2008, are considering this approach and they have conveyed a multi...
organizations was $260,000.6 The amount spent on security software alone is significant. Internet Security Software: 1999 Worldwide Markets and Trends...Computer Emergency Response Team (CERT®") Coordination Center, operated by Carnegie Mellon University to track Internet security statistics, recorded 171...becoming available to assist in this process. "The Center for Internet Security (CIS) members are developing and propagating the widespread application
Ley, D.; Dalinger, E.
Since the terrorist attacks of 11th September 2001 efforts are made to enhance the security standards in maritime shipping. The joint research project VESPER (improving the security of passengers on ferries) funded by the German Federal Ministry of Education and Research (BMBF) addresses among others the investigation of sea- and landside measures and processes. One of the results of the ongoing analysis phase is that the current representation of information in security plans can hardly be u...
How do you, as a busy security executive or manager, stay current with evolving issues, familiarize yourself with the successful practices of your peers, and transfer this information to build a knowledgeable, skilled workforce the times now demand? With Security Leader Insights for Information Protection, a collection of timeless leadership best practices featuring insights from some of the nation's most successful security practitioners, you can. This book can be used as a quick and effective resource to bring your security staff up to speed on security's role in information protection. I
Optical and Digital Techniques for Information Security is the first book in a series focusing on Advanced Sciences and Technologies for Security Applications. This book encompases the results of research investigation and technologies used to secure, verify, recognize, track, and authenticate objects and information from theft, counterfeiting, and manipulation by unauthorized persons and agencies. This Information Security book will draw on the diverse expertise in optical sciences and engineering, digital image processing, imaging systems, information processing, computer based information systems, sensors, detectors, and biometrics to report innovative technologies that can be applied to information security issues. The Advanced Sciences and Technologies for Security Applications series focuses on research monographs in the areas of: -Recognition and identification (including optical imaging, biometrics, authentication, verification, and smart surveillance systems) -Biological and chemical threat detection...
de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon
Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.
Robson de Oliveira Albuquerque
Full Text Available Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.
Reviewed by Yavuz AKBULUT
Full Text Available 233Rapid developments in information andcommunication technologies have created newsecurity threats along with ethical dilemmas. Thesedevelopments have been so fast that appropriatesecurity precautions and ethical codes fail to keeppace with the technological developments. In thisrespect, education of both professionals andordinary citizens regarding information technologyethics carries utmost importance. Encyclopedia ofInformation Ethics and Security serves as anauthentic and comprehensive reference source onsecurity and ethical issues related to informationand communication technologies. The encyclopediais consisted of 661 pages (+xvii covering a total of95 alphabetically ordered chapters on informationethics and security, which are followed by twocomprehensive sets of indexes. Each entry is anauthoritative contribution followed by in-depthdefinitions of relevant terminology and acronyms.The total number of key terms included in the encyclopedia is approximately 700. Thesource also includes more than 2000 references to existing literature on ethical andsecurity issues related to information and communication technologies. A total of 148respected scholars and leading experts all around the world contributed to the source.As indicated in the preface of the encyclopedia by editor, all entries were subjected toan initial double-blind peer review and an additional review prior to acceptance forpublication. Chapters mostly have parallel layouts beginning with a clear introductionfollowed by the theoretical background and the contribution. Each chapter concludeswith invaluable ethical implications for the field along with suggestions for furtherThe editor, Marian Quigley (PhD – Monash University, Australia; BA – ChisholmInstitute of Technology, Australia; Higher Diploma of Teaching Secondary [Art andCraft] is a former senior lecturer in the Faculty of Information Technology, MonashUniversity, Australia. She primarily works on the social effects
Information security breaches pose a significant and increasing threat to national security and economic well-being. In the Symantec Internet Security Threat Report (2003), companies surveyed experienced an average of about 30 attacks per week. Anecdotal evidence suggests that losses from cyber-attacks can run into millions of dollars. The CSI-FBI…
This handbook is a quick reference guide to some of the most important points of the London 2012 information security policy. This information security handbook outlines the policies that all staff, secondees, volunteers and certain third parties who process LOCOG information must comply with.
... compounded by the increasingly international nature of information systems, this responsibility still rests with managers only. This paper looks at security concerns related to information systems, identifies the threats and suggests how the security of information systems should be handled. African Journal of Finance and ...
Kailar, Rajashekar; Muralidhar, Vinod
Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today's healthcare enterprise. Recent work on 'nationwide health information network' architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately.
The purpose of this procedure is to extend and provide specificity to the Environmental Protection Agency (EPA) Information Security Policy regarding data loss prevention and digital rights management.
In the article problems concerning understanding of the main point of information security of civil aviation field are investigated, and also suggestions for the field's law improvement are worked out.
Security practitioners must be able to build cost-effective security programs while also complying with government regulations. Information Security Governance Simplified: From the Boardroom to the Keyboard lays out these regulations in simple terms and explains how to use control frameworks to build an air-tight information security (IS) program and governance structure. Defining the leadership skills required by IS officers, the book examines the pros and cons of different reporting structures and highlights the various control frameworks available. It details the functions of the security d
Updated annually, the Information Security Management Handbook, Sixth Edition, Volume 7 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations. Reporting on the latest developments in information security and recent changes to the (ISC)2(R) CISSP Common Body of Knowledge (CBK(R)), this volume features 27 new chapters on topics
Jašek, Roman; Králík, Lukáš; Popelka, Miroslav [Tomas Bata University in Zlin, Faculty of Applied Informatics NadStranemi 4511, 760 05 Zlin (Czech Republic)
This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework.
While the philosophical foundations of information security have been unexamined, there is an implicit philosophy of what protection of information is. This philosophy is based on the notion of containment, taken from analogies with things that offer physical security (e.g., buildings, safes,
Internet of the things is the most trending topics in the digital world. Security issues are rampant. In the corporate or institutional setting, security risks are apparent from the outset. Market leaders are unable to use the cryptographic techniques due to their complexities. Hence many bits of private information, including ID, are readily available for third parties to see and to utilize. There is a need to decrease the complexity and increase the robustness of the cryptographic approaches. In view of this, a new cryptographic technique as good encryption pact with adjacency, random prime number and quantum code properties has been proposed. Here, encryption can be done by using quantum photons with gray code. This approach uses the concepts of physics and mathematics with no external key exchange to improve the security of the data. It also reduces the key attacks by generation of a key at the party side instead of sharing. This method makes the security more robust than with the existing approach. Important properties of gray code and quantum are adjacency property and different photons to a single bit (0 or 1). These can reduce the avalanche effect. Cryptanalysis of the proposed method shows that it is resistant to various attacks and stronger than the existing approaches.
This article characterizes the problem of cyber-terrorism, outlines the Federal government's response to several security-related concerns, and describes the Volpe Center's critical support to this response. The possibility of catastrophic terrorist ...
Full Text Available Internet information traffic becomes greater and moreimportant. With increasing growth of information importancerequirement for its security becomes indispensable. Theinformation security problem especially affect large and smallcompanies whose prosperity is depending on Internet presence.This affecting the three areas of Internet commerce: credit cardtransactions, virtual private networks and digital certification.To ensure information traffic it is necessary to find a solution,in a proper way, for three major problems: frontier problem,market problem and government problem. While the eventualemergence of security standards for Internet transactions isexpected, it will not automatically result in secure Internettransactions. In future, there is a wealth of security issues thatwill continue to require attention: internal security, continuedhacking, social engineering, malicious code, reliability andperformance, skills shortages and denial of se1vice attacks.
Coles-Kemp, Lizzie; Theoharidou, Marianthi
The notion of insider has multiple facets. An organization needs to identify which ones to respond to. The selection, implementetion and maintenance of information security countermeasures requires a complex combination of organisational policies, functions and processes, which form Information Security Management. This chapter examines the role of current information security management practices in addressing the insider threat. Most approaches focus on frameworks for regulating insider behaviour and do not allow for the various cultural responses to the regulatory and compliance framework. Such responses are not only determined by enforcement of policies and awareness programs, but also by various psychological and organisational factors at an individual or group level. Crime theories offer techniques that focus on such cultural responses and can be used to enhance the information security management design. The chapter examines the applicability of several crime theories and concludes that they can contribute in providing additional controls and redesign of information security management processes better suited to responding to the insider threat.
The development of information security is addressed in relation to the development of information technology. The leading question is: how has information security developed itself so far, and how should it progress to address tomorrow's security needs. An overwiew is given of the use of
Luiijf, Eric; Klaver, Marieke
Part 1: THEMES AND ISSUES; International audience; The sharing of cyber security information between organizations, both public and private, and across sectors and borders is required to increase situational awareness, reduce vulnerabilities, manage risk and enhance cyber resilience. However, the notion of information sharing often is a broad and multi-faceted concept. This chapter describes an analytic framework for sharing cyber security information. A decomposition of the information shari...
Bagheri, Nasoor; Knudsen, Lars Ramkilde; Naderi, Majid
Information theoretic security is an important security notion in cryptography as it provides a true lower bound for attack complexities. However, in practice attacks often have a higher cost than the information theoretic bound. In this paper we study the relationship between information theoretic...... attack costs and real costs. We show that in the information theoretic model, many well-known and commonly used hash functions such as MD5 and SHA-256 fail to be preimage resistant....
Information security management: a proposal to improve the effectiveness of information security in the scientific research environment; Gestao da seguranca da informacao: uma proposta para potencializar a efetividade da seguranca da informacao em ambiente de pesquisa cientifica
Alexandria, Joao Carlos Soares de
The increase of the connectivity in the business environment, combined with the growing dependency of information systems, has become the information security management an important governance tool. Information security has as main goal to protect the business transactions in order to work normally. In this way, It will be safeguarding the business continuity. The threats of information come from hackers' attacks, electronic frauds and spying, as well as fire, electrical energy interruption and humans fault. Information security is made by implementation of a set of controls, including of the others politics, processes, procedures, organizational structures, software and hardware, which require a continuous management and a well established structure to be able to face such challenges. This work tried to search the reasons why the organizations have difficulties to make a practice of information security management. Many of them just limit to adopt points measures, sometimes they are not consistent with their realities. The market counts on enough quantity of standards and regulations related to information security issues, for example, ISO/IEC 27002, American Sarbanes-Oxley act, Basel capital accord, regulations from regulatory agency (such as the Brazilians ones ANATEL, ANVISA and CVM). The market researches have showed that the information security implementation is concentrated on a well-defined group of organization mainly formed by large companies and from specifics sectors of economy, for example, financial and telecommunication. However, information security must be done by all organizations that use information systems to carry out their activities, independently of its size or economic area that it belongs. The situation of information security in the governmental sector of Brazil, and inside its research institutions, is considered worrying by the Brazilian Court of Accounts (TCU). This research work presents an assessment and diagnostic proposal
Awad, Ahmed; Woungang, Isaac
This book introduces novel research targeting technical aspects of protecting information security and establishing trust in the digital space. New paradigms, and emerging threats and solutions are presented in topics such as application security and threat management; modern authentication paradigms; digital fraud detection; social engineering and insider threats; cyber threat intelligence; intrusion detection; behavioral biometrics recognition; hardware security analysis. The book presents both the important core and the specialized issues in the areas of protection, assurance, and trust in information security practice. It is intended to be a valuable resource and reference for researchers, instructors, students, scientists, engineers, managers, and industry practitioners. .
Moser, Jean-Frederic; Staub, Rene; Tompkin, Wayne R.
The criteria by which optically variable devices are judged are aesthetic, semantic, security, ergonomic, and physical/chemical. This paper addresses ergonomic aspects which relate to the human vision and perceptual-cognitive system. Applying some pertinent rules may help greatly to improve the image visual information for easier, more straight-forward reception of a persistent security message. We consider two important aspects of the human visual system that help to determine the ergonomic response to visual displays created using optical diffraction. The human visual system aspect treats the retinal source of information, which is the retinal signal produced when an image of the external world is projected on the retina. The other aspect is the underlying information-processing mechanism of our brains and its constructive operations, which yields the final perceptual information. In this paper we consider information processing methods hidden in the biology of our cognition system. Findings on the relationship between physiology and psychology, sensory results and the activities of the optic pathway and subjective brightness sensations can be applied directly in designing images. Some effects are demonstrated by video tape.
Full Text Available Information classification Security prior employment Security during employment Security at termination Facility security Equipment security Third party service delivery Protect against malicious, mobile code Protect electronic commerce services...
Pereira, Teresa; Santos, Henrique
The semantically structure of knowledge, based on ontology approaches have been increasingly adopted by several expertise from diverse domains. Recently ontologies have been moved from the philosophical and metaphysics disciplines to be used in the construction of models to describe a specific theory of a domain. The development and the use of ontologies promote the creation of a unique standard to represent concepts within a specific knowledge domain. In the scope of information security systems the use of an ontology to formalize and represent the concepts of security information challenge the mechanisms and techniques currently used. This paper intends to present a conceptual implementation model of an ontology defined in the security domain. The model presented contains the semantic concepts based on the information security standard ISO/IEC_JTC1, and their relationships to other concepts, defined in a subset of the information security domain.
Full Text Available For many individuals and organizations, cyber-insurance is the most practical and only way of handling a major financial impact of an information security event. However, the cyber-insurance market suffers from the problem of information asymmetry, lack of product diversity, illiquidity, high transaction cost, and so on. On the other hand, in theory, capital market-based financial instruments can provide a risk transfer mechanism with the ability to absorb the adverse impact of an information security event. Thus, this article addresses the limitations in the cyber-(reinsurance markets with a set of capital market-based financial instruments. This article presents a set of information security derivatives, namely options, vanilla options, swap, and futures that can be traded at an information security prediction market. Furthermore, this article demonstrates the usefulness of information security derivatives in a given scenario and presents an evaluation of the same in comparison with cyber-insurance. In our analysis, we found that the information security derivatives can at least be a partial solution to the problems in the cyber-insurance markets. The information security derivatives can be used as an effective tool for information elicitation and aggregation, cyber risk pricing, risk hedging, and strategic decision making for information security risk management.
Karabatis, George; Aleroud, Ahmed
This book highlights several gaps that have not been addressed in existing cyber security research. It first discusses the recent attack prediction techniques that utilize one or more aspects of information to create attack prediction models. The second part is dedicated to new trends on information fusion and their applicability to cyber security; in particular, graph data analytics for cyber security, unwanted traffic detection and control based on trust management software defined networks, security in wireless sensor networks & their applications, and emerging trends in security system design using the concept of social behavioral biometric. The book guides the design of new commercialized tools that can be introduced to improve the accuracy of existing attack prediction models. Furthermore, the book advances the use of Knowledge-based Intrusion Detection Systems (IDS) to complement existing IDS technologies. It is aimed towards cyber security researchers. .
Bergman, Ramona; Andersson-Sköld, Yvonne; Nyberg, Lars; Johansson, Magnus
In a project funded by the Swedish Civil Contingencies Agency, the effort and work to reduce different kinds of accidents are being evaluated. The project wants to illuminate the links between actions and outcome, so we can learn from today's performance and in the future select more effective measures and overall deal with accidents more efficiently. The project ESS covers the field of frequent accidents such as sliding accidents at home, in house fires and less common accidents such as chemical and land fill accidents up to even more rare accidents such as natural accidents and hazards. In the ESS project SGI (Swedish geotechnical institute) will evaluate the work and effort concerning various natural hazards limited to landslides, erosion and flooding. The aim is to investigate how municipalities handle, especially prevention, of such natural disasters today. The project includes several aspects such as: • which are the driving forces for risk analysis in a municipality • do one use risk mapping (and what type) in municipal risk analysis • which aspects are most important when selecting preventive measures • in which way do one learn from past accidents • and from previous accidents elsewhere, by for example use existing databases • etc There are many aspects that play a role in a well-functioning safety promotion work. The overall goal is to examine present work and activities, highlight what is well functioning and identify weak points. The aim is to find out where more resources are needed and give suggestions for a more efficient security work. This includes identification of the most efficient "tools" in use or needed. Such tools can be education, directives, funding, more easily available maps and information regarding previous accidents and preventive measures etc. The project will result in recommendations for more effective ways to deal with landslides, erosion and flooding. Since different kinds of problems can occur depending on level of
Malacaria, Pasquale; Heusser, Jonathan
We present the information theoretical basis of Quantitative Information Flow. We show the relationship between lattices, partitions and information theoretical concepts and their applicability to quantify leakage of confidential information in programs, including looping programs.
Orel, Andrej; Bernik, Igor
Using widely spread common approaches to systems security in health dedicated controlled environments, a level of awareness, confidence and acceptance of relevant standardisation is evaluated. Patients' information is sensitive, so putting appropriate organisational techniques as well as modern technology in place to secure health information is of paramount importance. Mobile devices are becoming the top priorities in advanced information security planning with healthcare environments being no exception. There are less and less application areas in healthcare without having a need for a mobile functionality which represents an even greater information security challenge. This is also true in emergency treatments, rehabilitation and homecare just to mention a few areas outside hospital controlled environments. Unfortunately quite often traditional unsecured communications principles are still in routine use for communicating sensitive health related information. The security awareness level with users, patients and care professionals is not high enough so potential threats and risks may not be addressed and the respective information security management is therefore weak. Standards like ISO/IEC 27000 ISMS family, the ISO/IEC 27799 information security guidelines in health are often not well known, but together with legislation principles such as HIPAA, they can help.
Full Text Available A Security Maturity Model (SMM) provides an organisation with a distinct Information Security framework. Organisations that conform to these models are likely to pursue satisfactory Information Security. Additionally, the use of Security Maturity...
Moore, Tyler; Ioannidis, Christos
The Workshop on the Economics of Information Security (WEIS) is the leading forum for interdisciplinary research and scholarship on information security and privacy, combining ideas, techniques, and expertise from the fields of economics, social science, business, law, policy, and computer science. In 2009, WEIS was held in London, at UCL, a constituent college of the University of London. "Economics of Information Security and Privacy" includes chapters presented at WEIS 2009, having been carefully reviewed by a program committee composed of leading researchers. Topics covered inclu
Mehraeen, Esmaeil; Ayatollahi, Haleh; Ahmadi, Maryam
A hospital information system has potentials to improve the accessibility of clinical information and the quality of health care. However, the use of this system has resulted in new challenges, such as concerns over health information security. This paper aims to assess the status of information security in terms of administrative, technical and physical safeguards in the university hospitals. This was a survey study in which the participants were information technology (IT) managers (n=36) who worked in the hospitals affiliated to the top ranked medical universities (university A and university B). Data were collected using a questionnaire. The content validity of the questionnaire was examined by the experts and the reliability of the questionnaire was determined using Cronbach's coefficient alpha (α=0.75). The results showed that the administrative safeguards were arranged at a medium level. In terms of the technical safeguards and the physical safeguards, the IT managers rated them at a strong level. According to the results, among three types of security safeguards, the administrative safeguards were assessed at the medium level. To improve it, developing security policies, implementing access control models and training users are recommended.
Growing information security cases and scope illustrate that the relevance of information security issues becomes critical and present information security means are not sufficient enough to manage information security. Narrow comprehension of information security merely as technological problem is broadened by the research results of economic, managerial, psychological, legal and other related aspects’ influence to information security. Information is named as the object of information s...
Dzyatkovskaya Elena N.
Full Text Available The information as an important ecological factor, which defines the security, development and health of children is considered. The article raises the problem of distortion of the information environment of childhood in the post-industrial era. The aim is to ensure information security educational environment for all participants in the educational process. It is proved that the hygienic approach to solving problems is insufficient. Adaptive-developing strategy for information security of the educational environments for children was theoretically justified and proved by the practical results of medical, physiological and neuropsychological research. It provides the school work on the compensation of violations of the information environment of childhood; development resources of students’ resistance to information stress; expanding the sphere of their adaptation to the information load (adaptive norm; the principles and structure of management of educational process on the basis of system-wide control of complex, self-regulating systems.
Ling, Amy Poh Ai; Masao, Mukaidono
This paper describes the background of smart information infrastructure and the needs for smart grid information security. It introduces the conceptual analysis to the methodology with the application of hermeneutic circle and information security functional requirement identification. Information security for the grid market cover matters includes automation and communications industry that affects the operation of electric power systems and the functioning of the utilities that manage them ...
A. N. Tkhishev
Full Text Available A special aspect of aircraft test is carrying out both flight evaluation and ground operation evaluation in a structure of flying aids and special tools equipment. The specific of flight and sea tests involve metering in offshore zone, which excludes the possibility of fixed geodetically related measuring tools. In this regard, the specific role is acquired by shipbased measurement systems, in particular the mobile modular measuring systems. Information processed in the mobile modular measurement systems is a critical resource having a high level of confidentiality. When carrying out their functions, it should be implemented a proper information control of the mobile modular measurement systems to ensure their protection from the risk of data leakage, modification or loss, i.e. to ensure a certain level of information security. Due to the specific of their application it is difficult to solve the problems of information security in such complexes. The intruder model, the threat model, the security requirements generated for fixed informatization objects are not applicable to mobile systems. It was concluded that the advanced mobile modular measuring systems designed for flight experiments monitoring and control should be created due to necessary information protection measures and means. The article contains a diagram of security requirements formation, starting with the data envelopment analysis and ending with the practical implementation. The information security probabilistic model applied to mobile modular measurement systems is developed. The list of current security threats based on the environment and specific of the mobile measurement system functioning is examined. The probabilistic model of the information security evaluation is given. The problems of vulnerabilities transformation of designed information system into the security targets with the subsequent formation of the functional and trust requirements list are examined.
Sur-Kolay, Susmita; Nandy, Subhas C; Bagchi, Aditya
This volume contains articles written by leading researchers in the fields of algorithms, architectures, and information systems security. The first five chapters address several challenging geometric problems and related algorithms. These topics have major applications in pattern recognition, image analysis, digital geometry, surface reconstruction, computer vision and in robotics. The next five chapters focus on various optimization issues in VLSI design and test architectures, and in wireless networks. The last six chapters comprise scholarly articles on information systems security coverin
Kolkowska, Ella; Dhillon, Gurpreet
Part 6: Policy Compliance and Obligations; International audience; This paper analyzes power relationships and the resulting failure in complying with information security rules. We argue that inability to understand the intricate power relationships in the design and implementation of information security rules leads to a lack of compliance with the intended policy. We conduct the argument through an empirical, qualitative case study set in a Swedish Social Services organization. Our finding...
Douglas P. Twitchell
Full Text Available A major portion of government and business organizationsâ€™ attempts to counteract information security threats is teams of security personnel.Â These teams often consist of personnel of diverse backgrounds in specific specialties such as network administration, application development, and business administration, resulting in possible conflicts between security, functionality, and availability.Â This paper discusses the use of games to teach and research information security teams and outlines research to design and build a simple, team-oriented, configurable, information security game. It will be used to study how information security teams work together to defend against attacks using a multi-player game, and to study the use of games in training security teams.Â Studying how information security teams work, especially considering the topic of shared-situational awareness, could lead to better ways of forming, managing, and training teams.Â Studying the effectiveness of the game as a training tool could lead to better training for security teams.Â
AKBULUT, Reviewed By Yavuz
233Rapid developments in information andcommunication technologies have created newsecurity threats along with ethical dilemmas. Thesedevelopments have been so fast that appropriatesecurity precautions and ethical codes fail to keeppace with the technological developments. In thisrespect, education of both professionals andordinary citizens regarding information technologyethics carries utmost importance. Encyclopedia ofInformation Ethics and Security serves as anauthentic and comprehensive r...
Report #16-P-0086, January 27, 2016. The effectiveness of the CSB’s information security program is challenged by its lack of personal identity verification cards for logical access, complete system inventory.
Elsea, Jennifer K
Recent cases involving alleged disclosures of classified information to the news media or others who are not entitled to receive it have renewed Congress s interest with regard to the possible need...
A. I. Trubei
Full Text Available The article provides a survey of the existing regulatory framework for information security riskmanagement. Practical methods for information security risk and vulnerability assessment are proposed.
The Impact of Immediate Disclosure on Attack Diffusion and Volume.- Where Do All the Attacks Go?.- Sex, Lies and Cyber-Crime Surveys.- The Underground Economy of Fake Antivirus Software.- The Inconvenient Truth about Web Certificates.- Resilience of the Internet Interconnection Ecosystem.- Modeling Internet-Scale Policies for Cleaning up Malware.- Fixed Costs, Investment Rigidities, and Risk Aversion in Information Security.- Are Home Internet Users Willing to Pay ISPs for Improvements in Cyber Security?.- Economic Methods and Decision Making by Security Professionals.- Real Name Verification
In the late 1990s, researchers began to grasp that the roots of many information security failures can be better explained with the language of economics than by pointing to instances of technical flaws. This led to a thriving new interdisciplinary research field combining economic and engineering insights, measurement approaches and methodologies to ask fundamental questions concerning the viability of a free and open information society. While economics and information security comprise the nucleus of an academic movement that quickly drew the attention of thinktanks, industry, and governmen
Full Text Available Even though security services have the same function as before, today they have different tasks and significantly more work than before. Modern security problems of the late 20th and early 21st century require states to reorganize their security services, adapting them to the new changes. The reorganization involves, among other things, giving wider powers of the security services, in order to effectively counter the growing and sophisticated security threats, which may also lead to violations of human rights and freedoms. It is therefore necessary to define the right competence, organization, authority and control of these services. In democratic countries, there are several institutions with different levels of control of security services. Parliament is certainly one of the most important institutions in that control, both in the world and in our country. Powers, finance, the use of special measures and the nature and scope of work of the Security Information Agency are certainly object of the control of the National Assembly. What seems to be the problem is achieving a balance between the need for control of security services and security services to have effective methods for combating modern security problems. This paper presents the legal framework related to the National Assembly control of the Security Intelligence Agency, as well as the practical problems associated with this type of control. We analyzed the role of security culture as one of the factors of that control. In this regard, it provides guidance for the practical work of the members of parliament who control the Security Intelligence Agency, noting in particular the importance of and the need for continuous improvement of security culture representatives.
Information security management is an area with a lot of theoretical models. The models are designed to guide practitioners in prioritizing management resources in companies. Information security management education should address the gap between the academic ideals and practice. This paper introduces a teaching method that has been in use as…
Final 3. DATES COVERED (From - To) 20-05-2014 to 19-05-2015 4. TITLE AND SUBTITLE Data Mining Research for Information Security 5a. CONTRACT...AFRL-AFOSR-JP-TR-2016-0028 Data Mining Research for Information Security Kevin Barton Texas A&M University-San Antonio Final Report 01/29/2016...valid OMB control number. PLEASE DO NOT RETURN YOUR FORM TO THE ABOVE ORGANIZATION. 1. REPORT DATE (DD-MM-YYYY) 01-02-2016 2. REPORT TYPE
Datta, Anupam; Li, Ninghui
Increasingly our critical infrastructures are reliant on computers. We see examples of such infrastructures in several domains, including medical, power, telecommunications, and finance. Although automation has advantages, increased reliance on computers exposes our critical infrastructures to a wider variety and higher likelihood of accidental failures and malicious attacks. Disruption of services caused by such undesired events can have catastrophic effects, such as disruption of essential services and huge financial losses. The increased reliance of critical services on our cyberinfrastruct
...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars...
Full Text Available Universities are the leading institutions that are the sources of educated human population who both produce information and ensure to develop new products and new services by using information effectively, and who are needed in every area. Therefore, universities are expected to be institutions where information and information management are used efficiently. In the present study, the topics such as infrastructure, operation, application, information, policy and human-based information security at universities were examined within the scope of the information security standards which are highly required and intended to be available at each university today, and then a comparative analysis was conducted specific to Turkey. Within the present study, the Microsoft Security Assessment Tool developed by Microsoft was used as the risk analysis tool. The analyses aim to enable the universities to compare their information systems with the information systems of other universities within the scope of the information security awareness, and to make suggestions in this regard.
Harris, Mark A.
Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…
... 49 Transportation 9 2010-10-01 2010-10-01 false Sensitive security information. 1520.5 Section... SENSITIVE SECURITY INFORMATION § 1520.5 Sensitive security information. (a) In general. In accordance with 49 U.S.C. 114(s), SSI is information obtained or developed in the conduct of security activities...
The need for data security in Information and Communications Technology (ICT) can not be overemphasized. In this paper, the use of symmetric and asymmetric key cryptographies to clearly achieve the required protection by means of prime number system and modular multiplicative inverse has been highlighted and ...
Full Text Available Securing sensitive organizational data has become increasingly vital to organizations. An Information Security Management System (ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's information security. Key elements of the operation of an ISMS are ISMS processes. However, and in spite of its importance, an ISMS process framework with a description of ISMS processes and their interaction as well as the interaction with other management processes is not available in the literature. Cost benefit analysis of information security investments regarding single measures protecting information and ISMS processes are not in the focus of current research, mostly focused on economics. This article aims to fill this research gap by proposing such an ISMS process framework as the main contribution. Based on a set of agreed upon ISMS processes in existing standards like ISO 27000 series, COBIT and ITIL. Within the framework, identified processes are described and their interaction and interfaces are specified. This framework helps to focus on the operation of the ISMS, instead of focusing on measures and controls. By this, as a main finding, the systemic character of the ISMS consisting of processes and the perception of relevant roles of the ISMS is strengthened.
Helke, Steffen; Kammüunietd kller, Florian; Probst, Christian W.
Refactoring means that a program is changed without changing its behaviour from an observer's point of view. Does the change of behaviour also imply that the security of the program is not affected by the changes? Using Myers and Liskov's distributed information flow control model DLM and its Java...
... Boko Haram and MASSOB as well as kidnapping for ransom crime to mention but a few.. These national security challenges are as a result of economic insecurity or lack of economic security such as Income security, Employment security, Job security, Representation security, Labour market Security, Work security, ...
Full Text Available Secure information retrieval technology aims at status identification and documentation authentication. Ideally, materials or devices used in these technologies should be hard to find, difficult to counterfeit, and as simple as possible. This manuscript addresses a novel information retrieval technology, with photoluminescent (PL semiconductor quantum dots (QDs synthesized via wet chemistry approaches used as its coding materials. Conceptually, these QDs are designed to exhibit emission at Fraunhofer line positions, namely, black lines in the solar spectrum; thus, the retrieval system can extract useful information under sunshine covering areas. Furthermore, multiphoton excitation (MPE technology enables the retrieval system to be multilayer information extraction, with thin films consisting of QDs applied to various substrates, such as military helmets and vehicle and fingernails. Anticipated applications include security, military, and law enforcement. QD-based security information can be easily destroyed by preset expiration in the presence of timing agents.
Ling, Amy Poh Ai; Masao, Mukaidono
It is important to implement safe smart grid environment to enhance people's lives and livelihoods. This paper provides information on smart grid IS functional requirement by illustrating some discussion points to the sixteen identified requirements. This paper introduces the smart grid potential hazards that can be referred as a triggering factor to improve the system and security of the entire grid. The background of smart information infrastructure and the needs for smart grid IS is descri...
Claudiu Dan BARCA
Full Text Available In Europe, most countries have implemented its digital trunking systems to meet the communication needs of various public safety organizations.The development of these systems will be closely correlated with the evolution of operational requirements and communications services needed by users. For all these digital trunking systems, information security has proven to be an essential aspect. In this paper we present some aspects of the security functions of the Tetra system because this system was imposed as an open standard ETSI and is used as a Schengen cooperation system.
Williams, Barry L
Although compliance standards can be helpful guides to writing comprehensive security policies, many of the standards state the same requirements in slightly different ways. Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0 provides a simplified way to write policies that meet the major regulatory requirements, without having to manually look up each and every control. Explaining how to write policy statements that address multiple compliance standards and regulatory requirements, the book will he
Tajuddin, Sharul; Olphert, Wendy; Doherty, Neil
The study, reported in this paper, aims to explore the relationship between the stakeholders' perceptions about the value of information and their resultant information security behaviours. Moreover, this study seeks to explore the role of national and organisational culture in facilitating information value assignment. Information Security is a concept that formed from the recognition that information is valuable and that there is a need to protect it. The ISO 27002 defines information as an asset, which, like other important business assets, is essential to an organisation's business and consequently needs to be appropriately protected. By definition, an asset has a value to the organisation hence it requires protection. Information protection is typically accomplished through the implementation of countermeasures against the threats and vulnerabilities of information security, for example, implementation of technological processes and mechanisms such as firewall and authorization and authentication systems, set-up of deterrence procedures such as password control and enforcement of organisational policy on information handling procedures. However, evidence routinely shows that despite such measures, information security breaches and incidents are on the rise. These breaches lead to loss of information, personal records, or other data, with consequent implications for the value of the information asset. A number of studies have suggested that such problems are not related primarily to technology problems or procedural deficiencies, but rather to stakeholders' poor compliance with the security measures that are in place. Research indicates that compliance behaviour is affected by many variables including perceived costs and benefits, national and organisational culture and norms. However, there has been little research to understand the concept of information value from the perspective of those who interact with the data, and the consequences for information
Han, Dongmei; Dai, Yonghui; Han, Tianlin; Dai, Xingyun
With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment.
Full Text Available With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people’s awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people’s awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people’s cognition of potential risks in online financial payment.
The purpose of this guidance is to provide an alternative manual process for disseminating EPA Information Security Awareness Training (ISAT) materials and collecting results from EPA users who elect to complete the ISAT manually.
Report #2006-P-00021, March 30, 2006. We found that the Office of Water (OW) substantially complied with many of the information security controls reviewed and had implemented practices to ensure production servers are monitored.
... [NRC-2011-0268] RIN 3150-AJ07 Facility Security Clearance and Safeguarding of National Security..., Classified National Security Information. The rule would allow licensees flexibility in determining the means... to 10 CFR part 95. PART 95--FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY...
... COMMISSION 10 CFR Part 95 RIN 3150-AJ07 Facility Security Clearance and Safeguarding of National Security..., Classified National Security Information. In addition, this direct final rule allowed licensees flexibility... required security education training for employees of NRC licensees possessing security clearances so that...
Charif, Abdul Rahim
Secure Information Systems (SIS) design paradigms have evolved in generations to adapt to IS security needs. However, modern IS are still vulnerable and are far from secure. The development of an underlying IS cannot be reduced to "technological fixes" neither is the design of SIS. Technical security cannot ensure IS security.…
easily generated by using amplitude-only spatial light modulator . When the designed aperture is sequentially moved in the transverse domain, a series...Xudong Chen, “Fractional Fourier domain optical image hiding using phase retrieval algorithm based on iterative nonlinear double random phase...Final 3. DATES COVERED (From - To) 18 April 2013 to 17 April 2015 4. TITLE AND SUBTITLE Securing Information with Complex Optical
... RECORDS ADMINISTRATION Information Security Oversight Office; National Industrial Security Program Policy... submitted to the Information Security Oversight Office (ISOO) no later than Wednesday, March 17, 2010. ISOO... regulation 41 CFR 101-6, announcement is made for a meeting of the National Industrial Security Program...
... 32 National Defense 1 2010-07-01 2010-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...
We investigate the problem of secure broadcasting over fast fading channels with imperfect main channel state information (CSI) at the transmitter. In particular, we analyze the effect of the noisy estimation of the main CSI on the throughput of a broadcast channel where the transmission is intended for multiple legitimate receivers in the presence of an eavesdropper. Besides, we consider the realistic case where the transmitter is only aware of the statistics of the eavesdropper s CSI and not of its channel s realizations. First, we discuss the common message transmission case where the source broadcasts the same information to all the receivers, and we provide an upper and a lower bounds on the ergodic secrecy capacity. For this case, we show that the secrecy rate is limited by the legitimate receiver having, on average, the worst main channel link and we prove that a non-zero secrecy rate can still be achieved even when the CSI at the transmitter is noisy. Then, we look at the independent messages case where the transmitter broadcasts multiple messages to the receivers, and each intended user is interested in an independent message. For this case, we present an expression for the achievable secrecy sum-rate and an upper bound on the secrecy sum-capacity and we show that, in the limit of large number of legitimate receivers K, our achievable secrecy sum-rate follows the scaling law log((1-a ) log(K)), where is the estimation error variance of the main CSI. The special cases of high SNR, perfect and no-main CSI are also analyzed. Analytical derivations and numerical results are presented to illustrate the obtained expressions for the case of independent and identically distributed Rayleigh fading channels.
We investigate the problem of secure broadcasting over fast fading channels with imperfect main channel state information (CSI) at the transmitter. In particular, we analyze the effect of the noisy estimation of the main CSI on the throughput of a broadcast channel where the transmission is intended for multiple legitimate receivers in the presence of an eavesdropper. Besides, we consider the realistic case where the transmitter is only aware of the statistics of the eavesdropper\\'s CSI and not of its channel\\'s realizations. First, we discuss the common message transmission case where the source broadcasts the same information to all the receivers, and we provide an upper and a lower bounds on the ergodic secrecy capacity. For this case, we show that the secrecy rate is limited by the legitimate receiver having, on average, the worst main channel link and we prove that a non-zero secrecy rate can still be achieved even when the CSI at the transmitter is noisy. Then, we look at the independent messages case where the transmitter broadcasts multiple messages to the receivers, and each intended user is interested in an independent message. For this case, we present an expression for the achievable secrecy sum-rate and an upper bound on the secrecy sum-capacity and we show that, in the limit of large number of legitimate receivers K, our achievable secrecy sum-rate follows the scaling law log((1-a ) log(K)), where is the estimation error variance of the main CSI. The special cases of high SNR, perfect and no-main CSI are also analyzed. Analytical derivations and numerical results are presented to illustrate the obtained expressions for the case of independent and identically distributed Rayleigh fading channels.
Akazawa, Shunichi; Igarashi, Manabu; Sawa, Hirofumi; Tamashiro, Hiko
Information security and assurance are an increasingly critical issue in health research. Whether health research be in genetics, new drugs, disease outbreaks, biochemistry, or effects of radiation, it deals with information that is highly sensitive and which could be targeted by rogue individuals or groups, corporations, national intelligence agencies, or terrorists, looking for financial, social, or political gains. The advents of the Internet and advances in recent information technologies have also dramatically increased opportunities for attackers to exploit sensitive and valuable information.Government agencies have deployed legislative measures to protect the privacy of health information and developed information security guidelines for epidemiological studies. However, risks are grossly underestimated and little effort has been made to strategically and comprehensively protect health research information by institutions, governments and international communities.There is a need to enforce a set of proactive measures to protect health research information locally and globally. Such measures should be deployed at all levels but will be successful only if research communities collaborate actively, governments enforce appropriate legislative measures at national level, and the international community develops quality standards, concluding treaties if necessary, at the global level.Proactive measures for the best information security and assurance would be achieved through rigorous management process with a cycle of "plan, do, check, and act". Each health research entity, such as hospitals, universities, institutions, or laboratories, should implement this cycle and establish an authoritative security and assurance organization, program and plan coordinated by a designatedChief Security Officer who will ensure implementation of the above process, putting appropriate security controls in place, with key focus areas such aspolicies and best practices, enforcement
... 49 Transportation 1 2010-10-01 2010-10-01 false Sensitive security information. 15.5 Section 15.5 Transportation Office of the Secretary of Transportation PROTECTION OF SENSITIVE SECURITY INFORMATION § 15.5 Sensitive security information. (a) In general. In accordance with 49 U.S.C. 40119(b)(1), SSI is information...
Ayyagari, Ramakrishna; Tyks, Jonathan
Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small…
Hall, Peter A.; Heath, Claude P.; Coles-Kemp, Lizzie; Tanner, Axel
This paper examines the use of visualisations in the field of information security and in particular focuses on the practice of information security risk assessment. We examine the current roles of information security visualisations and place these roles in the wider information visualisation
Full Text Available The article adduces a research of psychological characteristics of information security of adolescents with deviant and normative behavior. 46 people from two Moscow schools were examined with a complex of four methods, one of which was the “Information Security Questionnaire" - is used for the first time. In addition, two experimental subgroups viewed videos about Internet security rules and then it was assessed how much it had influenced the responses of adolescents to spam mailing. A conclusion based on the obtained results was made, that adolescents with deviant behavior are less likely (in comparison with adolescents with normative behavior to be exposed to negative information because of their personal characteristics and distrust of others. However, for the same reason, they are less susceptible to persuasive educational impact, including those related to information security on the Internet. Thus, it is teenagers with normative behavior who are the ones who need information security education, and the effectiveness of such education should be tested with various psychological methods.
Bennett, Jeannine B.
This study addressed the problems associated with users' understanding, accepting, and complying with requirements of security-oriented solutions. The goal of the research was not to dispute existing theory on IT project implementations, but rather to further the knowledge on the topic of technology user acceptance of security-oriented IT…
Shao, Zhiyi; Yang, Bo; Zhang, Wenzheng; Zhao, Yi; Wu, Zhenqiang; Miao, Meixia
Medical information sharing is one of the most attractive applications of cloud computing, where searchable encryption is a fascinating solution for securely and conveniently sharing medical data among different medical organizers. However, almost all previous works are designed in symmetric key encryption environment. The only works in public key encryption do not support keyword trapdoor security, have long ciphertext related to the number of receivers, do not support receiver revocation without re-encrypting, and do not preserve the membership of receivers. In this paper, we propose a searchable encryption supporting multiple receivers for medical information sharing based on bilinear maps in public key encryption environment. In the proposed protocol, data owner stores only one copy of his encrypted file and its corresponding encrypted keywords on cloud for multiple designated receivers. The keyword ciphertext is significantly shorter and its length is constant without relation to the number of designated receivers, i.e., for n receivers the ciphertext length is only twice the element length in the group. Only the owner knows that with whom his data is shared, and the access to his data is still under control after having been put on the cloud. We formally prove the security of keyword ciphertext based on the intractability of Bilinear Diffie-Hellman problem and the keyword trapdoor based on Decisional Diffie-Hellman problem.
Julius O. Okesola
Full Text Available Background: Ever since social network sites (SNS became a global phenomenon in almost every industry, security has become a major concern to many SNS stakeholders. Several security techniques have been invented towards addressing SNS security, but information security awareness (ISA remains a critical point. Whilst very few users have used social circles and applications because of a lack of users’ awareness, the majority have found it difficult to determine the basis of categorising friends in a meaningful way for privacy and security policies settings. This has confirmed that technical control is just part of the security solutions and not necessarily a total solution. Changing human behaviour on SNSs is essential; hence the need for a privately enhanced ISA SNS.Objective: This article presented sOcialistOnline – a newly developed SNS, duly secured and platform independent with various ISA techniques fully implemented.Method: Following a detailed literature review of the related works, the SNS was developed on the basis of Object Oriented Programming (OOP approach, using PhP as the coding language with the MySQL database engine at the back end.Result: This study addressed the SNS requirements of privacy, security and services, and attributed them as the basis of architectural design for sOcialistOnline. SNS users are more aware of potential risk and the possible consequences of unsecured behaviours.Conclusion: ISA is focussed on the users who are often the greatest security risk on SNSs, regardless of technical securities implemented. Therefore SNSs are required to incorporate effective ISA into their platform and ensure users are motivated to embrace it.
Julius O. Okesola
Full Text Available Background: Ever since social network sites (SNS became a global phenomenon in almost every industry, security has become a major concern to many SNS stakeholders. Several security techniques have been invented towards addressing SNS security, but information security awareness (ISA remains a critical point. Whilst very few users have used social circles and applications because of a lack of users’ awareness, the majority have found it difficult to determine the basis of categorising friends in a meaningful way for privacy and security policies settings. This has confirmed that technical control is just part of the security solutions and not necessarily a total solution. Changing human behaviour on SNSs is essential; hence the need for a privately enhanced ISA SNS. Objective: This article presented sOcialistOnline – a newly developed SNS, duly secured and platform independent with various ISA techniques fully implemented. Method: Following a detailed literature review of the related works, the SNS was developed on the basis of Object Oriented Programming (OOP approach, using PhP as the coding language with the MySQL database engine at the back end. Result: This study addressed the SNS requirements of privacy, security and services, and attributed them as the basis of architectural design for sOcialistOnline. SNS users are more aware of potential risk and the possible consequences of unsecured behaviours. Conclusion: ISA is focussed on the users who are often the greatest security risk on SNSs, regardless of technical securities implemented. Therefore SNSs are required to incorporate effective ISA into their platform and ensure users are motivated to embrace it.
Full Text Available Information security management system (ISMS is that part of the overall management system, based on a business risk approach, that it is developed in order to establish, implement, operate, monitor, review, maintain and improve information security
Jacobsen, Amanda Lynn
Full text available at: http://cast.ku.dk/pdf/National_Security_and_the_Right_to_Information.pdf/......Full text available at: http://cast.ku.dk/pdf/National_Security_and_the_Right_to_Information.pdf/...
Tan, Terence C. C.; Ruighaver, Anthonie B.; Ahmad, Atif
International audience; Current security governance is often based on a centralized decision making model and still uses an ineffective 20th century risk management approach to security. This approach is relatively simple to manage since it needs almost no security governance below the top enterprise level where most decisions are made. However, while there is a role for more corporate governance, new regulations, and improved codes of best practice to address current weak organizational secu...
Parah, S. A.; Sheikh, J. A.; Hafiz, A. M.; Bhat, G. M.
The unprecedented advancement of multimedia and growth of the internet has made it possible to reproduce and distribute digital media easier and faster. This has given birth to information security issues, especially when the information pertains to national security, e-banking transactions, etc. The disguised form of encrypted data makes an adversary suspicious and increases the chance of attack. Information hiding overcomes this inherent problem of cryptographic systems and is emerging as an effective means of securing sensitive data being transmitted over insecure channels. In this paper, a secure and robust information hiding technique referred to as Intermediate Significant Bit Plane Embedding (ISBPE) is presented. The data to be embedded is scrambled and embedding is carried out using the concept of Pseudorandom Address Vector (PAV) and Complementary Address Vector (CAV) to enhance the security of the embedded data. The proposed ISBPE technique is fully immune to Least Significant Bit (LSB) removal/replacement attack. Experimental investigations reveal that the proposed technique is more robust to various image processing attacks like JPEG compression, Additive White Gaussian Noise (AWGN), low pass filtering, etc. compared to conventional LSB techniques. The various advantages offered by ISBPE technique make it a good candidate for covert communication.
... ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small Business Administration. ACTION... Small Business Information Security Task Force Meeting. DATES: 1 p.m., Wednesday, December 8, 2010... meeting minutes for the third meeting of the Small Business Information Security Task Force. Chairman...
... ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small Business Administration. ACTION... Small Business Information Security Task Force Meeting. DATES: 1 p.m., Wednesday, November 10, 2010... meeting minutes for the second meeting of the Small Business Information Security Task Force. Chairman...
Yoon, Cheolho; Hwang, Jae-Won; Kim, Rosemary
Due to the ever-increasing use of the Internet, information security has become a critical issue in society. This is especially the case for young adults who have different attitudes towards information security practices. In this research, we examine factors that motivate college students' information security behaviors. Based on the concept of…
... ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small Business Administration. ACTION... Small Business Information Security Task Force Meeting. DATES: 1 p.m., Wednesday, October 13, 2010... meeting minutes for the first meeting of the Small Business Information Security Task Force. Chairman...
... ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small Business Administration. ACTION... Small Business Information Security Task Force Meeting. DATES: 1 p.m., Wednesday, January 12, 2011... meeting minutes for the third meeting of the Small Business Information Security Task Force. Chairman, Mr...
The focus of this dissertation was to examine the crucial relationship between organization systems within the framework of the organizational behavior theory and information security awareness (ISA) of users within the framework of the information security theory. Despite advanced security technologies designed to protect information assets,…
Niekerk, Johan F.; Solms, Rossouw,
International audience; This panel discussion will examine the methodological traditions currently existing amongst the fraternity of information security researchers. Information security researchers commonly engage in research activities ranging from the highly technical, to the "softer" human orientated. As such, researchers engaged in the field of information security could potentially make use of research philosophies, paradigms, and methodologies ranging from the quantitative/positivist...
Vitaly Eduardovich Dorokhov
Full Text Available The article presents the analysis of actual information security problems in commercial segment. The main directions in regulations of the Russian Federation connected with information security assurance are defined. The results indicate the insufficiency of legal regulation in prevention of reputational losses due to information security incidents
Full Text Available The purpose of this paper is to present some directions to perform the risk man-agement for information security. The article follows to practical methods through question-naire that asses the internal control, and through evaluation based on existing controls as part of vulnerability assessment. The methods presented contains all the key elements that concurs in risk management, through the elements proposed for evaluation questionnaire, list of threats, resource classification and evaluation, correlation between risks and controls and residual risk computation.
Full Text Available Analyzing the flexible uses security problems in existing information technology systems. Looking for way to ensure the safety of the reaction time to smooth access to more projects in development. Review of projects undertaken. Codified in the project design and development components. Made of the findings of the methods used to discover, which exclude parts of the draft rule and resort to emergency planning in the early part of the project development phase. Analytical result: JRMAD mixed method, allowing simultaneous two of the project and the time to change the current system.Article in Lithuanian
Dadkhah, Mehdi; Lagzian, Mohammad; Borchardt, Glenn
In this opinion piece, we present a synopsis of our findings from the last 2 years concerning cyber-attacks on web-based academia. We also present some of problems that we have faced and try to resolve any misunderstandings about our work. We are academic information security specialists, not hackers. Finally, we present a brief overview of our methods for detecting cyber fraud in an attempt to present general guidelines for researchers who would like to continue our work. We believe that our work is necessary for protecting the integrity of scholarly publishing against emerging cybercrime.
Full Text Available threat, Cyber trend, Information security, Proactive, Strategy. 1. Introduction "The success of the Internet has not only changed how the world does business, it also has transformed forever the nature of the risks that organisations face" [17... becoming more sophisticated in their attack strategies and techniques. Cyber trends can thus be defined as the long-term movement and general direction in which cyber activities move. 2.1.1 Trend 1: Internet penetration “Nine in 10 South Africans...
Full Text Available Risk management has emerged ever since the appearance of human communities and it has developed at a slow rate. Over time, a significant improvement was made, from accepting hazards to the identification, evaluation and control of unwanted events, threat prevention and exploitation of opportunities through scientific risk management actions. The fundamental role of research in cyber security is to concentrate the efforts on those contexts and conditions which determine the way in which key players reach a common understanding of the way to conceive and eventually answer to certain challenges in cyber security. In order to build a clear perception of these effects, this work presents the main elements which define cyber space, to come to the aid of turning the management process into an efficient one, especially when talking about cyber space as a space for conflicts, both economic and political.
... management: (1) Information system development, (2) Information collection, (3) Information handling and...) Supplementing this list are information security standards pertaining to the following administrative areas: (1...) Information processing or storage system procurement, (5) Contractual relationships. ...
Anderson, Ross; Moore, Tyler
Until ca. 2000, information security was seen as a technological discipline, based on computer science but with mathematics helping in the design of ciphers and protocols. That perspective started to change as researchers and practitioners realized the importance of economics. As distributed systems are increasingly composed of machines that belong to principals with divergent interests, incentives are becoming as important to dependability as technical design. A thriving new field of information security economics provides valuable insights not just into 'security' topics such as privacy, bugs, spam and phishing, but into more general areas of system dependability and policy. This research programme has recently started to interact with psychology. One thread is in response to phishing, the most rapidly growing form of online crime, in which fraudsters trick people into giving their credentials to bogus websites; a second is through the increasing importance of security usability; and a third comes through the psychology-and-economics tradition. The promise of this multidisciplinary research programme is a novel framework for analysing information security problems-one that is both principled and effective.
Thesaurus of Engineering and Scientific Terms (TEST) and that thesaurus identified. If it is not possible to select indexing terms which are...structural, functional, normative, human (cognitive and social), physical, and information dimensions, are automatically incorporated into the...the automatic configuration and generation of Brahms agent code, the compilation and execution of the agent environment, and the gathering and display
To ensure the likely success of an organisation’s Information Security Governance, discipline leaders recommend that organisations follow the guidelines as set out in Information Security Governance best practice documents. Best practices and related documents from the Information Security Governance discipline, as well as best practices and related documents from the Corporate Governance and Information Technology Governance disciplines, all include sections pertaining to Information Securit...
... SECURITY Homeland Security Information Network Advisory Committee (HSINAC) AGENCY: OPS/OCIO, DHS. ACTION: Committee Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSIN AC) will meet on February 27th-28th, 2013 in Washington, DC. The...
Nasution, Muhamad Faisal Fariduddin Attar
This study focuses on the institutionalization of information security in the banking sector. This study is important to pursue since it explicates the internalization of information security governance and practices and how such internalization develops an organizational resistance towards security breach. The study argues that information…
Chief Information Security Officers are bombarded with huge challenges every day, from recommending security applications to strategic thinking and business innovation. This guide describes the hard and soft skills that a successful CISO requires: not just a good knowledge of information security, but also attributes such as flexibility and communication skills.
... National Security Division; Agency Information Collection Activities: Proposed Collection; Comments... (Foreign Agents). The Department of Justice (DOJ), National Security Division (NSD), will be submitting the... information, please write to U.S. Department of Justice, 10th & Constitution Avenue, NW., National Security...
Hartel, Pieter H.; Junger, Marianne; Wieringa, Roelf J.
Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality,
... SECURITY Transportation Security Administration New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY: Transportation Security Administration, DHS. ACTION... Title: Pipeline System Operator Security Information. Type of Request: New collection. OMB Control...
V. A. Bogatyrev
Full Text Available A Markov model is suggested for secure information systems, functioning under conditions of destructive impacts, which aftereffects are found by on-line and test control. It is assumed that on-line control, in contrast to the test one, is char- acterized by the limited control completeness, but does not require the stopping of computational process. The aim of re- search is to create models that optimize intervals of test control initialization by the criterion of probability maximization for system stay in the ready state to secure fulfillment of the functional requests and minimization of the dangerous system states in view of the uncertainty and intensity variance of the destructive impacts. Variants of testing intervals optimization are con- sidered depending on the intensity of destructive impacts by the criterion of the maximum system availability for the safe execution of queries. Optimization is carried out with and without adaptation to the actual intensity change of destructive impacts. The efficiency of adaptive change for testing periods is shown depending on the observed activity of destructive impacts. The solution of optimization problem is obtained by built-in tools of computer mathematics Mathcad 15, including symbolic mathematics for solution of systems of algebraic equations. The proposed models and methods of determining the optimal testing intervals can find their application in the system design of computer systems and networks of critical applications, working under conditions of destabilizing actions with the increased requirements for their safety.
Full Text Available Business Information Exchange is an Internet Secure Portal for secure management, distribution, sharing, and use of business e-mails, documents, and messages. It has three applications supporting three major types of information exchange systems: secure e-mail, secure instant messaging, and secure sharing of business documents. In addition to standard security services for e-mail letters, which are also applied to instant messages and documents, the system provides innovative features of privacy and full anonymity of users and their locations, actions, transactions, and exchanged resources. In this paper we describe design, implementation, and use of the system.
Full Text Available to private encrypted networks. Several security mechanisms from commercial enterprise and social networking systems were adopted and customised in order to secure Cmore, a Web based real time distributed command and control system developed by the Council...
Matteucci, Ilaria; Di Sarno, Cesario; Garofalo, Alessia; Vallini, Marco
Security information and event management (SIEM) systems are increasingly used to cope with the security challenges involved in critical infrastructure protection. However, these systems have several limitations. This paper describes an enhanced security information and event management system that (i) resolves conflicts between security policies; (ii) discovers unauthorized network data paths and appropriately reconfigures network devices; and (iii) provides an intrusion- and fault-tolerant ...
D.Phil. (Computer Science) Security needs have changed considerably in the past decade as the economics of computer usage necessitates increased business reliance on computers. As more individuals need computers to perform their jobs, more detailed security controls are needed to offset the risk inherent in granting more people access to computer systems. Traditionally, computer security administrators have been tasked with configuring' , security systems by setting controls on the actions...
Otero, Angel R.
In an era where use and dependence of information systems is significantly high, the threat of incidents related to information security that could jeopardize the information held by organizations is more and more serious. Alarming facts within the literature point to inadequacies in information security practices, particularly the evaluation of…
Chen, Ying-Pei; Hsieh, Sung-Huai; Cheng, Po-Hsun; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie
Information security management for healthcare enterprises is critical but complex. Information requests from clinical users are often urgent and call for a high service level and prompt security policies. This article describes Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises as part of the electronic health record process. Survey showed that AERA guides information officials and enterprise administrators in overcoming challenges o...
Masloboev A. V.; Putilov V. A.
The paper deals with system analysis of problems of regional economy information security and methods for their solutions at various stages of the crisis situation life-cycle. Specificity and structure of control problems of regional security in the economy as an object of information support have been considered. A set of decision-making information support problems occurred at the strategic, tactical and operational levels of regional security management has been defined. The information su...
Gong, Qing-Yue; Shi, Cheng
It is important to establish the hospital information system security policies. While these security policies are being established, a comprehensive consideration should be given to the acceptable levels of users, IT supporters and hospital managers. We should have a formal policy designing process that is consistently followed by all security policies. Reasons for establishing the security policies and their coverage and applicable objects should be stated clearly. Besides, each policy should define user's responsibilities and penalties of violation. Every organization will need some key policies, such as of information sources usage, remote access, information protection, perimeter security, and baseline host/device security. Security managing procedures are the mechanisms to enforce the policies. An incident-handling procedure is the most important security managing procedure for all organizations.
Information technology (IT) security threats and vulnerabilities have become a major concern for organizations in the United States. However, there has been little research on assessing the effect of IT security professionals' knowledge on the use of IT security controls. This study examined the unified theory of acceptance and use of technology…
Landolt, Sarah; Hirschel, Jürg; Schlienger, Thomas; Businger, Walter; Zbinden, Alex M
Availability of information in hospitals is an important prerequisite for good service. Significant resources have been invested to improve the availability of information, but it is also vital that the security of this information can be guaranteed. The goal of this study was to assess information security in hospitals through a questionnaire based on the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standard ISO/IEC 27002, evaluating Information technology - Security techniques - Code of practice for information-security management, with a special focus on the effect of the hospitals' size and type. The survey, set up as a cross-sectional study, was conducted in January 2011. The chief information officers (CIOs) of 112 hospitals in German-speaking Switzerland were invited to participate. The online questionnaire was designed to be fast and easy to complete to maximize participation. To group the analyzed controls of the ISO/IEC standard 27002 in a meaningful way, a factor analysis was performed. A linear score from 0 (not implemented) to 3 (fully implemented) was introduced. The scores of the hospitals were then analyzed for significant differences in any of the factors with respect to size and type of hospital. The participating hospitals were offered a benchmark report about their status. The 51 participating hospitals had an average score of 51.1% (range 30.6% - 81.9%) out of a possible 100% where all items in the questionnaire were fully implemented. Room for improvement could be identified, especially for the factors covering "process and quality management" (average score 1.3 ± 0.8 out of a maximum of 3) and "organization and risk management" (average score 1.3 ± 0.7 out of a maximum of 3). Private hospitals scored significantly higher than university hospitals in the implementation of "security zones" and "backup" (P = .008). Half (50.00%, 8588/17,177) of all assessed hospital beds
Hirschel, Jürg; Schlienger, Thomas; Businger, Walter; Zbinden, Alex M
Background Availability of information in hospitals is an important prerequisite for good service. Significant resources have been invested to improve the availability of information, but it is also vital that the security of this information can be guaranteed. Objective The goal of this study was to assess information security in hospitals through a questionnaire based on the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standard ISO/IEC 27002, evaluating Information technology – Security techniques – Code of practice for information-security management, with a special focus on the effect of the hospitals’ size and type. Methods The survey, set up as a cross-sectional study, was conducted in January 2011. The chief information officers (CIOs) of 112 hospitals in German-speaking Switzerland were invited to participate. The online questionnaire was designed to be fast and easy to complete to maximize participation. To group the analyzed controls of the ISO/IEC standard 27002 in a meaningful way, a factor analysis was performed. A linear score from 0 (not implemented) to 3 (fully implemented) was introduced. The scores of the hospitals were then analyzed for significant differences in any of the factors with respect to size and type of hospital. The participating hospitals were offered a benchmark report about their status. Results The 51 participating hospitals had an average score of 51.1% (range 30.6% - 81.9%) out of a possible 100% where all items in the questionnaire were fully implemented. Room for improvement could be identified, especially for the factors covering “process and quality management” (average score 1.3 ± 0.8 out of a maximum of 3) and “organization and risk management” (average score 1.3 ± 0.7 out of a maximum of 3). Private hospitals scored significantly higher than university hospitals in the implementation of “security zones” and “backup” (P = .008
Su, X.; Bolzoni, D.; van Eck, Pascal
In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most
Su, X.; Bolzoni, D.; van Eck, Pascal
In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most
... 36 Parks, Forests, and Public Property 3 2010-07-01 2010-07-01 false National security-classified... Restrictions § 1256.46 National security-classified information. In accordance with 5 U.S.C. 552(b)(1), NARA... properly classified under the provisions of the pertinent Executive Order on Classified National Security...
Chowdhry, Bhagwan; Grinblatt, Mark
A model of security design based on the principle of information aggregation and alignment is used to show that (i) firms needing to finance their operations should issue different securities to different groups of investors in order to aggregate their disparate information and (ii) each security should be highly correlated (closely aligned) with the private information signal of the investor to whom it is marketed. This alignment reduces the adverse selection penalty paid by a firm with su...
Lenaeu, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)
The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.
Yunguang, Wang; Dong, Wang
This paper summarizes some of the key issues of medical information security and is intended to spark discussion and generate comments for improvement. First we produce four definitions and one lemma of linear cryptanalysis about medical information, and then accordingly come to four important application of linear cryptanalysis to medical information security.
Report #18-P-0031, October 30, 2017. Although the EPA has an effective information security program, management emphasis is needed to achieve a higher level of maturity for the agency’s information security program.
Butzen, F; Furler, F
The Matheson Report sees the medical library as playing a key role in a network of interlocking information bases that will extend from central repositories of medical information to each physician's personal records. It appears, however, that the role of security in this vision has not been fully delineated. This paper discusses problems in maintaining the security of confidential medical information, the state of the applicable law, and techniques for security (with special emphasis on the UNIX operating system). It is argued that the absence of security threatens any plan to build an information network, as there will be resistance to any system that may give intruders access to confidential data.
Masloboev A. V.
Full Text Available The paper deals with system analysis of problems of regional economy information security and methods for their solutions at various stages of the crisis situation life-cycle. Specificity and structure of control problems of regional security in the economy as an object of information support have been considered. A set of decision-making information support problems occurred at the strategic, tactical and operational levels of regional security management has been defined. The information support problem-solving unified methodological and instrumental framework of regional security has been proposed
N. S. Rodionova
Full Text Available Summary. Introduction of information technology to improve the efficiency of security activity leads to the need to consider a number of negative factors associated with in consequence of the use of these technologies as a key element of modern security systems. One of the most notable factor is the exposure to information processes in protection systems security threats. This largely relates to integrated security systems (ISS is the system of protection with the highest level of informatization security functions. Significant damage to protected objects that they could potentially incur as a result of abnormal operation ISS, puts a very actual problem of assessing factors that reduce the efficiency of the ISS to justify the ways and methods to improve it. Because of the nature of threats and blocking distortion of information in the ISS of interest are: the volume undistorted ISF working environment, as a characteristic of data integrity; time access to information as a feature of its availability. This in turn leads to the need to use these parameters as the performance characteristics of information processes in the ISS - the completeness and timeliness of information processing. The article proposes performance indicators of information processes in integrated security systems in terms of optimal control procedures to protect information from unauthorized access. Set the considered parameters allows to conduct comprehensive security analysis of integrated security systems, and to provide recommendations to improve the management of information security procedures in them.
Butzen, F; Furler, F
The Matheson Report sees the medical library as playing a key role in a network of interlocking information bases that will extend from central repositories of medical information to each physician's personal records. It appears, however, that the role of security in this vision has not been fully delineated. This paper discusses problems in maintaining the security of confidential medical information, the state of the applicable law, and techniques for security (with special emphasis on the UNIX operating system). It is argued that the absence of security threatens any plan to build an information network, as there will be resistance to any system that may give intruders access to confidential data. PMID:3742113
The aim of the paper is to increase human awareness of the dangers connected with social engineering methods of obtaining information. The article demonstrates psychological and sociological methods of influencing people used in the attacks on IT systems. Little known techniques are presented about one of the greater threats that is electromagnetic emission or corona effect. Moreover, the work shows methods of protecting against this type of dangers. Also, in the paper one can find information on devices made according to the TEMPEST technology. The article not only discusses the methods of gathering information, but also instructs how to protect against its out-of-control loss.
PROF. O. E. OSUAGWU
Dec 1, 2013 ... Abstract. The problem of economic insecurity is a global threat to national security. In Nigeria today, we have witness a lot of national security issues that risks the continued existence of the country as one indivisible political entity with many calling for disintegration. Hitherto, many terrorist networks have ...
Full Text Available The article presents the first part of the work devoted to the study of ordinary representations of parents and teachers about information security of children and adolescents. It is about addressing the problem of information security of children and adolescents, discuss the effects of observing violence in the mass media on the subsequent behaviour of viewers, refers to directing television roles on the example of transfer schemes by S. Milgram in the context of television game (experiment J. L. Beauvois with colleagues. This paper examines the impact on users has the Internet, discusses the main directions of action in relation to ensuring information security of children and adolescents, focusing on psychological aspects of the concept of information security of children, demonstrates the importance of studying "naive theories" that govern the actions aimed at ensuring information security of children. The authors explain the prospect of studying problems of information security of children in the framework of the theory of social representations.
Craig A. Horne
Full Text Available Dependence on information, including for some of the world’s largest organisations such as governments and multi-national corporations, has grown rapidly in recent years. However, reports of information security breaches and their associated consequences indicate that attacks are escalating on organisations conducting these information-based activities. Organisations need to formulate strategy to secure their information, however gaps exist in knowledge. Through a thematic review of academic security literature, (1 we analyse the antecedent conditions that motivate the adoption of a comprehensive information security strategy, (2 the conceptual elements of strategy and (3 the benefits that are enjoyed post-adoption. Our contributions include a definition of information security strategy that moves from an internally-focussed protection of information towards a strategic view that considers the organisation, its resources and capabilities, and its external environment. Our findings are then used to suggest future research directions.
Cong, Shengri; Zhang, Kai; Chen, Baowen
With the development of the online applications of geographic information systems (GIS) and the spatial information services, the spatial information security becomes more important. This work introduced digital certificates and authorization schemes into GIS to protect the crucial spatial information combining the techniques of the role-based access control (RBAC), the public key infrastructure (PKI) and the privilege management infrastructure (PMI). We investigated the spatial information granularity suited for sensitivity marking and digital certificate model that fits the need of GIS security based on the semantics analysis of spatial information. It implements a secure, flexible, fine-grained data access based on public technologies in GIS in the world.
Lewis, Nick; Campbell, Mark J; Baskin, Carole R
The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as "select agents." While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts--still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment.
Patricia A.H. Williams
Full Text Available Information governance is becoming an important aspect of organisational accountability. In consideration that information is an integral asset of most organisations, the protection of this asset will increasingly rely on organisational capabilities in security. In the medical arena this information is primarily sensitive patient-based information. Previous research has shown that application of security measures is a low priority for primary care medical practice and that awareness of the risks are seriously underestimated. Consequently, information security governance will be a key issue for medical practice in the future. Information security governance is a relatively new term and there is little existing research into how to meet governance requirements. The limited research that exists describes information security governance frameworks at a strategic level. However, since medical practice is already lagging in the implementation of appropriate security, such definition may not be practical although it is obviously desirable. This paper describes an on-going action research project undertaken in the area of medical information security, and presents a tactical approach model aimed at addressing information security governance and the protection of medical data.
Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah
Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.
Ling, Amy Poh Ai; Masao, Mukaidono
At present, the "Smart Grid" has emerged as one of the best advanced energy supply chains. This paper looks into the security system of smart grid via the smart planet system. The scope focused on information security criteria that impact on consumer trust and satisfaction. The importance of information security criteria is perceived as the main aspect to impact on customer trust throughout the entire smart grid system. On one hand, this paper also focuses on the selection of the model for de...
V. S. Oladko
Full Text Available The article deals with the problem assessment of information security risks in the ERP-system. ERP-system functions and architecture are studied. The model malicious impacts on levels of ERP-system architecture are composed. Model-based risk assessment, which is the quantitative and qualitative approach to risk assessment, built on the partial unification 3 methods for studying the risks of information security - security models with full overlapping technique CRAMM and FRAP techniques developed.
AFRL-OSR-VA-TR-2015-0217 PREDICT Privacy and Security Enhancing Dynamic Information Monitoring VAIDY S SUNDERAM EMORY UNIVERSITY Final Report 08/03...TITLE AND SUBTITLE PREDICT: Privacy and Security Enhancing Dynamic Information Monitoring 5a. CONTRACT NUMBER 5b. GRANT NUMBER FA9550-12-1-0240 5c...SUPPLEMENTARY NOTES 14. ABSTRACT The PREDICT project incorporates security and privacy in DDDAS systems to deliver provable guarantees of privacy and
Grusho, Alexander A.; Abaev, Pavel O.; Shorgin, Sergey Ya.; Timonina, Elena E.
Information security control in software defined networks (SDN) is connected with execution of the security policy rules regulating information accesses and protection against distribution of the malicious code and harmful influences. The paper offers a representation of a security policy in the form of hierarchical structure which in case of distribution of resources for the solution of tasks defines graphs of admissible interactions in a networks. These graphs define commutation tables of switches via the SDN controller.
Lewis, Nick; Campbell, Mark J.; Baskin, Carole R.
The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as “select agents.” While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select a...
Das, Ashok Kumar; Bruhadeshwar, Bezawada
Recently Lee and Liu proposed an efficient password based authentication and key agreement scheme using smart card for the telecare medicine information system [J. Med. Syst. (2013) 37:9933]. In this paper, we show that though their scheme is efficient, their scheme still has two security weaknesses such as (1) it has design flaws in authentication phase and (2) it has design flaws in password change phase. In order to withstand these flaws found in Lee-Liu's scheme, we propose an improvement of their scheme. Our improved scheme keeps also the original merits of Lee-Liu's scheme. We show that our scheme is efficient as compared to Lee-Liu's scheme. Further, through the security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our scheme is secure against passive and active attacks.
F. N. Shago
Full Text Available Complication of information security management systems leads to the necessity of improving the scientific and methodological apparatus for these systems auditing. Planning is an important and determining part of information security management systems auditing. Efficiency of audit will be defined by the relation of the reached quality indicators to the spent resources. Thus, there is an important and urgent task of developing methods and techniques for optimization of the audit planning, making it possible to increase its effectiveness. The proposed technique gives the possibility to implement optimal distribution for planning time and material resources on audit stages on the basis of dynamics model for the ISMS quality. Special feature of the proposed approach is the usage of a priori data as well as a posteriori data for the initial audit planning, and also the plan adjustment after each audit event. This gives the possibility to optimize the usage of audit resources in accordance with the selected criteria. Application examples of the technique are given while planning audit information security management system of the organization. The result of computational experiment based on the proposed technique showed that the time (cost audit costs can be reduced by 10-15% and, consequently, quality assessments obtained through audit resources allocation can be improved with respect to well-known methods of audit planning.
... SECURITY Committee Name: Homeland Security Information Network Advisory Committee (HSINAC) AGENCY... Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The Homeland Security Information Network... Homeland Security Information Network Advisory Committee (HSINAC) is an advisory body to the Homeland...
Grant, Robert Luther
Data breaches due to social engineering attacks and employee negligence are on the rise. The only known defense against social engineering attacks and employee negligence is information security awareness and training. However, implementation of awareness and training programs within organizations are lagging in priority. This research used the…
Edwards, Charles K.
Information security is a complex issue, which is very critical for success of modern businesses. It can be implemented with the help of well-tested global standards and best practices. However, it has been studied that the human aspects of information security compliance pose significant challenge to its practitioners. There has been significant…
The increasing concerns of clients, particularly in online commerce, plus the impact of legislations on information security have compelled companies to put more resources in information security. As a result, senior managers in many organizations are now expressing a much greater interest in
Up to date with the latest version of the Standard (ISO27001:2013), An Introduction to information security and ISO27001:2013 is the perfect solution for anyone wanting an accurate, fast, easy-to-read primer on information security from an acknowledged expert on ISO27001.
Klein, Rodrigo Hickmann; Luciano, Edimara Mezzomo
... show that there is an influence of information security orientations provided by organizations in the perception about severity of the threat. The relationship between threat, effort, control and disgruntlement, and the responsible behavior towards information security was verified through linear regression. The results also point out the significant...
... classifiable. (iii) The Postal Service shall forward all FOIA and mandatory review requests for national... 39 Postal Service 1 2010-07-01 2010-07-01 false National Security Information. 267.5 Section 267.5... information that is currently classified. (3) In the Custody of the Postal Service means any national security...
Full Text Available The field of information security includes diverse contents such as network security and computer forensics which are highly technical-oriented topics. In addition, information forensic requires the background of criminology. The information security also includes non-technical content such as information ethics and security laws. Because the diverse nature of information security, Shing et al. has proposed the use of team teaching and collaborative learning for the information security classes. Although team teaching seems to be efficient in information security, practically it needs a few challenges. The Purdue's case mentioned in Shing's paper has funding support of National Security Agency (NSA. However, a vast amount of resources may not be available for an instructor in a normal university. In addition, many obstacles are related to the administration problems. For example, how are the teaching evaluations computed if there are multiple instructors for a single course? How will instructors in a computer forensics class prepare students (criminal justice majors and information technology majors before taking the same class with diverse background? The paper surveyed approximately 25 students in a university in Virginia concerning the satisfaction of team-teaching. Finally, this paper describes ways to meet those challenges.
Κάτσαρης, Δημήτριος Σ.
In this Master’s thesis, the new trend in computer and information security industry called Security Information and Event Management systems will be covered. The evolution, advantages and weaknesses of these systems will be described, as well as a home-based implementation with open source tools will be proposed and implemented.
Chen, Ying-Pei; Hsieh, Sung-Huai; Cheng, Po-Hsun; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie
Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital.
Chen, Ying-Pei; Hsieh, Sung-Huai; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie
Abstract Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital. PMID:20815748
Full Text Available Data bases are one of the most important components in every large informatics system which stores and processes data and information. Because data bases contain all of the valuable information about a company, its clients, its financial activity, they represent one of the key elements in the structure of an organization, which determines imperatives such as confidentiality, integrity and ease of data access. The current paper discuses the integrity of data bases and it refers to the validity and the coherence of stored data. Usually, integrity is defined in connection with terms of constraint, that are rules regarding coherence which the data base cannot infringe. Data base that integrity refers to information correctness and assumes to detect, correct and prevent errors that might have an effect on the data comprised by the data bases.
Aim/Purpose: Violations of Information Systems (IS) security policies continue to generate great anxiety amongst many organizations that use information systems, partly because these violations are carried out by internal employees...
N. M. Nikiforova
Full Text Available The program of teaching foreign languages to information security professionals is aimed at unifying linguistic, extra linguistic and professional information distributed in the contents of the course.
Malackowski, Patrick C
.... This paper discusses the need to have the President build an information and communications strategy that keeps the American public informed and cognizant of the threat to our national security...
He, Wu; Yuan, Xiaohong; Yang, Li
Case-based learning has been widely used in many disciplines. As an effective pedagogical method, case-based learning is also being used to support teaching and learning in the domain of information security. In this paper, we demonstrate case-based learning in information security by sharing our experiences in using a case study to teach security…
He, Wu; Kshirsagar, Ashish; Nwala, Alexander; Li, Yaohang
In recent years, there has been a significant increase in the demand from professionals in different areas for improving the curricula regarding information security. The use of authentic case studies in teaching information security offers the potential to effectively engage students in active learning. In this paper, the authors introduce the…
CSABA LÁBODI; PÁL MICHELBERGER
Due to the inadequate mamagement of information security expectations and various unexpected information technology incidents, small and medium enterprises that lose data or have to cope with a lack of data over a certain period of time may lose business commissions or customers. A solution to this problem may be the regulated administration of information security, which may lower the amount of risks. Enterprises in this sector generally have not enough human, material and information techno...
Full Text Available This work precisely evaluates whether browser security warnings are as ineffective as proposed by popular sentiments and past writings. This research used different kinds of Android mobile browsers as well as desktop browsers to evaluate security warnings. Security experts and developers should give emphasis on making a user aware of security warnings and should not neglect aim of communicating this to users. Security experts and system architects should emphasis the goal of communicating security information to end users. In most of the browsers, security warnings are not emphasized, and browsers simply do not show warnings, or there are a number of ways to hide those warnings of malicious sites. This work precisely finds that how inconsistent browsers really are in prompting security warnings. In particular, majority of the modern mobile web browsers are vulnerable to these security threats. We find inconsistency in SSL warnings among web browsers. Based on this work, we make recommendations for warning designers and researchers.
Williams, Patricia A H
It is no small task to manage the protection of healthcare data and healthcare information systems. In an environment that is demanding adaptation to change for all information collection, storage and retrieval systems, including those for of e-health and information systems, it is imperative that good information security governance is in place. This includes understanding and meeting legislative and regulatory requirements. This chapter provides three models to educate and guide organisations in this complex area, and to simplify the process of information security governance and ensure appropriate and effective measures are put in place. The approach is risk based, adapted and contextualized for healthcare. In addition, specific considerations of the impact of cloud services, secondary use of data, big data and mobile health are discussed.
LOPES, S. F.
Full Text Available Hyperconnectivity due to online social networks exposed security issues on data stored in these systems. This article presents an analysis on how online social networks designers have been communicating information security aspects through these systems’ interfaces. This analysis was made using the Semiotic Inspection Method on Facebook since it is largely used in Brazil and all over the world. Results showed that there is major concern with security information properties. Nevertheless it was possible to identify interface problems that could compromise use and understanding of such security properties
Kovacich, Gerald L
Information systems security continues to grow and change based on new technology and Internet usage trends. In order to protect your organization's confidential information, you need information on the latest trends and practical advice from an authority you can trust. The new ISSO Guide is just what you need. Information Systems Security Officer's Guide, Second Edition, from Gerald Kovacich has been updated with the latest information and guidance for information security officers. It includes more information on global changes and threats, managing an international information secur
Information security is the act of protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction. This book discusses why information security is needed and how security problems can have widespread impacts. It covers the complete security lifecycle of products and services, starting with requirements and policy development and progressing through development, deployment, and operations, and concluding with decommissioning. Professionals in the sciences, engineering, and communications fields will turn to this resource to understand the many legal,
Zhou, Chao; Wang, Ziying; Guo, Jing; Guo, Yajuan; Huang, Wei
Informatization has penetrated the whole process of production and operation of electric power enterprises. It not only improves the level of lean management and quality service, but also faces severe security risks. The internal network terminal is the outermost layer and the most vulnerable node of the inner network boundary. It has the characteristics of wide distribution, long depth and large quantity. The user and operation and maintenance personnel technical level and security awareness is uneven, which led to the internal network terminal is the weakest link in information security. Through the implementation of security of management, technology and physics, we should establish an internal network terminal security protection system, so as to fully protect the internal network terminal information security.
Mijnhardt, F.; Baars, T.; Spruit, M.
In the current business environment, many organizations use popular standards such as the ISO 27000x series, COBIT and related frameworks to protect themselves against security incidents. However, these standards and frameworks are overly complicated for Small to Medium sized Enterprises, leaving
Silic, Mario; Back, Andrea
Part 1: Full Papers - Security and Open Standards; International audience; Nmap, free open source utility for network exploration or security auditing, today counts for thirteen million lines of code representing four thousand years of programming effort. Hackers can use it to conduct illegal activities, and information security professionals can use it to safeguard their network. In this dual-use context, question of trust is raised. Can we trust programmers developing open source dual use s...
Mohammed AbuTaha, Mousa Farajallah, Radwan Tahboub, Mohammad Odeh
Cryptography in the past was used in keeping military information, diplomatic correspondence secure andin protecting the national security. However, the use was limited. Nowadays, the range of cryptographyapplications have been expanded a lot in the modern area after the development of communicationmeans; cryptography is essentially required to ensure that data are protected against penetrations and toprevent espionage. Also, cryptography is a powerful mean in securing e-commerce. Cryptograph...
Mir, Omid; van der Weide, Theo; Lee, Cheng-Chi
Telecare medicine information systems (TMIS) have been known as an effective mechanism to increase quality and security of healthcare services. In other to the protection of patient privacy, several authentication schemes have been proposed in TMIS, however, most of them have a security problems. Recently, Das proposed a secure and robust password-based remote user authentication scheme for the integrated EPR information system. However, in this paper, we show that his scheme have some security flaws. Then, we shall propose a secure authentication scheme to overcome their weaknesses. We prove the proposed scheme with random oracle and also use the BAN logic to prove the correctness of the proposed scheme. Furthermore, we simulate our scheme for the formal security analysis using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool.
Yamamoto, Hirotsugu; Hayasaki, Yoshio; Nishida, Nobuo
We propose a secure display technique based on visual cryptography. The proposed technique ensures the security of visual information. The display employs a decoding mask based on visual cryptography. Without the decoding mask, the displayed information cannot be viewed. The viewing zone is limited by the decoding mask so that only one person can view the information. We have developed a set of encryption codes to maintain the designed viewing zone and have demonstrated a display that provides a limited viewing zone.
... OMB Review: Aviation Security Infrastructure Fee Records Retention AGENCY: Transportation Security... Aviation Security Infrastructure Fee (ASIF), including information about air carriers' and foreign air.... Information Collection Requirement Title: Aviation Security Infrastructure Fee Records Retention. Type of...
Yow, J Art
The ever-changing world of security electronics is reviewed in this article. The author focuses on its usage in a hospital setting and the need for safety/security and information systems departments to work together to protect and get full value from IP systems.
Correia, Anacleto; Gonçalves, António; Teodoro, M. Filomena
The availability, integrity and confidentiality of information are fundamental to the long-term survival of any organization. Information security is a complex issue that must be holistically approached, combining assets that support corporate systems, in an extended network of business partners, vendors, customers and other stakeholders. This paper addresses the conception and implementation of information security systems, conform the ISO/IEC 27000 set of standards, using the model-driven approach. The process begins with the conception of a domain level model (computation independent model) based on information security vocabulary present in the ISO/IEC 27001 standard. Based on this model, after embedding in the model mandatory rules for attaining ISO/IEC 27001 conformance, a platform independent model is derived. Finally, a platform specific model serves the base for testing the compliance of information security systems with the ISO/IEC 27000 set of standards.
Custer, William L.
Information security threats to educational institutions and their data assets have worsened significantly over the past few years. The rich data stores of institutional research are especially vulnerable, and threats from security breaches represent no small risk. New genres of threat require new kinds of controls if the institution is to prevent…
Pavone, Vincenzo; Ball, Kirstie; Degli Esposti, Sara; Dibb, Sally; Santiago-Gómez, Elvira
This article investigates the normative and procedural criteria adopted by European citizens to assess the acceptability of surveillance-oriented security technologies. It draws on qualitative data gathered at 12 citizen summits in nine European countries. The analysis identifies 10 criteria, generated by citizens themselves, for a socially informed security policy. These criteria not only reveal the conditions, purposes and operation rules that would make current European security policies and technologies more consistent with citizens' priorities. They also cast light on an interesting paradox: although people feel safe in their daily lives, they believe security could, and should, be improved.
Report #2006-P-00019, March 28, 2006. OSWER’s implemented practices to ensure production servers were being monitored for known vulnerabilities and personnel with significant security responsibility completed the Agency’s recommended security training.
Al-Jaljouli, Raja; Abawajy, Jemal
Mobile agents have been implemented in e-Commerce to search and filter information of interest from electronic markets. When the information is very sensitive and critical, it is important to develop a novel security protocol that can efficiently protect the information from malicious tampering as well as unauthorized disclosure or at least detect any malicious act of intruders. In this chapter, we describe robust security techniques that ensure a sound security of information gathered throughout agent’s itinerary against various security attacks, as well as truncation attacks. A sound security protocol is described, which implements the various security techniques that would jointly prevent or at least detect any malicious act of intruders. We reason about the soundness of the protocol usingSymbolic Trace Analyzer (STA), a formal verification tool that is based on symbolic techniques. We analyze the protocol in key configurations and show that it is free of flaws. We also show that the protocol fulfils the various security requirements of exchanged information in MAS, including data-integrity, data-confidentiality, data-authenticity, origin confidentiality and data non-repudiability.
Jun 9, 2015 ... security forces continued to serve the interests of the ruling elites rather than the security requirement of the people (Bendix .... Benjamin Adeniran Aluko. Enhancing Parliamentary Oversight for Effective Security Sector Reform in Democratic Nigeria. 4. Accountability;. 5. Public trust;. 6. Local ownership;. 7.
A. I. Trubei
Full Text Available The article presents the analysis of Grid-systems information security aspects, Also, risk assessment methods, using public databases, expert systems and statistical techniques are proposed.
Report #10-P-0146, June 15, 2010. Williams Adley found that EPA program offices lacked evidence that they planned and executed tests of information system security controls as required by federal requirements.
Manea, Constantin Adrian
The international management standards allow their integrated approach, thereby combining aspects of particular importance to the activity of any organization, from the quality management systems or the environmental management of the information security systems or the business continuity management systems. Although there is no national or international regulation, nor a defined standard for the Integrated Management System, the need to implement an integrated system occurs within the organization, which feels the opportunity to integrate the management components into a cohesive system, in agreement with the purpose and mission publicly stated. The issues relating to information security in the organization, from the perspective of the management system, raise serious questions to any organization in the current context of electronic information, reason for which we consider not only appropriate but necessary to promote and implement an Integrated Management System Quality - Environment - Health and Operational Security - Information Security
Caralli, Richard A; Stevens, James F; Young, Lisa R; Wilson, William R
...) methodology, OCTAVE Allegro. OCTAVE Allegro is a methodology to streamline and optimize the process of assessing information security risks so that an organization can obtain sufficient results with a small investment in time...
Full Text Available World wide the importance of Information Security Governance is demanding the attention of senior management. This is due to the ever-changing threat landscape requiring that organisations adopt a focussed approach towards the protection...
Full Text Available Three deficiencies exist in the organisational practice of information security risk management: risk assessments are commonly perfunctory, security risks are estimated without investigation; risk is assessed on an occasional (as opposed to continuous basis. These tendencies indicate that important data is being missed and that the situation awareness of decision-makers in many organisations is currently inadequate. This research-in-progress paper uses Endsley's situation awareness theory, and examines how the structure and functions of the US national security intelligence enterprise—a revelatory case of enterprise situation awareness development in security and risk management—correspond with Endsley’s theoretical model, and how facets of the US enterprise might be adapted to improve situation awareness in the information security risk management process of organisations.
Division 29947 Avenida de las Banderas Rancho Santa Margarita, CA 92688-7000 IDOCS; The IDOCS provides intrusion alarm monitoring, detection and...Lockit Security Device Controller, Dual Floppy/Hard Disk (ST-506) Controller, Dual Floppy/Hard Disk (SCSI) Primary Drive Secondary Drive Bay 3 DM...1.2M Floppy 1.4M Floppy 1.2M Floppy 1.4M Floppy Bay 4 1.2 GB Removable HD (SCSI) 80 MB Removable HD (ST-506) Model NO. 8705T 1.4M Floppy 60MB
Irvine, Cynthia E.; Levin, Timothy E.
A doctoral program in computer science with a specialization in information security is described. The focus of the program is constructive security. Key elements of the program are the strong computer science core upon which it builds, coursework on the theory and principles of information assurance, and a unifying research project. The doctoral candidate is a member of the project team, whose research contributes to the goals of the project and to fundamental advancements in high assurance ...
Ogiela, Marek R
This book details linguistic threshold schemes for information sharing. It examines the opportunities of using these techniques to create new models of managing strategic information shared within a commercial organisation or a state institution.
Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung
The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing
Glisson, William Bradley; Storer, Tim
Mobile devices, such as phones, tablets and laptops, expose businesses and governments to a multitude of information security risks. While Information Systems research has focused on the security and privacy aspects from the end-user perspective regarding mobile devices, very little research has been conducted within corporate environments. In this work, thirty-two mobile devices were returned by employees in a global Fortune 500 company. In the empirical analysis, a number of significant sec...
This paper provides an overview of the EU approach to securing critical information infrastructure, as defined in the Action Plan contained in the Commission Communication of March 2009, entitled 'Protecting Europe from large-scale cyber-attacks and disruptions: enhancing preparedness, security and resilience' and further elaborated by the Communication of May 2011 on critical Information infrastructure protection 'Achievements and next steps: towards global cyber-security'. After explaining the need for pan-European cooperation in this area, the CIIP Action Plan is explained in detail. Finally, the current state of progress is summarised together with the proposed next steps.
... 10 Energy 1 2010-01-01 2010-01-01 false Access to restricted data and national security... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...
exclusion (Durand-Lasserve, 2006). Likewise, land tenure in informal settlements is informally held and does not provide enough security for its residents. Since these settlements are not part of the formal land management system, there is a lack of reliable information necessary for planning as well as for the formulation of ...
The research problem addressed in this quantitative correlational study was the inadequacy of sound information security management (ISM) practices in K-12 school districts, despite their increasing ownership of information assets. Researchers have linked organizational and sociotechnical factors to the implementation of information security…
Increasing complexity and sophistication of ever evolving information technologies has spurred unique and unprecedented challenges for organizations to protect their information assets. Companies suffer significant financial and reputational damage due to ineffective information technology security management, which has extensively been shown to…
Information security plays a significant role in recent information society. Increasing number and impact of cyber attacks on information assets have resulted the increasing awareness among managers that attack on information is actually attack on organization itself. Unfortunately, particular model for information security evaluation for management levels is still not well defined. In this study, decision analysis based on Ternary Analytic Hierarchy Process (T-AHP) is proposed as a novel model to aid managers who responsible in making strategic evaluation related to information security issues. In addition, sensitivity analysis is applied to extend our analysis by using several "what-if" scenarios in order to measure the consistency of the final evaluation. Finally, we conclude that the final evaluation made by managers has a significant consistency shown by sensitivity analysis results.
Bovina I.B; Dvoryanchikov N.V; Budykin S.V
.... It is about addressing the problem of information security of children and adolescents, discuss the effects of observing violence in the mass media on the subsequent behaviour of viewers, refers...
Aydın, Özlem Müge; Chouseinoglou, Oumout
Health information systems (HIS) are a specific area of information systems (IS), where critical patient data is stored and quality health service is only realized with the correct use and efficient dissemination of this data to health workers. Therefore, a balance needs to be established between the levels of security and flow of information on HIS. Instead of implementing higher levels and further mechanisms of control to increase the security of HIS, it is preferable to deal with the arguably weakest link on HIS chain with respect to security: HIS users. In order to provide solutions and approaches for transforming users to the first line of defense in HIS but also to employ capable and appropriate candidates from the pool of newly graduated students, it is important to assess and evaluate the security awareness levels and characteristics of these existing and future users. This study aims to provide a new perspective to understand the phenomenon of security awareness of HIS users with the use of fuzzy analysis, and to assess the present situation of current and future HIS users of a leading medical and educational institution of Turkey, with respect to their security characteristics based on four different security scales. The results of the fuzzy analysis, the guide on how to implement this fuzzy analysis to any health institution and how to read and interpret these results, together with the possible implications of these results to the organization are provided.
Leaking of confidential material is a major threat to information security within organizations and to society as a whole. This insight has gained traction in the political realm since the activities of Wikileaks, which hopes to attack 'unjust' systems or 'conspiracies'. Eventually, such threats to information security rely on a biologistic argument on the benefits and drawbacks that uncontrolled leaking might pose for 'just' and 'unjust' entities. Such biological metaphors are almost exclusively based on the economic advantage of participants. Here, I introduce a mathematical model of the complex dynamics implied by leaking. The complex interactions of adversaries are modeled by coupled logistic equations including network effects of econo-communication networks. The modeling shows, that there might arise situations where the leaking envisioned and encouraged by Wikileaks and the like can strengthen the defending entity (the 'conspiracy'). In particular, the only severe impact leaking can have on an organization seems to originate in the exploitation of leaks by another entity the organization competes with. Therefore, the model suggests that leaks can be used as a `tactical mean' in direct adversary relations, but do not necessarily increase public benefit and societal immunization to 'conspiracies'. Furthermore, within the model the exploitation of the (open) competition between entities seems to be a more promising approach to control malicious organizations : divide-et-impera policies triumph here.
Full Text Available Leaking of confidential material is a major threat to information security within organizations and to society as a whole. This insight has gained traction in the political realm since the activities of Wikileaks, which hopes to attack 'unjust' systems or 'conspiracies'. Eventually, such threats to information security rely on a biologistic argument on the benefits and drawbacks that uncontrolled leaking might pose for 'just' and 'unjust' entities. Such biological metaphors are almost exclusively based on the economic advantage of participants. Here, I introduce a mathematical model of the complex dynamics implied by leaking. The complex interactions of adversaries are modeled by coupled logistic equations including network effects of econo-communication networks. The modeling shows, that there might arise situations where the leaking envisioned and encouraged by Wikileaks and the like can strengthen the defending entity (the 'conspiracy'. In particular, the only severe impact leaking can have on an organization seems to originate in the exploitation of leaks by another entity the organization competes with. Therefore, the model suggests that leaks can be used as a `tactical mean' in direct adversary relations, but do not necessarily increase public benefit and societal immunization to 'conspiracies'. Furthermore, within the model the exploitation of the (open competition between entities seems to be a more promising approach to control malicious organizations : divide-et-impera policies triumph here.
Leaking of confidential material is a major threat to information security within organizations and to society as a whole. This insight has gained traction in the political realm since the activities of Wikileaks, which hopes to attack ‘unjust’ systems or ‘conspiracies’. Eventually, such threats to information security rely on a biologistic argument on the benefits and drawbacks that uncontrolled leaking might pose for ‘just’ and ‘unjust’ entities. Such biological metaphors are almost exclusively based on the economic advantage of participants. Here, I introduce a mathematical model of the complex dynamics implied by leaking. The complex interactions of adversaries are modeled by coupled logistic equations including network effects of econo-communication networks. The modeling shows, that there might arise situations where the leaking envisioned and encouraged by Wikileaks and the like can strengthen the defending entity (the ‘conspiracy’). In particular, the only severe impact leaking can have on an organization seems to originate in the exploitation of leaks by another entity the organization competes with. Therefore, the model suggests that leaks can be used as a `tactical mean’ in direct adversary relations, but do not necessarily increase public benefit and societal immunization to ‘conspiracies’. Furthermore, within the model the exploitation of the (open) competition between entities seems to be a more promising approach to control malicious organizations : divide-et-impera policies triumph here. PMID:23227151
.... Classified National Security Information 13526 Order 13526 Presidential Documents Executive Orders Executive Order 13526 of December 29, 2009 EO 13526 Classified National Security Information This order prescribes a uniform system for classifying, safeguarding, and declassifying national security information...
Full Text Available Human health information from healthcare system can provide important diagnosis data and reference to doctors. However, continuous monitoring and security storage of human health data are challenging personal privacy and big data storage. To build secure and efficient healthcare application, Hadoop-based healthcare security communication system is proposed. In wireless biosensor network, authentication and key transfer should be lightweight. An ECC (Elliptic Curve Cryptography based lightweight digital signature and key transmission method are proposed to provide wireless secure communication in healthcare information system. Sunspot wireless sensor nodes are used to build healthcare secure communication network; wireless nodes and base station are assigned different tasks to achieve secure communication goal in healthcare information system. Mysql database is used to store Sunspot security entity table and measure entity table. Hadoop is used to backup and audit the Sunspot security entity table. Sqoop tool is used to import/export data between Mysql database and HDFS (Hadoop distributed file system. Ganglia is used to monitor and measure the performance of Hadoop cluster. Simulation results show that the Hadoop-based healthcare architecture and wireless security communication method are highly effective to build a wireless healthcare information system.
Computer Security: Introduction to information and computer security (1/4), by Sebastian Lopienski (CERN). Monday, 21 May, 2012 from 11:00 to 12:00 (Europe/Zurich) at CERN ( 31-3-004 - IT Auditorium ) Sebastian Lopienski is CERN's Deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and maintains security tools for vulnerability assessment and intrusion detection; provides training and awareness raising; and does incident investigation and response. During his work at CERN since 2001, Sebastian has had various assignments, including designing and developing software to manage and support services hosted in the CERN Computer Centre; providing Central CVS Service for software projects at CERN; and development of applications for accelerator controls in Java. He graduated from the University of Warsaw (MSc in Computer Science) in 2002, and earned an MBA degree at the Enterprise Administration Institute in Ai...
Yamamoto, Hirotsugu; Hayasaki, Yoshio; Nishida, Nobuo
Security has become an important issue as information technology has become increasingly pervasive in our everyday lives. Security risks arise with a display that shows decrypted information. In this paper, we propose a secure information display technique by use of visual cryptography. Its decryption requires no special computing devices and is implemented using only human vision. To improve security of the key to decode the encrypted displayed image, multiple decoding masks have been constructed based on visual secret sharing scheme. The proposed display appears as a random pattern to anyone who looks at it unless the person views the displayed image through stacked multiple decoding masks. We have constructed code sets to share the secret image information with a displayed image and multiple decoding masks. The decoding process is a kind of optical processing based on spatial encoding and it needs no computer calculation, which means that no decrypted data exists in a computer system. Thus, the proposed display technique is secure against theft of the decrypted data and eavesdropping of the display signals, and provides a limited viewing zone. Multiple decoding masks increase security of the decoding masks.
... OMB Review: Aviation Security Infrastructure Fee Records Retention AGENCY: Transportation Security... retention of certain information necessary for TSA to help set the Aviation Security Infrastructure Fee... Title: Aviation Security Infrastructure Fee Records Retention. Type of Request: Extension of a currently...
... OMB Review: Aviation Security Customer Satisfaction Performance Measurement Passenger Survey AGENCY... satisfaction of aviation security in an effort to more efficiently manage its security screening performance at.... Information Collection Requirement Title: Aviation Security Customer Satisfaction Performance Measurement...
Full Text Available The 21st century has been characterized by tremendous changes in mass-media systems. The rapid growth of the Internet, inspired by the progress of communication technologies and digitalization, has resulted in the rise of new interactive media. Developments contributing to the scope and speed of media production and distribution have drawn particular attention to the information security of audiences – in particular, to protecting children from content that might be harmful and not appropriate for their age. Unlike adults, who are accustomed to living in an information-rich society, children cannot understand and filter content. Digital media, with their profound effects on a young audience, definitely affect children’s psychology and emotions. Recognizing this development, the most economically advanced countries have elaborated specific media policies to ensure that children receive the advantages of new media and simultaneously are kept safe from harmful content. These policies, aimed at traditional media (press and analogue broadcasting, have been based on legal approaches, but in digital reality laws do not always produce the same desired effects because the law-making process often does not keep up with technological change. Governments, therefore, have to share their responsibilities with the nongovernmental – private business and civil– sectors. Even countries with strong government influence over public life, such as Singapore, are working toward a co-regulated and self-regulated mass-media industry. Many foreign countries, including those in Western Europe, North America, and Asia, already have experience with these policies. The article reviews practices in the field of media aimed at guaranteeing children’s information security and at opposing harmful content. It points to key aspects of the regulation of market-driven media content in different countries.
Lenaeus, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)
This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.
Dadkhah, Mehdi; Borchardt, Glenn; Lagzian, Mohammad
Nowadays, web-based applications extend to all businesses due to their advantages and easy usability. The most important issue in web-based applications is security. Due to their advantages, most academic journals are now using these applications, with papers being submitted and published through their websites. As these websites are resources for knowledge, information security is primary for maintaining their integrity. In this opinion piece, we point out vulnerabilities in certain websites and introduce the potential for future threats. We intend to present how some journals are vulnerable and what will happen if a journal can be infected by attackers. This opinion is not a technical manual in information security, it is a short inspection that we did to improve the security of academic journals.
Full Text Available The Human Aspects of Information Security Questionnaire (HAIS-Q is designed to measure Information Security Awareness. More specifically, the tool measures an individual’s knowledge, attitude, and self-reported behaviour relating to information security in the workplace. This paper reports on the reliability of the HAIS-Q, including test-retest reliability and internal consistency. The paper also assesses the reliability of three preliminary over-claiming items, designed specifically to complement the HAIS-Q, and identify those individuals who provide socially desirable responses. A total of 197 working Australians completed two iterations of the HAIS-Q and the over-claiming items, approximately 4 weeks apart. Results of the analysis showed that the HAIS-Q was externally reliable and internally consistent. Therefore, the HAIS-Q can be used to reliably measure information security awareness. Reliability testing on the preliminary over-claiming items was not as robust and further development is required and recommended. The implications of these findings mean that organisations can confidently use the HAIS-Q to not only measure the current state of employee information security awareness within their organisation, but they can also measure the effectiveness and impacts of training interventions, information security awareness programs and campaigns. The influence of cultural changes and the effect of security incidents can also be assessed.
Samy, Ganthan Narayana; Ahmad, Rabiah; Ismail, Zuraini
This article attempts to investigate the various types of threats that exist in healthcare information systems (HIS). A study has been carried out in one of the government-supported hospitals in Malaysia.The hospital has been equipped with a Total Hospital Information System (THIS). The data collected were from three different departments, namely the Information Technology Department (ITD), the Medical Record Department (MRD), and the X-Ray Department, using in-depth structured interviews. The study identified 22 types of threats according to major threat categories based on ISO/IEC 27002 (ISO 27799:2008). The results show that the most critical threat for the THIS is power failure followed by acts of human error or failure and other technological factors. This research holds significant value in terms of providing a complete taxonomy of threat categories in HIS and also an important component in the risk analysis stage.
Sitnica, A., E-mail: firstname.lastname@example.org [Westinghouse Electric Co., 1000 Westinghouse Drive, Cranberry Township, PA 16066 (United States)
No industry, organization, individual or even the government is immune to the information security risks which are associated with nuclear power. It can no longer be ignored, delayed or treated as unimportant. Nuclear safety is paramount to our industry, and cyber security must be woven into the fabric of our safety culture in order to succeed. Achieving this in an environment which has remained relatively unchanged and conservative prior to digitalisation demands a shift in behavior and culture. (Author)
... information conveyed in the body of the e-mail. A single linear text string showing the overall classification... sets forth guidance to agencies on original and derivative classification, downgrading.... Subpart B--Classification 2001.10 Classification standards. 2001.11 Original classification authority...
If you would like more information about how to print, save, and work with PDFs, Highwire Press provides a helpful Frequently Asked Questions about PDFs. Alternatively, you can download the PDF file directly to your computer, from where it can be opened using a PDF reader. To download the PDF, click the Download link ...
Tettero, Olaf; Tettero, O.
This book presents a systematic approach to embed information security issues in the design process of telematics systems. The approach supports both designers and user organisations. We elaborate on the activities that designers should perform to design telematics systems in which information
Imam, Abbas H.
Complexity of information security has become a major issue for organizations due to incessant threats to information assets. Healthcare organizations are particularly concerned with security owing to the inherent vulnerability of sensitive information assets in health informatics. While the non-technical security management elements have been at…
The growing demand for healthcare services is motivating hospitals to strengthen outpatient case management using information systems in order to serve more patients using the available resources. Though the use of information systems in outpatient case management raises patient data security
Full Text Available and terrorists, and these attacks threaten the substantial and ever-growing reliance of commerce, governments and the public upon the new technology to conduct business, carry messages and process information. The risks to ICT and Information Security in terms...
Data protection is a fundamental approach created to provide security and protection over information that are personal to individuals and are capable of identifying or leading towards the identification of individuals. Informational privacy in this context connotes the protection accorded to individuals in the processing, ...
An information security strategy of an organization participating in a networked business sets out the plans for designing a variety of actions that ensure confidentiality, availability, and integrity of company’s key information assets. The actions are concerned with authentication and
As enormous structured, semi-structured and unstructured data are collected and archived by organizations in many realms ranging from business to health networks to government agencies, the needs for efficient yet secure inter-organization information sharing naturally arise. Unlike early information sharing approaches that only involve a small…
I. S. Lebedev
Full Text Available The paper deals with the features of information security guaranteeing of the multi-agent robotic system with self-organizing behavior. The main attention is paid to the possibility of implementing information security threats on the level of interaction between the individual elements. The definitions “information impact” and “disorganization” are introduced for multi-agent robotic system. As a criterion for the system safety state assessment, probability is selected of number of items available at time t for required task execution of multi-agent robotic system, not suffering from the effects of the information impact. A method for estimating the probability of the multi-agent robotic system being in a safe state is proposed. The method is based on mathematical apparatus of Markov chains. Its distinction is the usage of functional dependencies for intensity information impact. The method gives the possibility to identify required characteristics of the individual elements in the early stages of development. Graphs of probability for secure system state of group of elements at different intensities of information impact by intruder and intensities are given, characterizing software and hardware capabilities of element output from the unsafe condition. The system behavior is modeled in the dynamics for different functional dependencies of the information impact intensity. An example of group consisting of four identical elements staying in a safe condition and attacking by three disorganizing elements is shown. Technique of obtaining numerical values for the intensities of information impact at successive instants is revealed.
Kurcheeva, G. I.; Denisov, V. V.; Khvorostov, V. A.
The article discusses issues related to comprehensive development and introduction of technologies such as “Smart city”. The urgency of accelerating the development of such highly organized systems, primarily in terms of reducing threats to information security, is emphasized in the paper. In accordance with authors’ analysis of the composition and structure of the threats to information security, “Accessibility”, “Integrity” and “Confidentiality” are highlighted. Violation of any of them leads to harmful effects on the information and other system resources. The protection of “Accessibility” mobilizes one third of all efforts to ensure information security that must be taken into account when allocating protective actions. The threats associated with failure of the supporting infrastructure are also significantly reduced. But the threats associated with failures of the system itself and failures of users are clearly increasing. There is a high level of society and production informatization, and the threats to information security are changing accordingly.
Anatoliy Alexandrovich Malyuk
Full Text Available During the formation of information society the problem of determining the demand for IS personnel (DfISP, consisting of IS specialists and IS practitioners, is of particular relevance at present. The goal of the paper is to calculate the demand for IS specialists (DfISS. To achieve it we used the informal heuristic methods and introduced some important indicators for DfISP forecast. As a validation of the conceptual approach proposed we show how to apply it on the regional level of one country on one real-world example. All the reasoning and calculations can be narrowed down to the DfISS forecasting within one corporation or IS professionals of a specific profile.
... SBSR--Reporting and Dissemination of Security-Based Swap Information AGENCY: Securities and Exchange... proposing Regulation SBSR--Reporting and Dissemination of Security-Based Swap Information (``Regulation SBSR... for the reporting of security- based swap information to registered security-based swap data...
... responsible for the information security program. 8.3 Section 8.3 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL NATIONAL SECURITY INFORMATION § 8.3 Senior FEMA official responsible for the information security program. The Director of the Security...
Objective: The purpose of this article is to identify the positive values of the organisational culture, which have an impact on the effectiveness of information security management in the company. Methods: The study was performed based on a case study. The study was divided into two stages. The first stage consisted of conducting an interview with a person responsible for the information security in the studied company. While the second stage assumed obtaining the opinions of employees regar...
Bess, Donald Arlo
Information systems are considered to be a critical and strategic part of most organizations today. Because of this it has become increasingly important to ensure that there is an effective information security program in place protecting those information systems. It has been well established by researchers that the success of an information…
Full Text Available Today's, Organizations are exposed with huge and diversity of information and information assets that are produced in different systems shuch as KMS, financial and accounting systems, official and industrial automation sysytems and so on and protection of these information is necessary. Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released.several benefits of this model cuses that organization has a great trend to implementing Cloud computing. Maintaining and management of information security is the main challenges in developing and accepting of this model. In this paper, at first, according to "design science research methodology" and compatible with "design process at information systems research", a complete categorization of organizational assets, including 355 different types of information assets in 7 groups and 3 level, is presented to managers be able to plan corresponding security controls according to importance of each groups. Then, for directing of organization to architect it’s information security in cloud computing environment, appropriate methodology is presented. Presented cloud computing security architecture , resulted proposed methodology, and presented classification model according to Delphi method and expers comments discussed and verified.
William R. Simpson
Full Text Available Increasing threat intrusions to enterprise computing systems have led to a formulation of guarded enterprise systems. The approach was to put in place steel gates and prevent hostile entities from entering the enterprise domain. The current complexity level has made the fortress approach to security implemented throughout the defense, banking, and other high trust industries unworkable. The alternative security approach presented in this paper is the result of a concentrated fourteen year program of pilots and research. Its distributed approach has no need for passwords or accounts and derives from a set of tenets that form the basic security model requirements. At each step in the process it determines identities and claims for access and privileges. These techniques are resilient, secure, extensible, and scalable. They are currently being implemented for a major enterprise, and are a candidate for other enterprise security approaches. This paper discusses the Enterprise Level Security architecture, a web-based security architecture designed to select and incorporate technology into a cohesive set of policies and rules for an enterprise information system. The paper discusses the history, theoretical underpinnings, implementation decisions, current status, and future plans for expansion of capabilities and scale.
Gary C. Kessler
Full Text Available Libicki, M.C. (2007. Conquest in Cyberspace: National Security and Information Warfare. New York: Cambridge University Press. 323 pages, ISBN: 978-0-521-69214-4 (paper, US$80Reviewed by Gary C. Kessler (email@example.comMany books -- and even movies ("Live Free or Die Hard" -- are based upon the premise of an impending information war. In these scenarios -- made all too plausible by the increased frequency with which we read about and experience major information security incidents -- a Bad Guy exploits known computer security vulnerabilities in order to control major national infrastructures via the Internet so as to reap financial, economic, and/or personal power.(see PDF for full review
He, Ying; Johnson, Chris
Security incidents can have negative impacts on healthcare organizations, and the security of medical records has become a primary concern of the public. However, previous studies showed that organizations had not effectively learned lessons from security incidents. Incident learning as an essential activity in the "follow-up" phase of security incident response lifecycle has long been addressed but not given enough attention. This paper conducted a case study in a healthcare organization in China to explore their current obstacles in the practice of incident learning. We interviewed both IT professionals and healthcare professionals. The results showed that the organization did not have a structured way to gather and redistribute incident knowledge. Incident response was ineffective in cycling incident knowledge back to inform security management. Incident reporting to multiple stakeholders faced a great challenge. In response to this case study, we suggest the security assurance modeling framework to address those obstacles.
... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...
... December 29, 2009 Implementation of the Executive Order, ``Classified National Security Information... entitled, ``Classified National Security Information'' (the ``order''), which substantially advances my... National Security Advisor will undertake in cooperation with the Public Interest Declassification Board to...
Sebastian Lopienski is CERN's Deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and maintains security tools for vulnerability assessment and intrusion detection; provides training and awareness raising; and does incident investigation and response. During his work at CERN since 2001, Sebastian has had various assignments, including designing and developing software to manage and support services hosted in the CERN Computer Centre; providing Central CVS Service for software projects at CERN; and development of applications for accelerator controls in Java. He graduated from the University of Warsaw (MSc in Computer Science) in 2002, and earned an MBA degree at the Enterprise Administration Institute in Aix-en-Provence and Haute Ecole de Gestion in Geneva in 2010. His professional interests include software and network security, distributed systems, and Web and mobile technologies. With the prevalence of modern information te...
Liu, Chia-Hui; Chung, Yu-Fang; Chen, Tzer-Shyong; Wang, Sheng-De
With the progress and the development of information technology, the internal data in medical organizations have become computerized and are further established the medical information system. Moreover, the use of the Internet enhances the information communication as well as affects the development of the medical information system that a lot of medical information is transmitted with the Internet. Since there is a network within another network, when all networks are connected together, they will form the "Internet". For this reason, the Internet is considered as a high-risk and public environment which is easily destroyed and invaded so that a relevant protection is acquired. Besides, the data in the medical network system are confidential that it is necessary to protect the personal privacy, such as electronic patient records, medical confidential information, and authorization-controlled data in the hospital. As a consequence, a medical network system is considered as a network requiring high security that excellent protections and managerial strategies are inevitable to prevent illegal events and external attacks from happening. This study proposes secure medical managerial strategies being applied to the network environment of the medical organization information system so as to avoid the external or internal information security events, allow the medical system to work smoothly and safely that not only benefits the patients, but also allows the doctors to use it more conveniently, and further promote the overall medical quality. The objectives could be achieved by preventing from illegal invasion or medical information being stolen, protecting the completeness and security of medical information, avoiding the managerial mistakes of the internal information system in medical organizations, and providing the highly-reliable medical information system.
Pankaj Pandey; Einar Snekkenes
For many individuals and organizations, cyber-insurance is the most practical and only way of handling a major financial impact of an information security event. However, the cyber-insurance market suffers from the problem of information asymmetry, lack of product diversity, illiquidity, high transaction cost, and so on. On the other hand, in theory, capital market-based financial instruments can provide a risk transfer mechanism with the ability to absorb the adverse impact of an information...
Jiang, Shan; Wang, Yurong; Long, Tao; Meng, Xiangfeng; Yang, Xiulun; Shu, Rong; Sun, Baoqing
An information security scheme based on computational temporal ghost imaging is proposed. A sequence of independent 2D random binary patterns are used as encryption key to multiply with the 1D data stream. The cipher text is obtained by summing the weighted encryption key. The decryption process can be realized by correlation measurement between the encrypted information and the encryption key. Due to the instinct high-level randomness of the key, the security of this method is greatly guaranteed. The feasibility of this method and robustness against both occlusion and additional noise attacks are discussed with simulation, respectively.
Full Text Available Javad Zarei,1 Farahnaz Sadoughi2 1Health Information Management, Health Management and Economics Research Center, School of Health Management and Information Science, Iran University of Medical Sciences, Tehran, Islamic Republic of Iran, 2Health Information Management Department, School of Health Management and Information Science, Iran University of Medical Sciences, Tehran, Islamic Republic of Iran Background: In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs, which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran.Materials and methods: This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health.Results: Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals.Conclusion: Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security
Zarei, Javad; Sadoughi, Farahnaz
In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.
Full Text Available The safety provided by a well configured firewall is no excuse for neglecting the standard security procedures;setting up and installing a firewall is the first line of defense and not a full proof solution, auditing being only onecomponent of the system, whilst the other is protecting the resources and when we consider auditing as being theprocess of recording certain events that take place on a computer or within a network, we must come to the conclusionthat this is the only technique that allows us to identify the source of a possible issue within the network.Information security is used as a means to protect the intellectual property rights, whilst the main objective insetting up an information security system is to enlist the confidence of prospective business partners. In accordancewith the legal requisites and the principle of maximizing one’s investment, regardless of the many forms it could take,or the means through which it is stored, transmitted or distributed, information must be protected.Information security is not only a technical problem, but mainly a managerial issue, as the security standard,ISO/IEC 17799 meets the needs of any type of organization, be it public or private, through a series of practices relatedto the management of information security.This paper aims to present the process of taking entry data from a plethora of programs and storing it in acentral location. Due to its flexibility, this process can be a useful auditing instrument, as long as we are familiar withthe way it works and how the events are recorded.
SABAU-POPA CLAUDIA DIANA
Full Text Available The information confidentiality and cyber security risk affects the right to confidentiality and privacy of the patient, as regulated in Romania by the Law 46/2002. The manifestation of the cyber security risk event affects the reputation of the healthcare institution and is becoming more and more complex and often due to the: development of network technology, the medical equipment connected to wifi and the electronic databases. The databases containing medical records were implemented due to automation. Thus, transforming data into medical knowledge contribute to a better understanding of the disease. Due to these factors, the measures taken by the hospital management for this type of risk are adapted to the cyber changes. The hospital objectives aim: the implementation of a robust information system, the early threats identifications and the incident reporting. Neglecting this type of risk can generate financial loss, inability to continue providing health care services for a certain period of time, providing an erroneous diagnosis, medical equipment errors etc. Thus, in a digital age the appropriate risk management for the information security and cyber risk represent a necessity. The main concern of hospitals worldwide is to align with international requirements and obtain credentials in terms of data security from the International Organisation for Standardization, which regulates the management of this type of risk. Romania is at the beginning in terms of concerns regarding the management, avoidance and mitigation of information security, the health system being most highly exposed to its manifestation. The present paper examines the concerns of the health system to the confidentiality of information and cyber security risk and its management arrangements. Thus, a set of key risk indicators is implemented and monitored for 2011-2013, using a user interface, a Dashboard, which acts as an early warning system of the manifestation of the
Chen, Tzer-Long; Chung, Yu-Fang; Lin, Frank Y S
Changes in global population and demography, and advances in medicine have led to elderly population growth, creating aging societies from which elderly medical care has evolved. In addition, with the elderly susceptible to chronic diseases, this together with the changing lifestyles of young adults have not only pushed up patient numbers of chronic diseases, but also effected into younger patients. These problems have become the major focus for the health care industry. In response to patient demand and the huge shortage of medical resources, we propose remote healthcare medical information systems that combine patient physiological data acquisition equipment with real-time health care analyses. Since remote health care systems are structured around the Internet, in addition to considering the numerous public systems spread across insecure heterogeneous networks, compatibility among heterogeneous networks will also be another concern. To address the aforementioned issues, mobile agents are adopted. With a mobile agent's characteristics of easy adaptability to heterogeneity and autonomy, the problem of heterogeneous network environments can be tackled. To construct a hierarchical safe access control mechanism for monitoring and control of patient data in order to provide the most appropriate medical treatment, we also propose to use the Chinese Remainder Theorem and discrete logarithm to classify different levels of monitoring staff and hence, to grant permission and access according to their authorized levels. We expect the methods proposed can improve medical care quality and reduce medical resource wastage, while ensuring patient privacy. Finally, security analysis of the system is conducted by simulating a variety of typical attacks, from which it can be concluded that the constructed remote healthcare information system be secure.
Dana Ramona ANDRISESCU
Full Text Available Mobile devices are used everywhere, from making acall to store huge volume of information. But together withdevices shrinking and rise of storage space on a single device webring to mind the problem of trusting the stored information.Trusting the information and assuring its quality meansknowing the security threats these devices face and measuresthat should be taken. Many questions rise from here like “Whathappens when a mobile device is used by several persons andespecially employees?”, “Is that information reliable andoriginal?”, “Who is responsible for a device and its security?”.We are going to see in this paper that information quality can beassured even on portable devices by using the adequate securitymeasures.
... 10 Energy 2 2010-01-01 2010-01-01 false Security facility approval and safeguarding of National Security Information and Restricted Data. 76.119 Section 76.119 Energy NUCLEAR REGULATORY COMMISSION... approval and safeguarding of National Security Information and Restricted Data. The requirements for...
Feng, Nan; Wu, Harris; Li, Minqiang; Wu, Desheng; Chen, Fuzan; Tian, Jin
Information sharing across organisations is critical to effectively managing the security risks of inter-organisational information systems. Nevertheless, few previous studies on information systems security have focused on inter-organisational information sharing, and none have studied the sharing of inferred beliefs versus factual observations. In this article, a multiagent collaborative model (MACM) is proposed as a practical solution to assess the risk level of each allied organisation's information system and support proactive security treatment by sharing beliefs on event probabilities as well as factual observations. In MACM, for each allied organisation's information system, we design four types of agents: inspection agent, analysis agent, control agent, and communication agent. By sharing soft findings (beliefs) in addition to hard findings (factual observations) among the organisations, each organisation's analysis agent is capable of dynamically predicting its security risk level using a Bayesian network. A real-world implementation illustrates how our model can be used to manage security risks in distributed information systems and that sharing soft findings leads to lower expected loss from security risks.
Ayyagari, Ramakrishna; Figueroa, Norilyz
Information Security issues are one of the top concerns of CEOs. Accordingly, information systems education and research have addressed security issues. One of the main areas of research is the behavioral issues in Information Security, primarily focusing on users' compliance to information security policies. We contribute to this literature by…
In information security research, perceived security usually has a negative meaning, when it is used in contrast to actual security. From a phenomenological perspective, however, perceived security is all we have. In this paper, we develop a phenomenological account of information security, where we
In information security research, perceived security usually has a negative meaning, when it is used in contrast to actual security. From a phenomenological perspective, however, perceived security is all we have. This paper develops a phenomenological account of information security, in which a
Pollacia, Lissa; Ding, Yan Zong; Yang, Seung
This paper presents a project which was conducted in a capstone course in Information Security. The project focused on conducting research concerning the various aspects of phishing, such as why phishing works and who is more likely to be deceived by phishing. Students were guided through the process of conducting research: finding background and…
Sims, J. Eric
Information security has been a particularly hot topic since the enhanced internal control requirements of Sarbanes-Oxley (SOX) were introduced in 2002. At about this same time, cloud computing started its explosive growth. Outsourcing of mission-critical functions has always been a gamble for managers, but the advantages of cloud computing are…
This paper exposes security vulnerabilities of the web based Open Source Information Systems (OSIS) from both system angle and human perspectives.It shows the extent of risk that can likely hinder adopting organization from attaning full intended benefits of using OSIS software. To undertake this study, a case study ...
Full Text Available The lack of a fully inclusive guideline document to assist the functioning of sufficient Information Security Governance is common in the business environment. This article focuses on developing such a guideline document, based on a number of best...
The objective of my research is to improve and support the process of Information security Risk Assessment by designing a scalable Risk argumentation framework for socio-digital-technical Risk. Due to the various types of IT systems, diversity of architectures and dynamic nature of Risk, there is no
Woodward, Belle; Imboden, Thomas; Martin, Nancy L.
This paper describes the implementation of an information security program at a large Midwestern university. The initial work is briefly summarized and improvements that have occurred over time are described. Current activities and future plans are discussed. This paper offers insight and lessons learned for organizations that have or are…
Calder, A; Watkins, S
Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software.
... computer viruses. The contractor shall be responsible for examining all such products prior to their... resulting from computer virus damage or malicious destruction of computer information arising from the... Virus Security. 2452.239-71 Section 2452.239-71 Federal Acquisition Regulations System DEPARTMENT OF...
Watkins, Steve G
This new pocket guide will suit both individuals who need an introduction to a topic that they know little about, and also organizations implementing, or considering implementing, some sort of information security management regime, particularly if using ISO/IEC 27001:2005
Alaíde Barbosa Martins
Full Text Available Information security has actually been a major challenge to most organizations. Indeed, information security is an ongoing risk management process that covers all of the information that needs to be protected. ISO 17799 offers what companies need in order to better manage information security. The best way to implement this standard is to ease the security management process using a methodology that will define will define guidelines, procedures and tools that will be needed along the way. Hence, this paper proposes a methodology to assist companies in assessing their compliance with BS 7799/ ISO 17799 as well as planning and implementing the actions necessary to become compliant or certified to the standard. The concepts and ideas presented here had been applied in a case study involving the Cetrel S/A - Company of Environmental Protection. For this company, responsible for treatment of industrial residues generated by the Camaçari Petrochemical Complex and adjacent areas, to assure confidentiality and integrity of customers' data is a basic requirement.
Chavez, Gregory M [Los Alamos National Laboratory; Key, Brian P [Los Alamos National Laboratory; Zerkle, David K [Los Alamos National Laboratory; Shevitz, Daniel W [Los Alamos National Laboratory
The security risk associated with malevolent acts such as those of terrorism are often void of the historical data required for a traditional PRA. Most information available to conduct security risk assessments for these malevolent acts is obtained from subject matter experts as subjective judgements. Qualitative reasoning approaches such as approximate reasoning and evidential reasoning are useful for modeling the predicted risk from information provided by subject matter experts. Absent from these approaches is a consistent means to compare the security risk assessment results. Associated with each predicted risk reasoning result is a quantifiable amount of information uncertainty which can be measured and used to compare the results. This paper explores using entropy measures to quantify the information uncertainty associated with conflict and non-specificity in the predicted reasoning results. The measured quantities of conflict and non-specificity can ultimately be used to compare qualitative reasoning results which are important in triage studies and ultimately resource allocation. Straight forward extensions of previous entropy measures are presented here to quantify the non-specificity and conflict associated with security risk assessment results obtained from qualitative reasoning models.
Takamura, Eduardo; Gomez-Rosa, Carlos A.; Mangum, Kevin; Wasiak, Fran
As the first interplanetary mission managed by the NASA Goddard Space Flight Center, the Mars Atmosphere and Volatile EvolutioN (MAVEN) had three IT security goals for its ground system: COMPLIANCE, (IT) RISK REDUCTION, and COST REDUCTION. In a multiorganizational environment in which government, industry and academia work together in support of the ground system and mission operations, information security governance, risk management, and compliance (GRC) becomes a challenge as each component of the ground system has and follows its own set of IT security requirements. These requirements are not necessarily the same or even similar to each other's, making the auditing of the ground system security a challenging feat. A combination of standards-based information security management based on the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), due diligence by the Mission's leadership, and effective collaboration among all elements of the ground system enabled MAVEN to successfully meet NASA's requirements for IT security, and therefore meet Federal Information Security Management Act (FISMA) mandate on the Agency. Throughout the implementation of GRC on MAVEN during the early stages of the mission development, the Project faced many challenges some of which have been identified in this paper. The purpose of this paper is to document these challenges, and provide a brief analysis of the lessons MAVEN learned. The historical information documented herein, derived from an internal pre-launch lessons learned analysis, can be used by current and future missions and organizations implementing and auditing GRC.
Hajrahimi, Nafiseh; Dehaghani, Sayed Mehdi Hejazi; Sheikhtaheri, Abbas
Health Information System (HIS) is considered a unique factor in improving the quality of health care activities and cost reduction, but today with the development of information technology and use of internet and computer networks, patients' electronic records and health information systems have become a source for hackers. This study aims at checking health information security of three selected medical centers in Iran using AHP fuzzy and TOPSIS compound model. To achieve that security measures were identified, based on the research literature and decision making matrix using experts' points of view. Among the 27 indicators, seven indicators were selected as effective indicators and Fuzzy AHP technique was used to determine the importance of security indicators. Based on the comparisons made between the three selected medical centers to assess the security of health information, it is concluded that Chamran hospital has the most acceptable level of security and attention in three indicators of "verification and system design, user access management, access control system", Al Zahra Hospital in two indicators of "access management and network access control" and Amin Hospital in "equipment safety and system design". In terms of information security, Chamran Hospital ranked first, Al-Zahra Hospital ranked second and Al- Zahra hospital has the third place.
Kim, Hyun Tae; Park, Jee Won; Ko Han Suk [Korea Atomic Energy Research Institute, Taejon (Korea, Republic of)
A Geographical Information System (GIS) is usually defined as an information system for capturing, checking, storing, retrieving, manipulating, analyzing, and displaying spatial and relevant non-spatial data. Here 'spatial' means 'geo-referenced to the earth'. It is estimated that about 80% of the data used in business and government are of spatial type. The georeferenced information on sensitive location is usually protected as the highest level of confidentiality by the most information system. This paper discusses a commercial satellite imagery based secure Intranet GIS which runs the Microsoft .NET technology.
Zacharovas, Stanislovas; Bakanas, RamÅ«nas; Bulanovs, Andrejs; Varadarajan, Vadivelan
New combined embossed hologram originating technique was developed by the international team of holography experts. The technique merges deep 3D holographic images with commonly used hologram security features. Deep 3D images were first recorded on photoresist with Geola's holographic printer containing their proprietary pulsed laser. Optical security features were then overexposed onto the photoresist plates containing latent images of deep 3D scenes. The photoresist plates with several exposures (containing optical security features and deep 3D images) were developed. Embossed holograms, containing such effective public security features as full colour 3D images, guilloches, rainbow patterns were manufactured. Manufactured embossed holograms also contained such optical security features as microtext and laser readable hidden image.
Sergey Dmitrievich Kulik
Full Text Available This article deals with the special means, which allow to protect the information in the document. They are an integral part of the automated tools of ensuring the information security. It is proposed the use of a special input device PC Notes Taker. The results of experimental verification of the effectiveness of forensic handwriting techniques are described.
Dongquan Chen; Chen, Wei-Bang; Soong, Mayhue; Soong, Seng-Jaw; Orthner, Helmuth F
Organizations that have limited resources need to conduct clinical studies in a cost-effective, but secure way. Clinical data residing in various individual databases need to be easily accessed and secured. Although widely available, digital certification, encryption, and secure web server, have not been implemented as widely, partly due to a lack of understanding of needs and concerns over issues such as cost and difficulty in implementation. The objective of this study was to test the possibility of centralizing various databases and to demonstrate ways of offering an alternative to a large-scale comprehensive and costly commercial product, especially for simple phase I and II trials, with reasonable convenience and security. We report a working procedure to transform and develop a standalone Access database into a secure Web-based secure information system. For data collection and reporting purposes, we centralized several individual databases; developed, and tested a web-based secure server using self-issued digital certificates. The system lacks audit trails. The cost of development and maintenance may hinder its wide application. The clinical trial databases scattered in various departments of an institution could be centralized into a web-enabled secure information system. The limitations such as the lack of a calendar and audit trail can be partially addressed with additional programming. The centralized Web system may provide an alternative to a comprehensive clinical trial management system.
Full Text Available This work is approached through the lens of compliant security by drawing on the concepts of neutralization theory, a prominent postulation in the criminology domain and the 'big five' personality construct. This research is conducted based on a case study of ISO/IEC27001 Standard certified banks, to empirically evaluate the link between cybersecurity protocols violation and how employees rationalise security behaviour. We propose that compliance-based security has the propensity for a heightened sense of false security and vulnerability perception; by showing that systemic security violation in compliance-based security models can be explained by the level of linkages from the personality construct and the neutralization theory. Building on the survey responses from banking organization employees and the application of partial least square structural equation modelling (PLS-SME analysis to test the hypotheses and validate survey samples, we draw a strong inference to support the importance of individual security scenario effect as a vital complementary element of compliance-based security. Based on our initial findings, conceptual principles and practical guidelines for reducing insider threats and improving employees' compliance is presented. We then suggest how information security protocol violations can be addressed in that context.
Fiscal 1999 technical achievement report. Research and development project on the quickly effective international standards creation (Standardization of information security system evaluating methods); 1999 nendo sokkogata kokusai hyojun sosei kenkyu kaihatsu jigyo seika hokokusho. Joho security system no hyoka hoho no hyojunka
For standardization under information security evaluation criteria, an evaluating technique CEM (Common Methodology for Information Technology Security Evaluation) was constructed as ISI/IEC15408. The method, however, is abstract in content and the evaluation work thereunder requires much time and accompanies economic difficulties. In dealing with the situation, investigations were conducted into security evaluation related techniques and manufacturing/quality control techniques in use at information processing product developing sites, and a CEM technique is materialized. Using the proposed technique, developers themselves can evaluate security in the development process and workloads imposed on evaluating organizations may be reduced because evidential items necessary for 3rd party evaluation may be gathered. Since the developed technique is verified by an official evaluating organization, it is expected to be an effective techniques not contradicting existing operating techniques. It may be also said that this technique is a method whereby developers will collect evidential items necessary for their development efforts. The result will be presented in the form of a proposal for an evaluating techniques standard for ISO/IEC JTC1 SC27. (NEDO)
Gritzalis, Dimitris; Lambrinoudakis, Costas
Several hereditary and other chronic diseases necessitate continuous and complicated health care procedures, typically offered in different, often distant, health care units. Inevitably, the medical records of patients suffering from such diseases become complex, grow in size very fast and are scattered all over the units involved in the care process, hindering communication of information between health care professionals. Web-based electronic medical records have been recently proposed as the solution to the above problem, facilitating the interconnection of the health care units in the sense that health care professionals can now access the complete medical record of the patient, even if it is distributed in several remote units. However, by allowing users to access information from virtually anywhere, the universe of ineligible people who may attempt to harm the system is dramatically expanded, thus severely complicating the design and implementation of a secure environment. This paper presents a security architecture that has been mainly designed for providing authentication and authorization services in web-based distributed systems. The architecture has been based on a role-based access scheme and on the implementation of an intelligent security agent per site (i.e. health care unit). This intelligent security agent: (a). authenticates the users, local or remote, that can access the local resources; (b). assigns, through temporary certificates, access privileges to the authenticated users in accordance to their role; and (c). communicates to other sites (through the respective security agents) information about the local users that may need to access information stored in other sites, as well as about local resources that can be accessed remotely.
... SECURITY Notice of Meeting of the Homeland Security Information Network Advisory Committee, Tuesday, August... meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSINAC) will meet from... Homeland Security Information Network Advisory Committee is to identify issues and provide to senior...
... SECURITY Homeland Security Information Network Advisory Committee (HSINAC); Meeting AGENCY: OPS/OCIO, DHS... Security Information Network Advisory Committee (HSINAC) will meet on Tuesday, June 25th, 2013 from 1 p.m...: http://www.dhs.gov/homeland-security-information-network-advisory-committee . There is a meeting room...
... 7 Agriculture 14 2010-01-01 2009-01-01 true Account and security information in UCC cases. 1962.14... Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after receipt of a written request from the borrower, the Agency must inform the borrower of the security and the total unpaid...
... 10 Energy 2 2010-01-01 2010-01-01 false Protection of National Security Information and Restricted... CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Physical Security § 95.25 Protection of National Security Information and Restricted Data in storage. (a) Secret matter, while...
... 10 Energy 2 2010-01-01 2010-01-01 false Access to matter classified as National Security... SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a...
Williams, Patricia A H
Australia is stepping up to the new e-health environment. With this comes new legislation and new demands on information security. The expanded functionality of e-health and the increased legislative requirements, coupled with new uses of technology, means that enhancement of existing security practice will be necessary. This paperanalyses the new operating environment for Australian healthcare and the legislation governing it, and highlights the changes that are required to meet this new context. Individuals are now more responsible for security and organisations should be prompted to review their security measures in light of the new demands of legislative compliance.
The effects of community-wide dissemination of information on perceptions of palliative care, knowledge about opioids, and sense of security among cancer patients, their families, and the general public.
Akiyama, Miki; Hirai, Kei; Takebayashi, Toru; Morita, Tatsuya; Miyashita, Mitsunori; Takeuchi, Ayano; Yamagishi, Akemi; Kinoshita, Hiroya; Shirahige, Yutaka; Eguchi, Kenji
Prejudices against palliative care are a potential barrier to quality end-of-life care. There have been few large-scale community-wide interventions to distribute appropriate information about palliative care, and no studies have investigated their impact on cancer patients, their families, and the general public. Thus, we conducted a 3-year community intervention and evaluated the effects of distributing such information at the community level, and explored associations among levels of exposure, perceptions, knowledge, and the sense of security achieved. Over a period of 3 years, we provided flyers, booklets, posters, and public lectures about palliative care in four regions of Japan, and carried out pre- and post-intervention surveys with repeated cross-sectional samplings of cancer patients (pre 859, post 857), bereaved family members (1110, 1137), and the general public (3984, 1435). The levels of exposure to the provided information were measured by a multiple-choice questionnaire after intervention. Multiple logistic regression analyses were used to estimate multivariable-adjusted odds ratios (ORs) for perceptions of palliative care, knowledge about opioids, and sense of security among the exposure groups. Overall perceptions of palliative care, opioids, and receiving care at home improved significantly among the general public and families, but not among the patients at the community level. However, multiple regression revealed that patients of extensive exposure category had significantly more positive perceptions of palliative care to those of non-exposure category (p = 0.02). The sense of security regarding cancer care of all patients, family members, and the general public improved. Among others, the respondents who reported extensive exposure in the general public and family members scored significantly higher sense of security. Our findings indicate that providing palliative care information via small media and lectures in the community is
Jianye, Zhang; Qinshun, Zeng; Yiyang, Song; Cunbin, Li
To assess and prevent the smart grid information security risks more effectively, this paper provides risk index quantitative calculation method based on absorbing Markov chain to overcome the deficiencies that links between system components were not taken into consideration and studies mostly were limited to static evaluation. The method avoids the shortcomings of traditional Expert Score with significant subjective factors and also considers the links between information system components, which make the risk index system closer to the reality. Then, a smart grid information security risk assessment model on the basis of set pair analysis improved by Markov chain was established. Using the identity, discrepancy, and contradiction of connection degree to dynamically reflect the trend of smart grid information security risk and combining with the Markov chain to calculate connection degree of the next period, the model implemented the smart grid information security risk assessment comprehensively and dynamically. Finally, this paper proves that the established model is scientific, effective, and feasible to dynamically evaluate the smart grid information security risks.
... Infrastructure Protection; Chemical Security Awareness Training Program AGENCY: National Protection and Programs... currently approved information collection request (ICR) for the Chemical Security Awareness Training Program... Management Office. ] Title: Chemical Security Awareness Training Program. OMB Number: 1670-0009. CSATP...
... Administration Extension of Agency Information Collection Activity Under OMB Review: Aviation Security Customer.... The collection involves surveying travelers to measure customer satisfaction of aviation security in...; Aviation Security Customer Satisfaction Performance Measurement Passenger Survey. TSA, with OMB's approval...
... National Security Division: Agency Information Collection Activities: Proposed Collection; Comments... (Foreign Agents). The Department of Justice (DOJ), National Security Division (NSD), will be submitting the... & Constitution Avenue, NW., National Security Division, Counterespionage Section/ Registration Unit, Bond...
... MANAGEMENT Submission for Renewal: Information Collection; Questionnaire for National Security Positions... persons under consideration for or retention in national security sensitive positions as defined in... national security. The SF 86 is completed by civilian employees of the Federal Government, military...
Liu, Chia-Hui; Chung, Yu-Fang; Chiang, Te-Wei; Chen, Tzer-Shyong; Wang, Sheng-De
Different patient-related information in medical organizations is the primary reference for medical personnel diagnosing, treating, and caring patients. With the rapid development of information technology, paper-based medical records have gradually been changed to electronic forms. However, different medical organizations present individual system specifications and data-saving formats so that the medical information of the same patient cannot be exchanged, shared, and securely accessed. In order not to largely change the present medical information systems as well as not to increase abundant costs, Virtual Integrated Medical-information Systems (VIMS) is proposed to assist various hospitals in information exchange. Furthermore, with Mobile Agent, the dispersed medical information can be securely integrated. It presents confidentiality, non-repudiation, source authentication, and integrity in network transmission. Virtual Integrated Medical-information Systems (VIMS) is a virtual electronic integration system combined with Mobile Agent technology. With the features of independence, adaptability, mobility, objectives, and autonomy, Mobile Agent is applied to overcome the problems from heterogeneous systems. With the features, the over-dispersed medical records can be integrated. Moreover, Mobile Agent can ensure the instantaneity and usability of medical records from which doctors can make the most appropriate evaluation and diagnoses. It will avoid the waste of medical resources, such as repetition medication, as well as become the reference of further consultation or health check. Not only can it improve the medical care quality, but it can be provided for medical research.
Pereira, Samáris Ramiro; Fernandes, João Carlos Lopes; Labrada, Luis; Bandiera-Paiva, Paulo
In health, Information Systems are patient records, hospital administration or other, have advantages such as cost, availability and integration. However, for these benefits to be fully met, it is necessary to guarantee the security of information maintained and provided by the systems. The lack of security can lead to serious consequences such as lawsuits and induction to medical errors. The management of information security is complex and is used in various fields of knowledge. Often, it is left in the background for not being the ultimate goal of a computer system, causing huge financial losses to corporations. This paper by systematic review methodologies, presented a mapping in the literature, in order to identify the most relevant aspects that are addressed by security researchers of health information, as to the development of computerized systems. They conclude through the results, some important aspects, for which the managers of computerized health systems should remain alert.
A. I. Afonin
Full Text Available In accordance with the new version of the “Information Security Doctrine of the Russian Federation (adopted in December 2016, in information security agenda its information-psychological component was selected for further study. Attention is drawn to the need to ensure the information-psychological security of certain categories of citizens, social groups and society in general, taking into account a differentiated approach to assessing threats that arise in the course of their life. The article briefly considers the science rank among the forms of the human activities and notes that when involving in science-based and science-applied activities the near-scientific activity, which is often briefly referred to as pseudoscience, shows up as one of the threats.The article presents main forms to show of the near-scientific (pseudoscientific activity, namely parascience, quasi-science, pseudoscience, and monetary scientism.Drawing on the example of one of the near-scientific activity products, called "psychotronic weapon", the article clearly shows the emergence and evolution of this pseudoscientific product, the attempts of its implementation in practice, and the subsequent negative consequences of these attempts for society.Taking into account the survivability of the near-scientific activity, it is proposed to include lectures in the curricula of technical universities to introduce threats from pseudoscience to graduates of higher educational institutions who may face them both in their employment activity and in everyday life.
... RULEMAKING PROCEDURES Rulemaking Procedures General § 11.35 Does FAA include sensitive security information and proprietary information in the Federal Docket Management System (FDMS)? (a) Sensitive security information. You should not submit sensitive security information to the rulemaking docket, unless you are...
Takamura, Eduardo; Mangum, Kevin
The National Aeronautics and Space Administration (NASA) invests millions of dollars in spacecraft and ground system development, and in mission operations in the pursuit of scientific knowledge of the universe. In recent years, NASA sent a probe to Mars to study the Red Planet's upper atmosphere, obtained high resolution images of Pluto, and it is currently preparing to find new exoplanets, rendezvous with an asteroid, and bring a sample of the asteroid back to Earth for analysis. The success of these missions is enabled by mission assurance. In turn, mission assurance is backed by information assurance. The information systems supporting NASA missions must be reliable as well as secure. NASA - like every other U.S. Federal Government agency - is required to manage the security of its information systems according to federal mandates, the most prominent being the Federal Information Security Management Act (FISMA) of 2002 and the legislative updates that followed it. Like the management of enterprise information technology (IT), federal information security management takes a "one-size fits all" approach for protecting IT systems. While this approach works for most organizations, it does not effectively translate into security of highly specialized systems such as those supporting NASA missions. These systems include command and control (C&C) systems, spacecraft and instrument simulators, and other elements comprising the ground segment. They must be carefully configured, monitored and maintained, sometimes for several years past the missions' initially planned life expectancy, to ensure the ground system is protected and remains operational without any compromise of its confidentiality, integrity and availability. Enterprise policies, processes, procedures and products, if not effectively tailored to meet mission requirements, may not offer the needed security for protecting the information system, and they may even become disruptive to mission operations
Full Text Available Cloud computing has made it possible for private companies to make rapid changes in their computing environments. However, in the public sector, security issues hinder institutions from adopting cloud computing. To solve these security challenges, in this paper, we propose a methodology for information security management, which quantitatively classifies the importance of information in cloud systems in the public sector. In this study, we adopt a Delphi approach to establish the classification criteria of the proposed methodology in an objective and systematic manner. Further, through a case study of a public corporation, we try to validate the usefulness of the proposed methodology. The results of this study will help public institutions to consider introducing cloud computing and to manage cloud systems effectively and securely.
Kongtip, Pornpimol; Nankongnab, Noppanun; Chaikittiporn, Chalermchai; Laohaudomchok, Wisanti; Woskie, Susan; Slatin, Craig
Informal workers in Thailand lack employee status as defined under the Labor Protection Act (LPA). Typically, they do not work at an employer's premise; they work at home and may be self-employed or temporary workers. They account for 62.6 percent of the Thai workforce and have a workplace accident rate ten times higher than formal workers. Most Thai Labor laws apply only to formal workers, but some protect informal workers in the domestic, home work, and agricultural sectors. Laws that protect informal workers lack practical enforcement mechanisms and are generally ineffective because informal workers lack employment contracts and awareness of their legal rights. Thai social security laws fail to provide informal workers with treatment of work-related accidents, diseases, and injuries; unemployment and retirement insurance; and workers' compensation. The article summarizes the differences in protections available for formal and informal sector workers and measures needed to decrease these disparities in coverage. © The Author(s) 2015.
Security technologies are not the answer to all school security problems. However, they can be an excellent tool for school administrators and security personnel when incorporated into a total security strategy involving personnel, procedures, and facility layout. Unfortunately, very few of the tougher security problems in schools have solutions that are affordable, effective, and acceptable. Like any other type of facility, a school's security staff must understand the strengths and limitations of the security measures they are c
Hadlington, Lee; Parsons, Kathryn
Researchers have noted potential links between Internet addiction, the use of work computers for nonwork purposes and an increased risk of threat to the organization from breaches in cybersecurity. However, much of this research appears conjectural in nature and lacks clear empirical evidence to support such claims. To fill this knowledge gap, a questionnaire-based study explored the link between cyberloafing, Internet addiction, and information security awareness (ISA). A total of 338 participants completed an online questionnaire, which comprised of the Online Cognition Scale, Cyberloafing Scale, and the Human Aspects of Information Security Questionnaire. Participants who reported higher Internet addiction and cyberloafing tendencies had lower ISA, and Internet addiction and cyberloafing predicted a significant 45 percent of the variance in ISA. Serious cyberloafing, such as the propensity to visit adult websites and online gambling, was shown to be the significant predictor for poorer ISA. Implications for organizations and recommendations to reduce or manage inappropriate Internet use are discussed.
Identity-theft means stealing someone's personal information and using it without his or her permission. Each year, millions of Americans are becoming the victims of identity-theft, and this is one of the seriously growing and widespread issues in the U.S. This study examines the effect of electronic devices self-efficacy, electronic devices…
E. V. Belokurova
Full Text Available The article discusses the different approaches to assessing the safety of confidential information-term for information and telecommunication systems of various pre-appreciable destination in the presence of internal and external threats to its integrity and availability. The difficulty of ensuring the security of confidential information from exposure to information and telecommunication systems of external and internal threats at the present time, is of particular relevance. This problem is confirmed by the analysis of available statistical information on the impact of threats on the security circulating in the information and telecommunications system. Leak confidential information, intellectual property, information, know-how is the result of significant material and moral damage caused to the owner of the restricted information. The paper presents the structure of the indicators and criteria shows that the most promising are analytical criteria. However, their use to assess the level of security of confidential information is difficult due to the lack of appropriate mathematical models. The complexity of the problem is that existing traditional mathematical models are not always appropriate for the stated objectives. Therefore, it is necessary to develop mathematical models designed to assess the security of confidential information and its impact on information and telecommunication system threats.
Zandona, David J; Thompson, Jon M
In the past decade, public and private organizations have experienced a significant and alarming rise in the number of data breaches. Across all sectors, there seems to be no safe haven for the protection of information. In the health care industry, the trend is even worse. Information security is at an unbelievable low point, and it is unlikely that government oversight can fix this issue. Health care organizations have ramped up their approaches to addressing the problem; however, these initiatives are often incremental rather than transformational. Hospitals need an overall organization-wide strategy to prevent breaches from occurring and to minimize effects if they do occur. This article provides an analysis of the literature related to health information security and offers a suggested strategy for hospital administrators to follow in order to create a more secure environment for patient health information.
Peltier, Thomas R
INFORMATION SECURITY POLICIES AND PROCEDURES Introduction Corporate Policies Organizationwide (Tier 1) Policies Organizationwide Policy Document Legal Requirements Duty of Loyalty Duty of Care Other Laws and Regulations Business Requirements Where to Begin? Summary Why Manage This Process as a Project? Introduction First Things First: Identify the Sponsor Defining the Scope of Work Time Management Cost Management Planning for Quality Managing Human Resources Creating a Communications Plan Summary Planning and Preparation Introduction Objectives of Policies, Stand
Olga V. Lukinova
Full Text Available Examines the specific issues of building functional and technological profiles of the security systems to ensure the safety of information systems in the paradigm of functional standardization; shows a view of the system of protection based on the model of OSE/RM; studied the composition and structure of the concept of "defense mechanism" for the purpose of profiling third instalment correction representation of the system of protection.
... SECURITY Transportation Security Administration Intent To Request Approval From OMB of One New Public Collection of Information: Security Program for Hazardous Materials Motor Carriers & Shippers AGENCY: Transportation Security Administration, DHS. ACTION: 60 Day Notice. SUMMARY: The Transportation Security...
Full Text Available The paper presents a mathematical model for the optimal security-technology investment evaluation and decision-making processes based on the quantitative analysis of security risks and digital asset assessments in an enterprise. The model makes use of the quantitative analysis of different security measures that counteract individual risks by identifying the information system processes in an enterprise and the potential threats. The model comprises the target security levels for all identified business processes and the probability of a security accident together with the possible loss the enterprise may suffer. The selection of security technology is based on the efficiency of selected security measures. Economic metrics are applied for the efficiency assessment and comparative analysis of different protection technologies. Unlike the existing models for evaluation of the security investment, the proposed model allows direct comparison and quantitative assessment of different security measures. The model allows deep analyses and computations providing quantitative assessments of different options for investments, which translate into recommendations facilitating the selection of the best solution and the decision-making thereof. The model was tested using empirical examples with data from real business environment.
Al Quhtani Masoud
Full Text Available Background: The globalization era has brought with it the development of high technology, and therefore new methods of preserving and storing data. New data storing techniques ensure data are stored for longer periods of time, more efficiently and with a higher quality, but also with a higher data abuse risk. Objective: The goal of the paper is to provide a review of the data mining applications for the purpose of corporate information security, and intrusion detection in particular. Methods/approach: The review was conducted using the systematic analysis of the previously published papers on the usage of data mining in the field of corporate information security. Results: This paper demonstrates that the use of data mining applications is extremely useful and has a great importance for establishing corporate information security. Data mining applications are directly related to issues of intrusion detection and privacy protection. Conclusions: The most important fact that can be specified based on this study is that corporations can establish a sustainable and efficient data mining system that will ensure privacy and successful protection against unwanted intrusions.
Shaw, Ruey-Shiang; Keh, Huan-Chao; Huang, Nan-Ching; Huang, Tien-Chuan
Information Security Awareness, though known as a primary and important issue in the domain of Information Security, CSI computer crime and security survey showed poor security awareness training in public and private sectors. In many studies, the authors have found that the usage of knowledge maps helps the process of learning and conception…
... Bureau of Industry and Security Proposed Information Collection; Comment Request; National Security and Critical Technology Assessments of the U.S. Industrial Base AGENCY: Bureau of Industry and Security... of U.S. industrial base sectors deemed critical to U.S. national security. The information gathered...
Veenstra, Anne; Ramilli, Marco
Part 4: Architecture, Security and Interoperability; International audience; Joining up service delivery of multiple organizations often requires public organizations to exchange citizens’ information. To ensure their privacy and realize information security, controlling data access is paramount. However, limited research was found on issues that emerge when realizing data access control in inter-organizational collaboration. Security is typically achieved by implementing security patterns, w...
We investigate the problem of secure broadcasting over fast fading channels with imperfect main channel state information (CSI) at the transmitter. In particular, we analyze the effect of the noisy estimation of the main CSI on the throughput of a broadcast channel where the transmission is intended for multiple legitimate receivers in the presence of an eavesdropper. Besides, we consider the realistic case where the transmitter is only aware of the statistics of the eavesdropper’s CSI and not of its channel’s realizations. First, we discuss the common message transmission case where the source broadcasts the same information to all the receivers, and we provide an upper and a lower bounds on the ergodic secrecy capacity. For this case, we show that the secrecy rate is limited by the legitimate receiver having, on average, the worst main channel link and we prove that a non-zero secrecy rate can still be achieved even when the CSI at the transmitter is noisy. Then, we look at the independent messages case where the transmitter broadcasts multiple messages to the receivers, and each intended user is interested in an independent message. For this case, we present an expression for the achievable secrecy sum-rate and an upper bound on the secrecy sum-capacity and we show that, in the limit of large number of legitimate receivers K, our achievable secrecy sum-rate follows the scaling law log((1−) log(K)), where is the estimation error variance of the main CSI. The special cases of high SNR, perfect and no-main CSI are also analyzed. Analytical derivations and numerical results are presented to illustrate the obtained expressions for the case of independent and identically distributed Rayleigh fading channels.
Karlov, A. A.
The growing demand for qualified specialists in advanced information technologies poses serious challenges to the education and training of young personnel for science, industry and social problems. Virtualization as a way to isolate the user from the physical characteristics of computing resources (processors, servers, operating systems, networks, applications, etc.), has, in particular, an enormous influence in the field of education, increasing its efficiency, reducing the cost, making it more widely and readily available. The study of Information Security of computer systems is considered as an example of use of virtualization in education.
Samuel T. C. Thompson
Full Text Available Social engineering is the use of nontechnical means to gain unauthorized access to information or computer systems. While this method is recognized as a major security threat in the computer industry, little has been done to address it in the library field. This is of particular concern because libraries increasingly have access to databases of both proprietary and personal information. This tutorial is designed to increase the awareness of library staff in regard to the issue of social engineering.
... 5 Administrative Personnel 2 2010-01-01 2010-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems § 930.301 Information systems security awareness training program. Each Executive Agency must develop a...
Collmann, Jeff; Cooper, Ted
This case study describes and analyzes a breach of the confidentiality and integrity of personally identified health information (e.g. appointment details, answers to patients' questions, medical advice) for over 800 Kaiser Permanente (KP) members through KP Online, a web-enabled health care portal. The authors obtained and analyzed multiple types of qualitative data about this incident including interviews with KP staff, incident reports, root cause analyses, and media reports. Reasons at multiple levels account for the breach, including the architecture of the information system, the motivations of individual staff members, and differences among the subcultures of individual groups within as well as technical and social relations across the Kaiser IT program. None of these reasons could be classified, strictly speaking, as "security violations." This case study, thus, suggests that, to protect sensitive patient information, health care organizations should build safe organizational contexts for complex health information systems in addition to complying with good information security practice and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) of 1996.
Iguehi Joy Ikenwe
Full Text Available Information security is an important issue and a growing concern that affects all sectors in this digital age. Lack of information security can lead to confidential information being accessed by unauthorized persons or integrity of information being compromised. In light of these, the present study addresses information security in developing countries. There are six objectives to guide the study. Findings reveal that information security is an important area, worthy of attention. As such, awareness should be enhanced among all stakeholders in information management. Possible challenges to information security are stated and recommendations proffered.
Li, Angsheng; Hu, Qifu; Liu, Jun; Pan, Yicheng
Recently, Li and Pan defined the metric of the K-dimensional structure entropy of a structured noisy dataset G to be the information that controls the formation of the K-dimensional structure of G that is evolved by the rules, order and laws of G, excluding the random variations that occur in G. Here, we propose the notion of resistance of networks based on the one- and two-dimensional structural information of graphs. Given a graph G, we define the resistance of G, written , as the greatest overall number of bits required to determine the code of the module that is accessible via random walks with stationary distribution in G, from which the random walks cannot escape. We show that the resistance of networks follows the resistance law of networks, that is, for a network G, the resistance of G is , where and are the one- and two-dimensional structure entropies of G, respectively. Based on the resistance law, we define the security index of a network G to be the normalised resistance of G, that is, . We show that the resistance and security index are both well-defined measures for the security of the networks.
Robertson, F. Russell [Grid Protection Alliance, Chattanooga, TN (United States); Carroll, J. Ritchie [Grid Protection Alliance, Chattanooga, TN (United States); Sanders, William [Univ. of Illinois, Urbana-Champaign, IL (United States); Yardley, Timothy [Univ. of Illinois, Urbana-Champaign, IL (United States); Heine, Erich [Univ. of Illinois, Urbana-Champaign, IL (United States); Hadley, Mark [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); McKinnon, David [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Motteler, Barbara [Alstom Grid Inc., Levallois-Perret Cedex (France); Giri, Jay [Grid Protection Alliance, Chattanooga, TN (United States); Walker, William [PJM Interconnection (PJM), Norristown, PA (United States); McCartha, Esrick [PJM Interconnection (PJM), Norristown, PA (United States)
The major objectives of the SIEGate project were to improve the security posture and minimize the cyber-attack surface of electric utility control centers and to reduce the cost of maintaining control-room-to-control-room information exchange. Major project goals included the design, development, testing, and commercialization of a single security-hardened appliance that could meet industry needs for resisting cyber-attacks while protecting the confidentiality and integrity of a growing volume of real-time information needed to ensure the reliability of the bulk electric system and interoperating with existing data formats and networking technologies. The SIEGate project has achieved its goals and objectives. The SIEGate Design Document, issued in March 2012, presented SIEGate use cases, provided SIEGate requirements, established SIEGate design principles, and prescribed design functionality of SIEGate as well as the components that make up SIEGate. SIEGate Release Version 1.0 was posted in January 2014. Release Version 1.0.83, which was posted on March 28, 2014, fixed many issues discovered by early adopters and added several new features. Release Candidate 1.1, which added additional improvements and bug fixes, was posted in June 2014. SIEGate executables have been downloaded more than 300 times. SIEGate has been tested at PJM, Entergy, TVA, and Southern. Security testing and analysis of SIEGate has been conducted at PNNL and PJM. Alstom has provided a summary of recommended steps for commercialization of the SIEGate Appliance and identified two deployment models with immediate commercial application.
... outage. The National Institute of Standards and Technology's (NIST) Computer Security Division maintains a Computer Security Resource Center (CSRC) that provides free information to government and non... issues. Topics in this publication include: Protecting information systems from damage by viruses...
Curiac, Daniel-Ioan; Pachia, Mihai
Information security represents the cornerstone of every data processing system that resides in an organisation's trusted network, implementing all necessary protocols, mechanisms and policies to be one step ahead of possible threats. Starting from the need to strengthen the set of security services, in this article we introduce a new and innovative process named controlled information destruction (CID) that is meant to secure sensitive data that are no longer needed for the organisation's future purposes but would be very damaging if revealed. The disposal of this type of data has to be controlled carefully in order to delete not only the information itself but also all its splinters spread throughout the network, thus denying any possibility of recovering the information after its alleged destruction. This process leads to a modified model of information assurance and also reconfigures the architecture of any information security management system. The scheme we envisioned relies on a reshaped information lifecycle, which reveals the impact of the CID procedure directly upon the information states.
This thesis aims to have an overview of the current studies in the development of information security policy. The research is based on a systematical literature review. The study focuses on the development process of information security policy and other relevant issues in information security policy development within organizations. There are four research questions are proposed based on this topic: 1) what are the functions of information security policy; 2) what kind of stakeholders shoul...
Luisa Parraguez Kobek
Full Text Available Habeas Data is not a commonly known concept, yet it is widely acknowledged in certain circles that deal with information security and data protection. Though it has been around for decades, it has recently gained momentum in Latin America. It is the legal notion that protects any and all information pertaining to the individual, from personal to financial, giving them the power to decide how and where such data can be used. At the same time, most Latin American countries have created laws that protect individuals if their information is misused. This article examines the concept of Habeas Data from its inception to its current applications, and explains the different approaches and legislations passed in Latin American countries on data protection due to the rise of global cybercrime.
Duebendorfer, Thomas; Frei, Stefan
We analyze the effectiveness of different Web browser update mechanisms on various operating systems; from Google Chrome's silent update mechanism to Opera's update requiring a full re-installation. We use anonymized logs from Google's world wide distributed Web servers. An analysis of the logged HTTP user-agent strings that Web browsers report when requesting any Web page is used to measure the daily browser version shares in active use. To the best of our knowledge, this is the first global scale measurement of Web browser update effectiveness comparing four different Web browser update strategies including Google Chrome. Our measurements prove that silent updates and little dependency on the underlying operating system are most effective to get users of Web browsers to surf the Web with the latest browser version.
Yasnoff, William A
Patient-centric repositories of health records are an important component of health information infrastructure. However, patient information in a single repository is potentially vulnerable to loss of the entire dataset from a single unauthorized intrusion. A new health record storage architecture, the personal grid, eliminates this risk by separately storing and encrypting each person's record. The tradeoff for this improved security is that a personal grid repository must be sequentially searched since each record must be individually accessed and decrypted. To allow reasonable search times for large numbers of records, parallel processing with hundreds (or even thousands) of on-demand virtual servers (now available in cloud computing environments) is used. Estimated search times for a 10 million record personal grid using 500 servers vary from 7 to 33min depending on the complexity of the query. Since extremely rapid searching is not a critical requirement of health information infrastructure, the personal grid may provide a practical and useful alternative architecture that eliminates the large-scale security vulnerabilities of traditional databases by sacrificing unnecessary searching speed. Copyright © 2016 Elsevier Inc. All rights reserved.
... National Institute of Standards and Technology Open Meeting of the Information Security and Privacy...: The Information Security and Privacy Advisory Board (ISPAB) will meet Thursday, December 19, 2013... Act, as amended, 5 U.S.C. App., notice is hereby given that the Information Security and Privacy...
... RECORDS ADMINISTRATION Information Security Oversight Office; State, Local, Tribal, and Private Sector... matters relating to the Classified National Security Information Program for State, Local, Tribal, and... number of individuals planning to attend must be submitted to the Information Security Oversight Office...
... National Institute of Standards and Technology Open Meeting of the Information Security and Privacy...: The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, October 9, 2013, from... Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, October 9, 2013, from 8:00 a.m...
Olijnyk, Nicholas Victor
The central aim of the current research is to explore and describe the profile, dynamics, and structure of the information security specialty. This study's objectives are guided by four research questions: 1. What are the salient features of information security as a specialty? 2. How has the information security specialty emerged and evolved from…
... information processors: form of application and amendments. 242.609 Section 242.609 Commodity and Securities....609 Registration of securities information processors: form of application and amendments. (a) An application for the registration of a securities information processor shall be filed on Form SIP (§ 249.1001...
... Proceedings Involving Restricted Data and/or National Security Information § 2.911 Admissibility of restricted data or other national security information. A presiding officer shall not receive any Restricted Data or other National Security Information in evidence unless: (a) The relevance and materiality of the...
... national security-classified information? 1256.70 Section 1256.70 Parks, Forests, and Public Property... HISTORICAL MATERIALS Access to Materials Containing National Security-Classified Information § 1256.70 What controls access to national security-classified information? (a) The declassification of and public access...
... Proceedings Involving Restricted Data and/or National Security Information § 2.907 Notice of intent to introduce restricted data or national security information. (a) If, at the time of publication of a notice... Restricted Data or National Security Information into the proceeding, it will file a notice of intent to...
... FAH 11, Information Assurance Handbook. (c) Submittal of IT Security Plan. Within 30 days after... Provisions and Clauses 652.239-71 Security Requirements for Unclassified Information Technology Resources. As prescribed in 639.107-70(b), insert the following clause: Security Requirements for Unclassified Information...
White, Garry L.; Hewitt, Barbara; Kruck, S. E.
Over the years, the news media has reported numerous information security incidents. Because of identity theft, terrorism, and other criminal activities, President Obama has made information security a national priority. Not only is information security and assurance an American priority, it is also a global issue. This paper discusses the…
Tomlinson, J J; Elliott-Smith, W; Radosta, T
A chain of custody (COC) is required in many laboratories that handle forensics, drugs of abuse, environmental, clinical, and DNA testing, as well as other laboratories that want to assure reliability of reported results. Maintaining a dependable COC can be laborious, but with the recent establishment of the criteria for electronic records and signatures by US regulatory agencies, laboratory information management systems (LIMSs) are now being developed to fully automate COCs. The extent of automation and of data reliability can vary, and FDA- and EPA-compliant electronic signatures and system security are rare.
Tomlinson, J. J.; Elliott-Smith, W.; Radosta, T.
A chain of custody (COC) is required in many laboratories that handle forensics, drugs of abuse, environmental, clinical, and DNA testing, as well as other laboratories that want to assure reliability of reported results. Maintaining a dependable COC can be laborious, but with the recent establishment of the criteria for electronic records and signatures by US regulatory agencies, laboratory information management systems (LIMSs) are now being developed to fully automate COCs. The extent of automation and of data reliability can vary, and FDA- and EPA-compliant electronic signatures and system security are rare. PMID:17671623
PERSEREC examined government requirements that cleared supervisors and employees report to security managers behavior they observe among subordinates and coworkers that they believe to be security-relevant...
Iannarelli, John G
Information Governance and Security shows managers in any size organization how to create and implement the policies, procedures and training necessary to keep their organization's most important asset-its proprietary information-safe from cyber and physical compromise. Many intrusions can be prevented if appropriate precautions are taken, and this book establishes the enterprise-level systems and disciplines necessary for managing all the information generated by an organization. In addition, the book encompasses the human element by considering proprietary information lost, damaged, or destroyed through negligence. By implementing the policies and procedures outlined in Information Governance and Security, organizations can proactively protect their reputation against the threats that most managers have never even thought of. Provides a step-by-step outline for developing an information governance policy that is appropriate for your organization Includes real-world examples and cases to help illustrate key ...
Susanto, Heru; Almunawar, Mohammad Nabil; Tuan, Yong Chee; Aksoy, Mehmet Sabih
Multimedia Information security becomes a important part for the organization's intangible assets. Level of confidence and stakeholder trusted are performance indicator as successes organization, it is imperative for organizations to use Information Security Management System (ISMS) to effectively manage their multimedia information assets. The main objective of this paper is to Provide a novel practical framework approach to the development of ISMS, Called by the I-SolFramework, implemented ...
Security incidents resulting from human error or subversive actions have caused major financial losses, reduced business productivity or efficiency, and threatened national security. Some research suggests that information system security frameworks lack emphasis on human involvement as a significant cause for security problems in a rapidly…
Full Text Available The generalized fuzzy present value of a security is defined here as fuzzy valued utility of cash flow. The generalized fuzzy present value cannot depend on the value of future cash flow. There exists such a generalized fuzzy present value which is not a fuzzy present value in the sense given by some authors. If the present value is a fuzzy number and the future value is a random one, then the return rate is given as a probabilistic fuzzy subset on a real line. This kind of return rate is called a fuzzy probabilistic return. The main goal of this paper is to derive the family of effective securities with fuzzy probabilistic return. Achieving this goal requires the study of the basic parameters characterizing fuzzy probabilistic return. Therefore, fuzzy expected value and variance are determined for this case of return. These results are a starting point for constructing a three-dimensional image. The set of effective securities is introduced as the Pareto optimal set determined by the maximization of the expected return rate and minimization of the variance. Finally, the set of effective securities is distinguished as a fuzzy set. These results are obtained without the assumption that the distribution of future values is Gaussian. (original abstract
Fernando, Juanita I; Dawson, Linda L
This manuscript describes the health information system security threat lifecycle (HISSTL) theory. The theory is grounded in case study data analyzing clinicians' health information system (HIS) privacy and security (P&S) experiences in the practice context. The 'questerview' technique was applied to this study of 26 clinicians situated in 3 large Australian (across Victoria) teaching hospitals. Questerviews rely on data collection that apply standardized questions and questionnaires during recorded interviews. Analysis (using Nvivo) involved the iterative scrutiny of interview transcripts to identify emergent themes. Issues including poor training, ambiguous legal frameworks containing punitive threats, productivity challenges, usability errors and the limitations of the natural hospital environment emerged from empirical data about the clinicians' HIS P&S practices. The natural hospital environment is defined by the permanence of electronic HISs (e-HISs), shared workspaces, outdated HIT infrastructure, constant interruption, a P&S regulatory environment that is not conducive to optimal training outcomes and budgetary constraints. The evidence also indicated the obtrusiveness, timeliness, and reliability of P&S implementations for clinical work affected participant attitudes to, and use of, e-HISs. The HISSTL emerged from the analysis of study evidence. The theory embodies elements such as the fiscal, regulatory and natural hospital environments which impede P&S implementations in practice settings. These elements conflict with improved patient care outcomes. Efforts by clinicians to avoid conflict and emphasize patient care above P&S tended to manifest as security breaches. These breaches entrench factors beyond clinician control and perpetuate those within clinician control. Security breaches of health information can progress through the HISSTL. Some preliminary suggestions for addressing these issues are proposed. Legislative frameworks that are not related to
Stoica, Adrian; Katkoori, Srinivas
This paper introduces a new method of information processing in digital systems, and discusses its potential benefits to computing and information security. The new method exploits glitches caused by delays in logic circuits for carrying and processing information. Glitch processing is hidden to conventional logic analyses and undetectable by traditional reverse engineering techniques. It enables the creation of new logic design methods that allow for an additional controllable "glitch logic" processing layer embedded into a conventional synchronous digital circuits as a hidden/covert information flow channel. The combination of synchronous logic with specific glitch logic design acting as an additional computing channel reduces the number of equivalent logic designs resulting from synthesis, thus implicitly reducing the possibility of modification and/or tampering with the design. The hidden information channel produced by the glitch logic can be used: 1) for covert computing/communication, 2) to prevent reverse engineering, tampering, and alteration of design, and 3) to act as a channel for information infiltration/exfiltration and propagation of viruses/spyware/Trojan horses.
Журиленко, Борис Евгеньевич; Национальный авиационный университет
This paper describes the simulation of technical information security hacking by generating a series of numeric code selection and next hacking attempts time. Based on simulated data direction and statistical series of hacking proposed methodology for the analysis of the current information security operating conditions. Demonstrates the possibility of modelling process for technical information security hacking and evaluation of such important security parameters, hacking probability, financ...
O. S. Zozulya
Full Text Available The article analyzed the of dissertations for science «Public Administration» on the problems ensuring information security of Ukraine. According to the data system catalog Vernadsky National Library of Ukraine was found that within the limits of science «Public Administration» problems of ensuring information security were devoted only 4 work. In view of the small number of dissertations, which explored the problems of public-management of ensuring information security Ukraine, we have to admit that today are absent Labour which would have addressed issues of improvement of the structure and functions of the system ensuring information security of Ukraine on the modern stage of state building. Under such circumstances, scientific solution of problems ensuring information security and in particular formation and functioning system of the information security ensuring. The analysis allows to state that authors of paid attention mainly study of theoretical principles of public administration information security, and analysis of available approaches and mechanisms, development and introduction of new, more efficient models, methods and mechanisms of state information security management. However, in these studies without attention left issue of clarifying the structure and functions of information security assurance system, substantiation of theoretical and the institutional principles of the Public administration of information security of Ukraine in conditions of information-psychological confrontation, which does not allow to form a systemic vision and understanding of the correlation between elements of system public administration information security.
Sidi, Fatimah; Daud, Maslina; Ahmad, Sabariah; Zainuddin, Naqliyah; Anneisa Abdullah, Syafiqa; Jabar, Marzanah A.; Suriani Affendey, Lilly; Ishak, Iskandar; Sharef, Nurfadhlina Mohd; Zolkepli, Maslina; Nur Majdina Nordin, Fatin; Amat Sejani, Hashimah; Ramadzan Hairani, Saiful
Information security has been identified by organizations as part of internal operations that need to be well implemented and protected. This is because each day the organizations face a high probability of increase of threats to their networks and services that will lead to information security issues. Thus, effective information security management is required in order to protect their information assets. Threat profiling is a method that can be used by an organization to address the security challenges. Threat profiling allows analysts to understand and organize intelligent information related to threat groups. This paper presents a comparative analysis that was conducted to study the existing threat profiling models. It was found that existing threat models were constructed based on specific objectives, thus each model is limited to only certain components or factors such as assets, threat sources, countermeasures, threat agents, threat outcomes and threat actors. It is suggested that threat profiling can be improved by the combination of components found in each existing threat profiling model/framework. The proposed model can be used by an organization in executing a proactive approach to incident management.
Mohammad Reza Taghva
Full Text Available In recent years, the researchers have emphasized on positive effect of information system on supply chain performance such as organizational processes integration, information sharing, information technology, etc. In other hand, information security management system is one of the subjects that researches considered its effects on increase accuracy and effective information exchange, access to accurate and timely information and reduce errors of information system. Since, any research has not been done on this ground (the importance of ISMS on supply chain performance. Therefore, it was felt that a research should have done on these approaches on supply chain. In this respect, current research was seeking that how ISMS had impact on supply chain performance in automotive industry and this was the innovative aspect of this paper. So first of all, after the review of the information security management system literature, supply chain performance was considered by the balanced scorecard approach then the most important factors of these two subjects was extracted by correlation analysis. In this way, it was considered that how ISMS had impact on supply chain performance by correlation analysis. The results showed that different dimensions of ISMS (information uniformity, prevent the human and machine mistake, information be accuracy, and rectitude and instruction for users had impact on four dimensions of supply chain performance (customers, financial, internal processes and learning and growth in three levels (strategic, technical, and operational in supply chain. At the end, it was showed that ISMS lays the ground for increase supply chain performance.
... SECURITY Transportation Security Administration Intent To Request Renewal From OMB of One Current Public Collection of Information: Security Threat Assessment for Individuals Applying for a Hazardous Materials... day Notice. SUMMARY: The Transportation Security Administration (TSA) invites public comment on one...
Full Text Available Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value: The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.
... information from chemical facilities that may reflect potential consequences of or vulnerabilities to a... chemical facility. 27.200 Section 27.200 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.200 Information...
... National Security Division: Agency Information Collection Activities: Proposed Collection; Comments... Agents). The Department of Justice (DOJ), National Security Division (NSD), will be submitting the... information, please write to U.S. Department of ] Justice, 10th & Constitution Avenue, NW., National Security...
... 10 Energy 1 2010-01-01 2010-01-01 false Protection of restricted data and national security... Restricted Data and/or National Security Information § 2.903 Protection of restricted data and national... National Security Information in accordance with the applicable provisions of laws of the United States and...
... National Security Division; Agency Information Collection Activities: Proposed Collection; Comments... (Foreign Agents). The Department of Justice (DOJ), National Security Division (NSD), will be submitting the... information, please write to U.S. Department of Justice, 10th & Constitution Avenue, NW., National Security...
... National Security Division; Agency Information Collection Activities: Proposed Collection; Comments... Agents). The Department of Justice (DOJ), National Security Division (NSD), will be submitting the... information, please write to U.S. Department of Justice, 10th & Constitution Avenue, NW., National Security...
...-296; DA 10-500] Public Safety and Homeland Security Bureau Seeks Informal Comment Regarding Revisions... Commission's (Commission) Public Safety and Homeland Security Bureau (PSHSB) seeks informal comment regarding...: Gregory M. Cooke, Associate Chief, Policy Division, Public Safety and Homeland Security Bureau, at (202...
Ula, M.; Ula, M.; Fuadi, W.
As modern banking increasingly relies on the internet and computer technologies to operate their businesses and market interactions, the threats and security breaches have highly increased in recent years. Insider and outsider attacks have caused global businesses lost trillions of Dollars a year. Therefore, that is a need for a proper framework to govern the information security in the banking system. The aim of this research is to propose and design an enhanced method to evaluate information security governance (ISG) implementation in banking environment. This research examines and compares the elements from the commonly used information security governance frameworks, standards and best practices. Their strength and weakness are considered in its approaches. The initial framework for governing the information security in banking system was constructed from document review. The framework was categorized into three levels which are Governance level, Managerial level, and technical level. The study further conducts an online survey for banking security professionals to get their professional judgment about the ISG most critical components and the importance for each ISG component that should be implemented in banking environment. Data from the survey was used to construct a mathematical model for ISG evaluation, component importance data used as weighting coefficient for the related component in the mathematical model. The research further develops a method for evaluating ISG implementation in banking based on the mathematical model. The proposed method was tested through real bank case study in an Indonesian local bank. The study evidently proves that the proposed method has sufficient coverage of ISG in banking environment and effectively evaluates the ISG implementation in banking environment.
Mishra, Manoj K.; Maurya, Ajay K.; Prakash, Hari
In this paper, we present a new idea of two-way quantum communication called 'secure quantum information exchange' (SQIE). If there are two arbitrary unknown quantum states |ξrangIA and |ηrangIB, initially with Alice and Bob, respectively, then SQIE protocol leads to the simultaneous exchange of these states between Alice and Bob with the aid of the special kind of six-qubit entangled (SSE) state and classical assistance of the third party, Charlie. The term 'secure' signifies the fact that SQIE protocol either faithfully exchanges the unknown quantum states proceeding in a prescribed way or, in case of any irregularity, the process generates no results. For experimental realization of the SQIE protocol, we have suggested an efficient scheme for generating SSE states using the interaction between highly detuned Λ-type three-level atoms and the optical coherent field. By theoretical calculations, we found that SSE states of almost unit fidelity with perfect success rates for appreciable mean photon numbers (Fav >= 0.999 for |α|2 >= 1.5) can be generated by our scheme. Further, we have discussed possible experimental imperfections, such as atomic-radiative time, cavity damping time, atom-cavity interaction time, and the efficiency of discrimination between the coherent field and the vacuum state shows that our SQIE protocol is within the reach of technology presently available.
Jiang, Ying; Tang, Yize; Lu, Wenda; Wang, Zhongfeng; Wang, Zepeng; Zhang, Luming
Tone is an essential component of word formation in all tonal languages, and it plays an important role in the transmission of information in speech communication. Therefore, tones characteristics study can be applied into security analysis of acoustic signal by the means of language identification, etc. In speech processing, fundamental frequency (F0) is often viewed as representing tones by researchers of speech synthesis. However, regular F0 values may lead to low naturalness in synthesized speech. Moreover, F0 and tone are not equivalent linguistically; F0 is just a representation of a tone. Therefore, the Electroglottography (EGG) signal is collected for deeper tones characteristics study. In this paper, focusing on the Northern Kam language, which has nine tonal contours and five level tone types, we first collected EGG and speech signals from six natural male speakers of the Northern Kam language, and then achieved the clustering distributions of the tone curves. After summarizing the main characteristics of tones of Northern Kam, we analyzed the relationship between EGG and speech signal parameters, and laid the foundation for further security analysis of acoustic signal.
Report #12-P-0062, November 9, 2011. Attached is the Office of Inspector General’s (OIG’s) Fiscal Year 2011 Federal Information Security Management Act (FISMA) Reporting Template, as prescribed by the Office of Management and Budget (OMB).
Nguyen, Tinh; Thompson, Charles; Williams, Roger M
.... One indicator being reported is information on the number of Iraqi Security Forces (ISF) authorized (required), assigned (on-the-payroll), and trained. The Special Inspector General for Iraq Reconstruction...
Kishimoto, Hikaru; Yanai, Naoto; Okamura, Shingo
.... For this purpose, we define a model for the Smart Grid security and propose a Secure Payment Protocol for Charging Information over Smart grid, SPaCIS for short, as a protocol satisfying the model...
Testimony focuses on the results of recent reviews of computer security at the Department of State and the Federal Aviation Administration (FAA). Makes specific recommendations for improving State and FAA's information security posture. Highlights be...
FDOT began design of a Surface Transportation Security and Reliability Information System Model Deployment in May 2003. This model deployment focuses on enhancing the security and reliability of the surface transportation system through the widesprea...
Konstantin Grigorevich Kogos
Full Text Available The application of cryptographic security methods in cloud infrastructure information security is analyzed. The cryptographic problems in cloudy infrastructures are chosen; the appropriate protocols are investigated; the appropriate mathematical problems are examined.
... SECURITY Agency Information Collection Activities: Department of Homeland Security (DHS) Cybersecurity Education Office (CEO) National Initiative for Cybersecurity Careers and Studies (NICCS) Cybersecurity Training and Education Catalog (Training Catalog) Collection AGENCY: Cybersecurity Education Office, DHS...
... SECURITY Agency Information Collection Activities: Department of Homeland Security (DHS) Cybersecurity Education Office (CEO) National Initiative for Cybersecurity Careers and Studies (NICCS) Cybersecurity Training and Education Catalog (Training Catalog) Collection AGENCY: Cybersecurity Education Office, DHS...
Langer, Steve G
In 1999-2003, SIIM (then SCAR) sponsored the creation of several special topic Primers, one of which was concerned with computer security. About the same time, a multi-society collaboration authored an ACR Guideline with a similar plot; the latter has recently been updated. The motivation for these efforts was the launch of Health Information Portability and Accountability Act (HIPAA). That legislation directed care providers to enable the portability of patient medical records across authorized medical centers, while simultaneously protecting patient confidentiality among unauthorized agents. These policy requirements resulted in the creation of numerous technical solutions which the above documents described. While the mathematical concepts and algorithms in those papers are as valid today as they were then, recent increases in the complexity of computer criminal applications (and defensive countermeasures) and the pervasiveness of Internet connected devices have raised the bar. This work examines how a medical center can adapt to these evolving threats.
Full Text Available The contribution deals with the actual methods and technologies of information and communication systems security. It introduces the overview of electronic identification elements such as static password, dynamic password and single sign-on. Into this category belong also biometric and dynamic characteristics of verified person. Widespread is authentication based on identification elements ownership, such as various cards and authentication calculators. In the next part is specified a definition and characterization of electronic signature, its basic functions and certificate categories. Practical utilization of electronic signature consists of electronic signature acquirement, signature of outgoing email message, receiving of electronic signature and verification of electronic signature. The use of electronic signature is continuously growing and in connection with legislation development it exercises in all resorts.
Jonathan Gana KOLO
Full Text Available Network security and management in Information and Communication Technology (ICT is the ability to maintain the integrity of a system or network, its data and its immediate environment. The various innovations and uses to which networks are being put are growing by the day and hence are becoming complex and invariably more difficult to manage by the day. Computers are found in every business such as banking, insurance, hospital, education, manufacturing, etc. The widespread use of these systems implies crime and insecurity on a global scale. In addition, the tremendous benefits brought about by Internet have also widened the scope of crime and insecurity at an alarming rate. Also, ICT has fast become a primary differentiator for institution/organization leaders as it offers effective and convenient means of interaction with each other across the globe. This upsurge in the population of organizations depending on ICT for business transaction has brought with it a growing number of security threats and attacks on poorly managed and secured networks primarily to steal personal data, particularly financial information and password.This paper therefore proposes some policies and guidelines that should be followed by network administrators in organizations to help them ensure effective network management and security of ICT facilities and data.
This chapter gives an educational overview of: * Confidentiality issues and the challenges faced; * The fundamental differences between privacy and security; * The different access control mechanisms; * The challenges of Internet security; * How 'safety and quality' relate to all the above.
Andrey Ferriyan; Jazi Eko Istiyanto
One of control domain of Cobit describes information security lies in Deliver and Support (DS) on DS5 Ensure Systems Security. This domain describes what things should be done by an organization to preserve and maintain the integrity of the information assets of IT where this all requires a security management process. One of the process is to perform security monitoring by conducting periodic vulnerability assessment to identify weaknesses. Because Cobit is not explained technically so it ne...
Dhillon, Gurpreet; Chowdhuri, Romilla; Pedron, Cristiane
Part 10: Organizational Security; International audience; When two companies merge, technical infrastructures change, formal security policies get rewritten, and normative structures clash. The resultant changes typically disrupt the prevalent security culture as well. In this paper we use ET Hall’s (1959) theory of cultural message streams to evaluate the disruptions in security culture following a merger. Findings from our analysis would be beneficial to researchers to theorize about securi...
Peng, Xiang; Zhang, Peng; Cai, Lilong; Niu, Hanben
A virtual-optical based encryption model with the aid of public key infrastructure (PKI) is presented in this paper. The proposed model employs a hybrid architecture in which our previously published encryption method based on virtual-optics scheme (VOS) can be used to encipher and decipher data while an asymmetric algorithm, for example RSA, is applied for enciphering and deciphering the session key(s). The whole information security model is run under the framework of international standard ITU-T X.509 PKI, which is on basis of public-key cryptography and digital signatures. This PKI-based VOS security approach has additional features like confidentiality, authentication, and integrity for the purpose of data encryption under the environment of network. Numerical experiments prove the effectiveness of the method. The security of proposed model is briefly analyzed by examining some possible attacks from the viewpoint of a cryptanalysis.
Satoh, Hitoshi; Niki, Noboru; Eguchi, Kenji; Ohmatsu, Hironobu; Kusumoto, Masahiko; Kaneko, Masahiro; Moriyama, Noriyuki
We have developed an external storage system by using secret sharing scheme and tokenization for regional medical cooperation, PHR service and information preservation. The use of mobile devices such as smart phones and tablets will be accelerated for a PHR service, and the confidential medical information is exposed to the risk of damage and intercept. We verified the transfer rate of the sending and receiving of data to and from the external storage system that connected it with PACS by the Internet this time. External storage systems are the data centers that exist in Okinawa, in Osaka, in Sapporo and in Tokyo by using secret sharing scheme. PACS continuously transmitted 382 CT images to the external data centers. Total capacity of the CT images is about 200MB. The total time that had been required to transmit was about 250 seconds. Because the preservation method to use secret sharing scheme is applied, security is strong. But, it also takes the information transfer time of this system too much. Therefore, DICOM data is masked to the header information part because it is made to anonymity in our method. The DICOM data made anonymous is preserved in the data base in the hospital. Header information including individual information is divided into two or more tallies by secret sharing scheme, and preserved at two or more external data centers. The token to relate the DICOM data anonymity made to header information preserved outside is strictly preserved in the token server. The capacity of header information that contains patient's individual information is only about 2% of the entire DICOM data. This total time that had been required to transmit was about 5 seconds. Other, common solutions that can protect computer communication networks from attacks are classified as cryptographic techniques or authentication techniques. Individual number IC card is connected with electronic certification authority of web medical image conference system. Individual number IC
...Under the provisions of the Paperwork Reduction Act, the Regulatory Secretariat will be submitting to the Office of Management and Budget (OMB) a request to review and approve a new information collection requirement regarding Implementation of Information Technology Security Provision. Public comments are particularly invited on: Whether this collection of information is necessary for the proper performance of functions of the GSAR, and whether it will have practical utility; whether our estimate of the public burden of this collection of information is accurate, and based on valid assumptions and methodology; ways to enhance the quality, utility, and clarity of the information to be collected; and ways in which we can minimize the burden of the collection of information on those who are to respond, through the use of appropriate technological collection techniques or other forms of information technology.
I. A. Zikratov
Full Text Available The paper discusses theoretical aspects of secure cloud services creation for information processing of various confidentiality degrees. A new approach to the reasoning of information security composition in distributed computing structures is suggested, presenting the problem of risk assessment as an extreme problem of decisionmaking. Linear programming method application is proved to minimize the risk of information security for given performance security in compliance with the economic balance for the maintenance of security facilities and cost of services. An example is given to illustrate the obtained theoretical results.
Kanai, Yoichi; Yachida, Masuyoshi; Yoshikawa, Hiroharu; Yamaguchi, Masahiro; Ohyama, Nagaaki
A new network security protocol that uses smart IC cards has been designed to assure the integrity and privacy of medical information in communication over a non-secure network. Secure communication software has been implemented as a library based on this protocol, which is called the Integrated Secure Communication Layer (ISCL), and has been incorporated into information systems of the National Cancer Center Hospitals and the Health Service Center of the Tokyo Institute of Technology. Both systems have succeeded in communicating digital medical information securely.
Boonstra, D.; Hartog, T.; Schotanus, H.A.; Verkoelen, C.A.A.
The NATO Network-Enabled Capability (NNEC) study envisions effective and efficient cooperation among the coalition partners in missions. This requires information sharing and efficient deployment of IT assets. Current military communication infrastructures are mostly deployed as stand-alone
Ivan Ognyanov Kuyumdzhiev
Full Text Available Facebook allows people to easily share information about themselves which in some cases could be classified as confidential or sensitive in the organisation they’re working for. In this paper we discuss the type of data stored by Facebook and the scope of the terms “confidential” and “sensitive data”. The intersection of these areas shows that there is high possibility for confidential data disclosure in organisations with none or ineffective security policy. This paper proposes a strategy for managing the risks of information leakage. We define five levels of controls against posting non-public data on Facebook - security policy, applications installed on employees’ workstations, specific router software or firmware, software in the cloud, Facebook itself. Advantages and disadvantages of every level are evaluated. As a result we propose developing of new control integrated in the social media.
Sazonets Olga M.
Full Text Available The aim of the article is to study the peculiarities of the innovative activity in the context of providing the enterprise information security. By analyzing, systematizing and summarizing the scientific works of many scientists the essence of the concept of «information security» has been considered and components of the innovation development process from the standpoint of providing information security have been identified. The article discusses issues of providing information security on the basis of introducing innovations, which will allow achieving a state in which there would be realized a sustainable, protected from threats, development of the enterprise. It has been proved that the formation of the innovative enterprise policy should include measures to ensure information security. As a result of the study the types of threats to the enterprise information security have been identified. It has been determined that the innovation process in the field of information security is provided by means of research, administrative, industrial, technological and commercial activities leading to the emergence and commercialization of innovations. The prospect for further research in this area is determining a system of indicators for forecasting the integral innovation indicator of economic information security. The system of indicators for diagnostics of the enterprise information security level enables monitoring the indicators of the state of the enterprise innovation and information activity in order to prevent the emergence of threats.
... ADMINISTRATION Proposed Recommendation to the Social Security Administration for Occupational Information System... Occupational Information Development Advisory Panel (Panel) to provide independent advice and recommendations on plans and activities to create an occupational information system tailored specifically for our...
Lopez, Robert H.
The problem addressed was the need to maintain data security in the field of information technology. Specifically, the breakdown of communication between business leaders and data security specialists create risks to data security. The purpose of this qualitative phenomenological study was to determine which factors would improve communication…
... of Management and Budget, and the Director of NIST on security and privacy issues pertaining to..., --Presentation/Discussion on Radios used by federal civilian agencies, and --Update of NIST Computer Security... National Institute of Standards and Technology Announcing an Open Meeting of the Information Security and...
Su, X.; Bolzoni, D.; van Eck, Pascal
In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most
classified, safeguarded, and declassified in accordance with References (c), (d), and DoD Manual 5200.01 (Reference (i)). CUI will be identified...Information will not be classified, continue to be maintained as classified, or fail to be declassified , or be designated CUI under any circumstances in...compliance with established SCI security policies and procedures. (a) Issues reports detailing any deficiencies noted and corrective action required
Zozulya, O. S.
The article analyzed the of dissertations for science «Public Administration» on the problems ensuring information security of Ukraine. According to the data system catalog Vernadsky National Library of Ukraine was found that within the limits of science «Public Administration» problems of ensuring information security were devoted only 4 work. In view of the small number of dissertations, which explored the problems of public-management of ensuring information security Ukraine, we have to ad...
Full Text Available The article is devoted to the problem of information security of children and adolescents in our country. It gives organizational and legal basis of information security of children and teenagers in modern Russian society. Reflected the basic contradiction of the interaction between children and adolescents with information resources. The article gives examples of solutions to security problems of the Internet in Russia and other countries on the basis of a review of publications dealing with the problem.
Susanto, Heru; Almunawar, Mohammad Nabil; Tuan, Yong Chee; Aksoy, Mehmet Sabih; Syam, Wahyudin P
Actually Information security becomes a very important part for the organization's intangible assets, so level of confidence and stakeholder trusted are performance indicator as successes organization. Since information security has a very important role in supporting the activities of the organization, we need a standard or benchmark which regulates governance over information security. The main objective of this paper is to implement a novel practical approach framework to the development o...
Susanto, Heru; Almunawar, Mohammad Nabil; Tuan, Yong Chee; Aksoy, Mehmet Sabih; Syam, Wahyudin P
Actually Information security becomes a very important part for the organization's intangible assets, so level of confidence and stakeholder trusted are performance indicator as successes organization. Since information security has a very important role in supporting the activities of the organization, we need a standard or benchmark which regulates governance over information security. The main objective of this paper is to implement a novel practical approach framework to the development o...
Vineeta Khemchandani; Purohit, G.N.
Information security is not just to provide an authenticity and integrity to the data, but there is also a need to seek identity, rights of use and origin of information, which may require some degree of process re-engineering. Rarely security technologies like digital signatures can be simply "plugged in" without streamlining the process. In this paper we address the problem of information security and protecting the rights of originator of the structured document from ill-intentioned recipi...
... Proprietary Network Information § 64.2011 Notification of customer proprietary network information security... 47 Telecommunication 3 2010-10-01 2010-10-01 false Notification of customer proprietary network information security breaches. 64.2011 Section 64.2011 Telecommunication FEDERAL COMMUNICATIONS COMMISSION...
Taylor, Richard G.
With the increasing amount and severity of information security incidents, organizations are constantly looking for better ways to protect their information. The implementation of physical safeguards such as firewalls and intrusion detection systems is an integral part on an organization's overall information security; however these safeguards…
Mutchler, Leigh Ann
The purpose of the present study is to make contributions to the area of behavioral information security in the field of Information Systems and to assist in the improved development of Information Security Policy instructional programs to increase the policy compliance of individuals. The role of an individual's experience in the context of…
Sohrabi Safa, Nader; Maple, Carsten
Information security breaches and privacy violations are major concerns for many organisations. Human behaviour, either intentionally or through negligence, is a great source of risk to information assets. It is acknowledged that technology alone cannot guarantee a secure environment for information assets; human considerations should be taken into account as well as technological and procedural aspects.\\ud \\ud
... 48 Federal Acquisition Regulations System 4 2010-10-01 2010-10-01 false Information Technology... Clauses 652.239-70 Information Technology Security Plan and Accreditation. As prescribed in 639.107-70(a), insert the following provision: Information Technology Security Plan and Accreditation (SEP 2007) All...
... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information technology... Provisions and Clauses 1252.239-71 Information technology security plan and accreditation. As prescribed in (TAR) 48 CFR 1239.70, insert the following provision: Information Technology Security Plan and...
... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Security requirements for unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information technology...
... (except brokers, dealers, persons providing insurance, investment companies, and investment advisers). B... appropriate, the information security program in light of any relevant changes in technology, the sensitivity... Information Technology Examination Handbook, Information Security Booklet, Dec. 2002 available at http://www...
Wynn, Cynthia L.
An increase in information technology has caused and increased in threats towards information security. Threats are malware, viruses, sabotage from employees, and hacking into computer systems. Organizations have to find new ways to combat vulnerabilities and threats of internal and external threats to protect their information security and…
Williams, Branden R
The credit card industry established the PCI Data Security Standards to provide a minimum standard for how vendors should protect data to ensure it is not stolen by fraudsters. PCI Compliance, 3e, provides the information readers need to understand the current PCI Data Security standards, which have recently been updated to version 2.0, and how to effectively implement security within your company to be compliant with the credit card industry guidelines and protect sensitive and personally identifiable information. Security breaches continue to occur on a regular basis, affecting millions of
Bolle, Stein R; Hasvold, Per; Henriksen, Eva
Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers.