Information technology - Security techniques - Information security management systems - Requirements

CERN Document Server

International Organization for Standardization. Geneva

2005-01-01

ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

Network Security via Biometric Recognition of Patterns of Gene Expression

Science.gov (United States)

Shaw, Harry C.

2016-01-01

Molecular biology provides the ability to implement forms of information and network security completely outside the bounds of legacy security protocols and algorithms. This paper addresses an approach which instantiates the power of gene expression for security. Molecular biology provides a rich source of gene expression and regulation mechanisms, which can be adopted to use in the information and electronic communication domains. Conventional security protocols are becoming increasingly vulnerable due to more intensive, highly capable attacks on the underlying mathematics of cryptography. Security protocols are being undermined by social engineering and substandard implementations by IT organizations. Molecular biology can provide countermeasures to these weak points with the current security approaches. Future advances in instruments for analyzing assays will also enable this protocol to advance from one of cryptographic algorithms to an integrated system of cryptographic algorithms and real-time expression and assay of gene expression products.

Computer security engineering management

International Nuclear Information System (INIS)

McDonald, G.W.

1988-01-01

For best results, computer security should be engineered into a system during its development rather than being appended later on. This paper addresses the implementation of computer security in eight stages through the life cycle of the system; starting with the definition of security policies and ending with continuing support for the security aspects of the system throughout its operational life cycle. Security policy is addressed relative to successive decomposition of security objectives (through policy, standard, and control stages) into system security requirements. This is followed by a discussion of computer security organization and responsibilities. Next the paper directs itself to analysis and management of security-related risks, followed by discussion of design and development of the system itself. Discussion of security test and evaluation preparations, and approval to operate (certification and accreditation), is followed by discussion of computer security training for users is followed by coverage of life cycle support for the security of the system

Security and Emergency Management Division

Data.gov (United States)

Federal Laboratory Consortium — Volpe's Security and Emergency Management Division identifies vulnerabilities, risks, and opportunities to improve the security of transportation systems, critical...

Information security management with ITIL V3

CERN Document Server

Cazemier, Jacques A; Peters, Louk

2010-01-01

This groundbreaking new title looks at Information Security from defining what security measures positively support the business, to implementation to maintaining the required level and anticipating required changes. It covers:Fundamentals of information security ? providing readers insight and give background about what is going to be managed. Topics covered include: types of security controls, business benefits and the perspectives of business, customers, partners, service providers, and auditors.Fundamentals of management of information security - explains what information security manageme

Information security management handbook

CERN Document Server

Tipton, Harold F

2003-01-01

Since 1993, the Information Security Management Handbook has served not only as an everyday reference for information security practitioners but also as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination. Now completely revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a complete understanding of all the items in it. This is a ...must have... book, both for preparing for the CISSP exam and as a c

Secure IP mobility management for VANET

CERN Document Server

Taha, Sanaa

2013-01-01

This brief presents the challenges and solutions for VANETs' security and privacy problems occurring in mobility management protocols including Mobile IPv6 (MIPv6), Proxy MIPv6 (PMIPv6), and Network Mobility (NEMO). The authors give an overview of the concept of the vehicular IP-address configurations as the prerequisite step to achieve mobility management for VANETs, and review the current security and privacy schemes applied in the three mobility management protocols. Throughout the brief, the authors propose new schemes and protocols to increase the security of IP addresses within VANETs in

Network Security via Biometric Recognition of Patterns of Gene Expression

Science.gov (United States)

Shaw, Harry C.

2016-01-01

Molecular biology provides the ability to implement forms of information and network security completely outside the bounds of legacy security protocols and algorithms. This paper addresses an approach which instantiates the power of gene expression for security. Molecular biology provides a rich source of gene expression and regulation mechanisms, which can be adopted to use in the information and electronic communication domains. Conventional security protocols are becoming increasingly vulnerable due to more intensive, highly capable attacks on the underlying mathematics of cryptography. Security protocols are being undermined by social engineering and substandard implementations by IT (Information Technology) organizations. Molecular biology can provide countermeasures to these weak points with the current security approaches. Future advances in instruments for analyzing assays will also enable this protocol to advance from one of cryptographic algorithms to an integrated system of cryptographic algorithms and real-time assays of gene expression products.

Security Management Model in Cloud Computing Environment

OpenAIRE

Ahmadpanah, Seyed Hossein

2016-01-01

In the cloud computing environment, cloud virtual machine (VM) will be more and more the number of virtual machine security and management faced giant Challenge. In order to address security issues cloud computing virtualization environment, this paper presents a virtual machine based on efficient and dynamic deployment VM security management model state migration and scheduling, study of which virtual machine security architecture, based on AHP (Analytic Hierarchy Process) virtual machine de...

Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security (Self-Securing Devices)

National Research Council Canada - National Science Library

Ganger, Gregory R

2007-01-01

This report summarizes the results of the work on the AFOSR's Critical Infrastructure Protection Program project, entitled Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security...

Examining the Impact of Non-Technical Security Management Factors on Information Security Management in Health Informatics

Science.gov (United States)

Imam, Abbas H.

2013-01-01

Complexity of information security has become a major issue for organizations due to incessant threats to information assets. Healthcare organizations are particularly concerned with security owing to the inherent vulnerability of sensitive information assets in health informatics. While the non-technical security management elements have been at…

Additional Security Considerations for Grid Management

Science.gov (United States)

Eidson, Thomas M.

2003-01-01

The use of Grid computing environments is growing in popularity. A Grid computing environment is primarily a wide area network that encompasses multiple local area networks, where some of the local area networks are managed by different organizations. A Grid computing environment also includes common interfaces for distributed computing software so that the heterogeneous set of machines that make up the Grid can be used more easily. The other key feature of a Grid is that the distributed computing software includes appropriate security technology. The focus of most Grid software is on the security involved with application execution, file transfers, and other remote computing procedures. However, there are other important security issues related to the management of a Grid and the users who use that Grid. This note discusses these additional security issues and makes several suggestions as how they can be managed.

Understanding the security management practices of humanitarian organizations.

Science.gov (United States)

Bollettino, Vincenzo

2008-06-01

Humanitarian organisations operate in increasingly hostile environments. Although authoritative statistics are scarce, anecdotal evidence suggests that aid workers face life-threatening risks that are exacerbated by the growing number of humanitarian organisations operating in the field, the diversity of their mandates, the lack of common professional security standards, and limited success in inter-agency security coordination. Despite broad acceptance of the need for better security management and coordination, many humanitarian organisations remain ambivalent about devoting increased resources to security management and security coordination. A critical lack of basic empirical knowledge of the field security environment hampers efforts to enhance security management practices. The absence of a systematic means of sharing incident data undermines the capacity of the humanitarian community to address proactively security threats. In discussions about humanitarian staff safety and security, the least common denominator remains cumulative anecdotal evidence provided by the many security personnel working for humanitarian organisations in the feld.

Homeland Security. Management Challenges Facing Federal Leadership

Science.gov (United States)

2002-12-01

Security Management Challenges Facing Federal Leadership 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT...including attention to management practices and key success factors. HOMELAND SECURITY Management Challenges Facing Federal Leadership www.gao.gov/cgi...significant management and coordination challenges if it is to provide this leadership and be successful in preventing and responding to any future

A secure file manager for UNIX

Energy Technology Data Exchange (ETDEWEB)

DeVries, R.G.

1990-12-31

The development of a secure file management system for a UNIX-based computer facility with supercomputers and workstations is described. Specifically, UNIX in its usual form does not address: (1) Operation which would satisfy rigorous security requirements. (2) Online space management in an environment where total data demands would be many times the actual online capacity. (3) Making the file management system part of a computer network in which users of any computer in the local network could retrieve data generated on any other computer in the network. The characteristics of UNIX can be exploited to develop a portable, secure file manager which would operate on computer systems ranging from workstations to supercomputers. Implementation considerations making unusual use of UNIX features, rather than requiring extensive internal system changes, are described, and implementation using the Cray Research Inc. UNICOS operating system is outlined.

Information Security Assessment of SMEs as Coursework -- Learning Information Security Management by Doing

Science.gov (United States)

Ilvonen, Ilona

2013-01-01

Information security management is an area with a lot of theoretical models. The models are designed to guide practitioners in prioritizing management resources in companies. Information security management education should address the gap between the academic ideals and practice. This paper introduces a teaching method that has been in use as…

Using the safety/security interface to the security manager's advantage

International Nuclear Information System (INIS)

Stapleton, B.W.

1993-01-01

Two aspects of the safety/security interface are discussed: (1) the personal safety of nuclear security officers; and (2) how the security manager can effectively deal with the safety/security interface in solving today's requirements yet supporting the overall mission of the facility. The basis of this presentation is the result of interviews, document analyses, and observations. The conclusion is that proper planning and communication between the players involved in the security/safety interface can benefit the two programs and help achieve overall system integration, ultimately contributing to the bottom line. This is especially important in today's cost conscious environment

Managing business compliance using model-driven security management

Science.gov (United States)

Lang, Ulrich; Schreiner, Rudolf

Compliance with regulatory and governance standards is rapidly becoming one of the hot topics of information security today. This is because, especially with regulatory compliance, both business and government have to expect large financial and reputational losses if compliance cannot be ensured and demonstrated. One major difficulty of implementing such regulations is caused the fact that they are captured at a high level of abstraction that is business-centric and not IT centric. This means that the abstract intent needs to be translated in a trustworthy, traceable way into compliance and security policies that the IT security infrastructure can enforce. Carrying out this mapping process manually is time consuming, maintenance-intensive, costly, and error-prone. Compliance monitoring is also critical in order to be able to demonstrate compliance at any given point in time. The problem is further complicated because of the need for business-driven IT agility, where IT policies and enforcement can change frequently, e.g. Business Process Modelling (BPM) driven Service Oriented Architecture (SOA). Model Driven Security (MDS) is an innovative technology approach that can solve these problems as an extension of identity and access management (IAM) and authorization management (also called entitlement management). In this paper we will illustrate the theory behind Model Driven Security for compliance, provide an improved and extended architecture, as well as a case study in the healthcare industry using our OpenPMF 2.0 technology.

Hotel Security Management : Case: Original Sokos Hotel Vaakuna Vaasa

OpenAIRE

Koskela, Jere

2016-01-01

This thesis studied hotel security management and examined one case hotel more closely on matters of security management. The case hotel in this research was Original Sokos Hotel Vaakuna Vaasa. The aim of the thesis was to find out how security aspects are managed and how they could be developed in the case hotel. This research was conducted to help the case hotel’s security supervisor to develop and improve security. The thesis consists of a theoretical framework and an empirical study. The ...

Improving organisational resilience through enterprise security risk management.

Science.gov (United States)

Petruzzi, John; Loyear, Rachelle

Enterprise Security Risk Management (ESRM) is a new philosophy and method of managing security programmes through the use of traditional risk principles. As a philosophy and life cycle, ESRM is focused on creating a business partnership between security practitioners and business leaders to more effectively provide protection against security risks in line with acceptable risk tolerances as defined by business asset owners and stakeholders. This paper explores the basics of the ESRM philosophy and life cycle and also shows how embracing the ESRM philosophy and implementing a risk-based security management model in the business organisation can lead to higher levels of organisational resilience as desired by organisation leaders, executives and the board of directors.

The Management and Security Expert (MASE)

Science.gov (United States)

Miller, Mark D.; Barr, Stanley J.; Gryphon, Coranth D.; Keegan, Jeff; Kniker, Catherine A.; Krolak, Patrick D.

1991-01-01

The Management and Security Expert (MASE) is a distributed expert system that monitors the operating systems and applications of a network. It is capable of gleaning the information provided by the different operating systems in order to optimize hardware and software performance; recognize potential hardware and/or software failure, and either repair the problem before it becomes an emergency, or notify the systems manager of the problem; and monitor applications and known security holes for indications of an intruder or virus. MASE can eradicate much of the guess work of system management.

Novel approach to information security management of confidential ...

African Journals Online (AJOL)

Novel approach to information security management of confidential and propriety information ... Journal of Fundamental and Applied Sciences ... valuable information by using steganography it can have a major impact security management.

Security engineering: systems engineering of security through the adaptation and application of risk management

Science.gov (United States)

Gilliam, David P.; Feather, Martin S.

2004-01-01

Information Technology (IT) Security Risk Management is a critical task in the organization, which must protect its resources and data against the loss of confidentiality, integrity, and availability. As systems become more complex and diverse, and more vulnerabilities are discovered while attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security. This paper describes an approach to address IT security risk through risk management and mitigation in both the institution and in the project life cycle.

Security Requirements Management in Software Product Line Engineering

Science.gov (United States)

Mellado, Daniel; Fernández-Medina, Eduardo; Piattini, Mario

Security requirements engineering is both a central task and a critical success factor in product line development due to the complexity and extensive nature of product lines. However, most of the current product line practices in requirements engineering do not adequately address security requirements engineering. Therefore, in this chapter we will propose a security requirements engineering process (SREPPLine) driven by security standards and based on a security requirements decision model along with a security variability model to manage the variability of the artefacts related to security requirements. The aim of this approach is to deal with security requirements from the early stages of the product line development in a systematic way, in order to facilitate conformance with the most relevant security standards with regard to the management of security requirements, such as ISO/IEC 27001 and ISO/IEC 15408.

Global Security Program Management Plan

Energy Technology Data Exchange (ETDEWEB)

Bretzke, John C. [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

2014-03-25

The Global Security Directorate mission is to protect against proliferant and unconventional nuclear threats –regardless of origin - and emerging new threats. This mission is accomplished as the Los Alamos National Laboratory staff completes projects for our numerous sponsors. The purpose of this Program Management Plan is to establish and clearly describe the GS program management requirements including instructions that are essential for the successful management of projects in accordance with our sponsor requirements. The detailed information provided in this document applies to all LANL staff and their subcontractors that are performing GS portfolio work. GS management is committed to a culture that ensures effective planning, execution, and achievement of measurable results in accordance with the GS mission. Outcomes of such a culture result in better communication, delegated authority, accountability, and increased emphasis on safely and securely achieving GS objectives.

Natural Resources Management for Sustainable Food Security in ...

International Development Research Centre (IDRC) Digital Library (Canada)

Natural Resources Management for Sustainable Food Security in the Sahel ... as well as strategies for managing the resource base with a view to improving food security. ... InnoVet-AMR grants to support development of innovative veterinary ...

Security management of next generation telecommunications networks and services

CERN Document Server

Jacobs, Stuart

2014-01-01

This book will cover network management security issues and currently available security mechanisms by discussing how network architectures have evolved into the contemporary NGNs which support converged services (voice, video, TV, interactive information exchange, and classic data communications). It will also analyze existing security standards and their applicability to securing network management. This book will review 21st century security concepts of authentication, authorization, confidentiality, integrity, nonrepudiation, vulnerabilities, threats, risks, and effective approaches to enc

Securing the energy industry : perspectives in security risk management

Energy Technology Data Exchange (ETDEWEB)

Hurd, G.L. [Anadarko Canada Corp., Calgary, AB (Canada)

2003-07-01

This presentation offered some perspectives in security risk management as it relates to the energy sector. Since the events of September 11, 2001 much attention has been given to terrorism and the business is reviewing protection strategies. The paper made reference to each of the following vulnerabilities in the energy sector: information technology, globalization, business restructuring, interdependencies, political/regulatory change, and physical/human factors. The vulnerability of information technology is that it can be subject to cyber and virus attacks. Dangers of globalization lie in privacy and information security, forced nationalization, organized crime, and anti-globalization efforts. It was noted that the Y2K phenomenon provided valuable lessons regarding interdependencies and the effects of power outages, water availability, transportation disruption, common utility corridor accidents, and compounding incidents. The paper also noted the conflict between the government's desire to have a resilient infrastructure that can withstand and recover from attacks versus a company's ability to afford this capability. The physical/human factors that need to be considered in risk management include crime, domestic terrorism, and disasters such as natural disasters, industrial disasters and crisis. The energy industry has geographically dispersed vulnerable systems. It has done a fair job of physical security and has good emergency management practices, but it was noted that the industry cannot protect against all threats. A strategy of vigilance and awareness is needed to deal with threats. Other strategies include contingency planning, physical security, employee communication, and emergency response plans. tabs., figs.

Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model

Science.gov (United States)

Moghaddasi, Hamid; Kamkarhaghighi, Mehran

2016-01-01

Introduction: Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. Background: The “data security models” presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the “needs and improvement” cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Findings: Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Conclusion: Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced. PMID:27857823

Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model.

Science.gov (United States)

Moghaddasi, Hamid; Sajjadi, Samad; Kamkarhaghighi, Mehran

2016-01-01

Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. The "data security models" presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the "needs and improvement" cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced.

Information Security Management in Context of Globalization

OpenAIRE

Wawak, Slawomir

2012-01-01

Modern information technologies are the engine of globalization. At the same time, the global market influences the way of looking at information security. Information security thus becomes an increasingly important field. The article discuses the results of research on information security management systems in public administration in Poland.

Information security management handbook, v.7

CERN Document Server

O'Hanley, Richard

2013-01-01

Updated annually, the Information Security Management Handbook, Sixth Edition, Volume 7 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations. Reporting on the latest developments in information security and recent changes to the (ISC)2(R) CISSP Common Body of Knowledge (CBK(R)), this volume features 27 new chapters on topics

Mobile Customer Relationship Management and Mobile Security

Science.gov (United States)

Sanayei, Ali; Mirzaei, Abas

The purpose of this study is twofold. First, in order to guarantee a coherent discussion about mobile customer relationship management (mCRM), this paper presents a conceptualization of mCRM delineating its unique characteristics because of Among the variety of mobile services, considerable attention has been devoted to mobile marketing and in particular to mobile customer relationship management services. Second, the authors discusses the security risks in mobile computing in different level(user, mobile device, wireless network,...) and finally we focus on enterprise mobile security and it's subgroups with a series of suggestion and solution for improve mobile computing security.

A cooperative model for IS security risk management in distributed environment.

Science.gov (United States)

Feng, Nan; Zheng, Chundong

2014-01-01

Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively.

Security for Key Management Interfaces

OpenAIRE

Kremer , Steve; Steel , Graham; Warinschi , Bogdan

2011-01-01

International audience; We propose a much-needed formal definition of security for cryptographic key management APIs. The advantages of our definition are that it is general, intuitive, and applicable to security proofs in both symbolic and computational models of cryptography. Our definition relies on an idealized API which allows only the most essential functions for generating, exporting and importing keys, and takes into account dynamic corruption of keys. Based on this we can define the ...

Gene expression programming for power system static security ...

African Journals Online (AJOL)

user

Keywords: static security, gene expression programming, probabilistic neural network ... Hence digital computers are usually installed in operations control centers to gather ...... power system protection, and applications of AI in power systems.

Remodeling Strategic Staff Safety and Security Risks Management in Nigerian Tertiary Institutions

Directory of Open Access Journals (Sweden)

Sunday S. AKPAN

2015-10-01

Full Text Available This paper examined safety and security risk management in tertiary institutions in Nigeria. The frequent attacks at workplace, especially schools, have placed safety and security in the front burner of discussion in both business and political circles. This therefore, forms the imperative for the conduct of this study. The work adopted a cross sectional survey research design and collected data from respondents who are security personnel of the University of Uyo. Analysis of data was done with simple percentage statistics while the research hypotheses were tested with mean and simple regression and correlation statistics. The findings of the study revealed that assassination, kidnappings and bombings were principal risk incidents threatening the safety and security of staff in University of Uyo. A significant positive relationship was found between the funding of security management and workers’ performance. It was discovered specifically that employment screening, regular training of security personnel, regular safety and security meetings and strategic security policy formation were the main strategies for managing safety and security in University of Uyo. The paper concluded that safety and security management and control involves every worker (management and staff of University of Uyo. It was recommended, among others, that management should be more committed to safety and security management in the University by means of making safety and security issues an integral part of University’s strategic plan and also by adopting the management line model – one form of management structure-where safety and security are located, with other general management responsibilities. This way, the resurgent cases of kidnapping, hired assassination, etc. would be reduced if not completely eradicated in the University.

Congestion management considering voltage security of power systems

International Nuclear Information System (INIS)

Esmaili, Masoud; Shayanfar, Heidar Ali; Amjady, Nima

2009-01-01

Congestion in a power network is turned up due to system operating limits. To relieve congestion in a deregulated power market, the system operator pays to market participants, GENCOs and DISCOs, to alter their active powers considering their bids. After performing congestion management, the network may be operated with a low security level because of hitting some flows their upper limit and some voltages their lower limit. In this paper, a novel congestion management method based on the voltage stability margin sensitivities is introduced. Using the proposed method, the system operator so alleviates the congestion that the network can more retain its security. The proposed method not only makes the system more secure after congestion management than other methods already presented for this purpose but also its cost of providing security is lower than the earlier methods. Test results of the proposed method along with the earlier ones on the New-England test system elaborate the efficiency of the proposed method from the viewpoint of providing a better voltage stability margin and voltage profile as well as a lower security cost. (author)

Functional Security Model: Managers Engineers Working Together

Science.gov (United States)

Guillen, Edward Paul; Quintero, Rulfo

2008-05-01

Information security has a wide variety of solutions including security policies, network architectures and technological applications, they are usually designed and implemented by security architects, but in its own complexity this solutions are difficult to understand by company managers and they are who finally fund the security project. The main goal of the functional security model is to achieve a solid security platform reliable and understandable in the whole company without leaving of side the rigor of the recommendations and the laws compliance in a single frame. This paper shows a general scheme of the model with the use of important standards and tries to give an integrated solution.

Integrating Security Risk Management into Business Process Management for the Cloud

OpenAIRE

Goettelmann , Elio; Mayer , Nicolas; Godart , Claude

2014-01-01

International audience; Security issues are still preventing wider adoption of cloud computing, especially for businesses which are handling sensitive information. Indeed, by outsourcing its information system (IS), a company can lose control over its infrastructure, its software or even its data. Therefore, new methods and tools need to be defined to respond to this challenge. In this paper we propose to integrate Security Risk Management approaches into Business Process Management to effect...

Information security in the context of philosophy of management

Directory of Open Access Journals (Sweden)

Irina Yurievna Alekseeva

2017-04-01

Full Text Available Building a culture of information security involves consideration of problems of management in society. Ideas and approaches developed in philosophy of management are relevant to studies in problems of information security in broader methodological and social context. The article focuses on problems of information and psychological security in social systems. The author considers disorienting signs and signals as information threat to security of persons and societies. The author argues that management ideology of pseudo-economical reductionism makes distortion at the level of values and priorities of the system. This ideology exalts competitiveness to the detriment of the systems’ viability. Philosophy of complexity (better known as “philosophy of complex systems” embraces new visions for methodology of management in XXI century. “Observer of complexity” and “complexity of observer of complexity” phenomena are central in this context. The problem of appropriate language for system self-description is of critical importance. This language is necessary for substantive production of intellectual tools for problems solving and decision making; refusal to produce such tools is fraught with decrease of information security level.

IT Security Management Implementation Model in Iranian Bank Industry

Directory of Open Access Journals (Sweden)

Mona Vanaki

2017-06-01

Full Text Available According to the complexity and differences between Iranian banks and other developed countries the appropriate actions to implement effective security management of information technology have not been taken. The aim of this study was to create a powerful model by selecting the appropriate security controls to protect information assets in the bank. In this model, at first the principle set fort in ISO standard 27001, was extracted and then by further studies derived from best practices carried out in the world on the related subject from 2008 to 2016 using a qualitative descriptive method, points comply with information security management in the banking industry were added to it. With the study of Iranian banks in dealing with IT security management system and with help of action research tools, provisions which prevent the actual implementation of this standard was removed and finally a conceptual model with operating instructions and considering all the principles of information security management standard, as well as banking institutions focusing on the characteristics of Iran was proposed.

Managing a major security system installation: Practical lessons learned

International Nuclear Information System (INIS)

Roehrig, S.C.

1986-01-01

Sandia National Laboratories has been heavily involved for over a decade in aiding a number of DOE facilities in defining and implementing upgraded security safeguards systems. Because security system definition, design, and installation is still a relatively new field to the commercial world, effective project management must pay special attention to first understanding and then interpreting the unique aspects of a security system for all concerned parties. Experiences from an actual security system installation are used to illustrate some project management approaches which have been found to be effective

Security Management and Safeguards Office

Science.gov (United States)

Bewley, Nathaniel M.

2004-01-01

The Security Management and Safeguards Office at NASA is here to keep the people working in a safe environment. They also are here to protect the buildings and documents from sabotage, espionage, and theft. During the summer of 2004, I worked with Richard Soppet in Physical Security. While I was working here I helped out with updating the map that we currently use at NASA Glenn Research Center, attended meetings for homeland security, worked with the security guards and the locksmith. The meetings that I attended for homeland security talked about how to protect ourselves before something happened, they told us to always be on the guard and look for anything suspicious, and the different ways that terrorist groups operate. When I was with the security guards I was taught how to check someone into the base, showed how to use a radar gun, observed a security guard make a traffic stop for training and was with them while they patrolled NASA Glenn Research Center to make sure things were running smooth and no one was in danger. When I was with the lock smith I was taught how to make keys and locks for the employees here at NASA. The lock smith also showed me that he had inventory cabinets of files that show how many keys were out to people and who currently has access to the rooms that they keys were made for. I also helped out the open house at NASA Glenn Research Center. I helped out by showing the Army Reserves, and Brook Park's SWAT team where all the main events were going to take place a week before the open house was going to begin. Then during the open house I helped out by making sure people had there IDS, checked through there bags, and handed out a map to them that showed where the different activities were going to take place. So the main job here at NASA Glenn Research Center for the Security Management and Safeguards Office is to make sure that nothing is stolen, sabotaged, and espionaged. Also most importantly make sure all the employees here at NASA are

Security Management Strategies for Protecting Your Library's Network.

Science.gov (United States)

Ives, David J.

1996-01-01

Presents security procedures for protecting a library's computer system from potential threats by patrons or personnel, and describes how security can be breached. A sidebar identifies four areas of concern in security management: the hardware, the operating system, the network, and the user interface. A selected bibliography of sources on…

Information Security Management: The Study of Lithuanian State Institutions

OpenAIRE

Jastiuginas, Saulius

2012-01-01

Growing information security cases and scope illustrate that the relevance of information security issues becomes critical and present information security means are not sufficient enough to manage information security. Narrow comprehension of information security merely as technological problem is broadened by the research results of economic, managerial, psychological, legal and other related aspects’ influence to information security. Information is named as the object of information s...

Problems and solutions of information security management in Latvia

Directory of Open Access Journals (Sweden)

Deruma S.

2014-01-01

Security cannot exist as a standalone function, it should be integrated in the associated processes continuously supervising and improving the security management programme based on predefined criteria. Adopting a holistic approach with regard to security has proven to be a critical contributing factor to effective security in organizations.

Towards Agile Security Risk Management in RE and Beyond

NARCIS (Netherlands)

Nunes Leal Franqueira, V.; Bakalova, Z.; Tun, Thein Tan; Daneva, Maia

Little attention has been given so far to the process of security risk management at the early stages of system development. Security has been addressed by isolated security assurance practices, some of which consider risks and mitigations but they do not provide an overview of the overall security

Management of Information Security in Financial Accounting

OpenAIRE

Aurel Serb; Constantin Baron; Nicoleta Magdalena Iacob; Costinela-Luminita Defta

2014-01-01

Security issues in financial accounting are complex, and the risks are often difficult to stipulate, even for experts. The issues presented in this article try to be formed in a contribution to the consolidation of problems in the field of risk, and former vulnerabilities in cyber security in financial accounting. The use of an information security management system became a requirement for organizations because on the states began adopting mandatory data protection legislation and informatio...

Security Risks: Management and Mitigation in the Software Life Cycle

Science.gov (United States)

Gilliam, David P.

2004-01-01

A formal approach to managing and mitigating security risks in the software life cycle is requisite to developing software that has a higher degree of assurance that it is free of security defects which pose risk to the computing environment and the organization. Due to its criticality, security should be integrated as a formal approach in the software life cycle. Both a software security checklist and assessment tools should be incorporated into this life cycle process and integrated with a security risk assessment and mitigation tool. The current research at JPL addresses these areas through the development of a Sotfware Security Assessment Instrument (SSAI) and integrating it with a Defect Detection and Prevention (DDP) risk management tool.

Critical infrastructure cyber-security risk management

OpenAIRE

Spyridopoulos, T.; Maraslis, K.; Tryfonas, T.; Oikonomou, G.

2017-01-01

Traditional IT cyber-security risk management methods are based on the evaluation of risks calculated as the likelihood of cyber-security incidents occurring. However, these probabilities are usually estimations or guesses based on past experience and incomplete data. Incorrect estimations can lead to errors in the evaluation of risks that can ultimately affect the protection of the system. This issue is also transferred to methods used in Industrial Control Systems (ICSs), as they are mainly...

Cloud management and security

CERN Document Server

Abbadi, Imad M

2014-01-01

Written by an expert with over 15 years' experience in the field, this book establishes the foundations of Cloud computing, building an in-depth and diverse understanding of the technologies behind Cloud computing. In this book, the author begins with an introduction to Cloud computing, presenting fundamental concepts such as analyzing Cloud definitions, Cloud evolution, Cloud services, Cloud deployment types and highlighting the main challenges. Following on from the introduction, the book is divided into three parts: Cloud management, Cloud security, and practical examples. Part one presents the main components constituting the Cloud and federated Cloud infrastructure(e.g., interactions and deployment), discusses management platforms (resources and services), identifies and analyzes the main properties of the Cloud infrastructure, and presents Cloud automated management services: virtual and application resource management services. Part two analyzes the problem of establishing trustworthy Cloud, discuss...

Airport Managers' Perspectives on Security and Safety Management Systems in Aviation Operations: A Multiple Case Study

Science.gov (United States)

Brown, Willie L., Jr.

Global terrorism continues to persist despite the great efforts of various countries to protect and safely secure their citizens. As airports form the entry and exit ports of a country, they are one of the most vulnerable locations to terror attacks. Managers of international airports constantly face similar challenges in developing and implementing airport security protocols. Consequently, the technological advances of today have brought both positive and negative impacts on security and terrorism of airports, which are mostly managed by the airport managers. The roles of the managers have greatly increased over the years due to technological advances. The developments in technology have had different roles in security, both in countering terrorism and, at the same time, increasing the communication methods of the terrorists. The purpose of this qualitative multiple case study was to investigate the perspectives of airport managers with regard to societal security and social interactions in the socio-technical systems of the National Terrorism Advisory System (NTAS). Through the data gained regarding managers' perception and experiences, the researcher hoped to enable the development of security measures and policies that are appropriate for airports as socio-technical systems. The researcher conducted interviews with airport managers to gather relevant data to fulfill the rationale of the study. Ten to twelve airport managers based in three commercial aviation airports in Maryland, United States participated in the study. The researcher used a qualitative thematic analysis procedure to analyze the data responses of participants in the interview sessions.

A Multilevel Secure Workflow Management System

National Research Council Canada - National Science Library

Kang, Myong H; Froscher, Judith N; Sheth, Amit P; Kochut, Krys J; Miller, John A

1999-01-01

The Department of Defense (DoD) needs multilevel secure (MLS) workflow management systems to enable globally distributed users and applications to cooperate across classification levels to achieve mission critical goals...

Nuclear Security Management for Research Reactors and Related Facilities

International Nuclear Information System (INIS)

2016-03-01

This publication provides a single source guidance to assist those responsible for the implementation of nuclear security measures at research reactors and associated facilities in developing and maintaining an effective and comprehensive programme covering all aspects of nuclear security on the site. It is based on national experience and practices as well as on publications in the field of nuclear management and security. The scope includes security operations, security processes, and security forces and their relationship with the State’s nuclear security regime. The guidance is provided for consideration by States, competent authorities and operators

75 FR 8088 - Privacy Act of 1974; Department of Homeland Security/ALL-023 Personnel Security Management System...

Science.gov (United States)

2010-02-23

... risk of harm to economic or property interests, identity theft or fraud, or harm to the security or... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2009-0041] Privacy Act of 1974; Department of Homeland Security/ALL--023 Personnel Security Management System of Records AGENCY...

Security Risks Management in Selected Academic Libraries in Osun ...

African Journals Online (AJOL)

The survival of a library depends to a large extent on how secured its collections are. Security of collections constitutes a critical challenge facing academic libraries in Nigeria. It is against this background that this study investigated the security risks management in selected academic libraries in Osun State, Nigeria.

17 CFR 229.403 - (Item 403) Security ownership of certain beneficial owners and management.

Science.gov (United States)

2010-04-01

... of certain beneficial owners and management. 229.403 Section 229.403 Commodity and Securities... Management and Certain Security Holders § 229.403 (Item 403) Security ownership of certain beneficial owners and management. (a) Security ownership of certain beneficial owners. Furnish the following information...

Improving Information Security Risk Management

Science.gov (United States)

Singh, Anand

2009-01-01

manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…

Survey of current technologies of security management for distributed information systems; Bunsangata joho system no security iji kanri hoshiki no genjo

Energy Technology Data Exchange (ETDEWEB)

Matsui, S [Central Research Institute of Electric Power Industry, Tokyo (Japan)

1997-05-01

The latest situation of the security management for a distributed information system was examined and systematically summarized to indicate the management design in future. This paper describes the threat of the distributed information system to security, the risk for confidentiality, integrity, and availability due to the threat, and the measures to be taken. The basic technology of security management is classified into the `user certification to prevent an incorrect access` and the `encipherment to prevent data from being used incorrectly.` The technology for certification has been almost completed. It can be securely done using an expendable password or IC card system. In Internet, multiple enciphering technologies for constructing a virtual private network that can secure the almost the same security as for a private network can be used. In an electronic mail, the enciphering technology can also be used easily. The tool that manages the security of very many servers, clients, and networks is in the initial stage. 16 refs., 1 fig., 5 tabs.

A review of game theory approach to cyber security risk management

African Journals Online (AJOL)

A review of game theory approach to cyber security risk management. ... This paper presents a review of game theoretic-based model for cyber security risk management. Specifically, issues on ... AJOL African Journals Online. HOW TO USE ...

Assessing and managing security risk in IT systems a structured methodology

CERN Document Server

McCumber, John

2004-01-01

SECURITY CONCEPTSUsing ModelsIntroduction: Understanding, Selecting, and Applying Models Understanding AssetsLayered Security Using Models in Security Security Models for Information Systems Shortcomings of Models in SecuritySecurity in Context Reference Defining Information SecurityConfidentiality, Integrity, and Availability Information AttributesIntrinsic versus Imputed Value Information as an Asset The Elements of Security Security Is Security Only in Context Information as an Asset Introduction Determining Value Managing Information Resources ReferencesUnderstanding Threat and Its Relatio

Integrated Safeguards and Security Management Self-Assessment 2004

Energy Technology Data Exchange (ETDEWEB)

Lunford, Dan; Ramsey, Dwayne

2005-04-01

In 2002 Ernest Orlando Lawrence Berkeley National Laboratory deployed the first Integrated Safeguards and Security Management (ISSM) Self-Assessment process, designed to measure the effect of the Laboratory's ISSM efforts. This process was recognized by DOE as a best practice and model program for self-assessment and training. In 2004, the second Self-Assessment was launched. The cornerstone of this process was an employee survey that was designed to meet several objectives: (1) Ensure that Laboratory assets are protected. (2) Provide a measurement of the Laboratory's current security status that can be compared against the 2002 Self-Assessment baseline. (3) Educate all Laboratory staff about security responsibilities, tools, and practices. (4) Provide security staff with feedback on the effectiveness of security programs. (5) Provide line management with the information they need to make informed decisions about security. This 2004 Self Assessment process began in July 2004 with every employee receiving an information packet and instructions for completing the ISSM survey. The Laboratory-wide survey contained questions designed to measure awareness and conformance to policy and best practices. The survey response was excellent--90% of Berkeley Lab employees completed the questionnaire. ISSM liaisons from each division followed up on the initial survey results with individual employees to improve awareness and resolve ambiguities uncovered by the questionnaire. As with the 2002 survey, the Self-Assessment produced immediate positive results for the ISSM program and revealed opportunities for longer-term corrective actions. Results of the questionnaire provided information for organizational profiles and an institutional summary. The overall level of security protection and awareness was very high--often above 90%. Post-survey work by the ISSM liaisons and line management consistently led to improved awareness and metrics, as shown by a comparison of

A Methodology to Implement an Information Security Management System

Directory of Open Access Journals (Sweden)

Alaíde Barbosa Martins

2005-08-01

Full Text Available Information security has actually been a major challenge to most organizations. Indeed, information security is an ongoing risk management process that covers all of the information that needs to be protected. ISO 17799 offers what companies need in order to better manage information security. The best way to implement this standard is to ease the security management process using a methodology that will define will define guidelines, procedures and tools that will be needed along the way. Hence, this paper proposes a methodology to assist companies in assessing their compliance with BS 7799/ ISO 17799 as well as planning and implementing the actions necessary to become compliant or certified to the standard. The concepts and ideas presented here had been applied in a case study involving the Cetrel S/A - Company of Environmental Protection. For this company, responsible for treatment of industrial residues generated by the Camaçari Petrochemical Complex and adjacent areas, to assure confidentiality and integrity of customers' data is a basic requirement.

Managing the risks of legacy radioactive sources from a security perspective

International Nuclear Information System (INIS)

Alexander, Mark; Murray, Allan

2008-01-01

The safety and security risk posed by highly radioactive, long-lived sources at the end of their normal use has not been consistently well-managed in previous decades. The Brazilian Cs-137 accident in 1986 and the Thailand Co-60 accident in 2000 are prime examples of the consequences that ensue from the loss of control of highly dangerous sources after their normal use. With the new international emphasis on security of radioactive sources throughout their life cycle, there is now further incentive to address the management of risks posed by legacy, highly dangerous radioactive sources. The ANSTO South-East Asia Regional Security of Radioactive Sources (RSRS) Project has identified, and is addressing, a number of legacy situations that have arisen as a result of inadequate management practices in the past. Specific examples are provided of these legacy situations and the lessons learned for managing the consequent safety and security risk, and for future complete life-cycle management of highly radioactive sources. (author)

Tools for an effective annual review of the Security Management Plan.

Science.gov (United States)

Daniel, Matthew

2014-01-01

A hospital's Security Management Plan, required by the Joint Commission, can also be used by security management professionals, the author points out, to ensure that they are continually monitoring and improving the program in a changing healthcare environment.

Strategic Management for IT Services on Outsourcing Security Company

Directory of Open Access Journals (Sweden)

Lydia Wijaya

2018-04-01

Full Text Available Information Technology (IT is used by many organizations to enhance competitive advantage, but many outsource security firms have not used IT in their business processes. In this research, we will design Strategic Management for IT Services for outsourcing security company. We use an outsourcing security company as a case study of IT Strategy Management for IT Services development. The purpose of this study is to create an IT services strategy for security outsourcing companies. The framework used is the ITIL (Information Technology Infrastructure Library framework service strategy in strategy management for IT services process. There are several steps taken in the making of the strategy: (a Strategic assessment stage to analyzed internal and external factors of the company. (b Strategy generation by creating the strategic plan. (c Strategy execution to determine the tactical plan. And (d strategy measurement and evaluation. This study produced the proposed IT service system that suits the needs of the company in the form of strategic, tactical plans and strategy measurement. This result can be used as the foundations of IT service development in outsourcing security company. In the process of this study, we work closely with stakeholders; every work product has been verified and validated by stakeholders.

Security management of water supply

Directory of Open Access Journals (Sweden)

Tchórzewska-Cieślak Barbara

2017-03-01

Full Text Available The main aim of this work is to present operational problems concerning the safety of the water supply and the procedures for risk management systems functioning public water supply (CWSS and including methods of hazard identification and risk assessment. Developed a problem analysis and risk assessment, including procedures called. WSP, which is recommended by the World Health Organization (WHO as a tool for comprehensive security management of water supply from source to consumer. Water safety plan is a key element of the strategy for prevention of adverse events in CWSS.

Physician office readiness for managing Internet security threats.

Science.gov (United States)

Keshavjee, K; Pairaudeau, N; Bhanji, A

2006-01-01

Internet security threats are evolving toward more targeted and focused attacks.Increasingly, organized crime is involved and they are interested in identity theft. Physicians who use Internet in their practice are at risk for being invaded. We studied 16 physician practices in Southern Ontario for their readiness to manage internet security threats. Overall, physicians have an over-inflated sense of preparedness. Security practices such as maintaining a firewall and conducting regular virus checks were not consistently done.

Network Security: Policies and Guidelines for Effective Network Management

Directory of Open Access Journals (Sweden)

Jonathan Gana KOLO

2008-12-01

Full Text Available Network security and management in Information and Communication Technology (ICT is the ability to maintain the integrity of a system or network, its data and its immediate environment. The various innovations and uses to which networks are being put are growing by the day and hence are becoming complex and invariably more difficult to manage by the day. Computers are found in every business such as banking, insurance, hospital, education, manufacturing, etc. The widespread use of these systems implies crime and insecurity on a global scale. In addition, the tremendous benefits brought about by Internet have also widened the scope of crime and insecurity at an alarming rate. Also, ICT has fast become a primary differentiator for institution/organization leaders as it offers effective and convenient means of interaction with each other across the globe. This upsurge in the population of organizations depending on ICT for business transaction has brought with it a growing number of security threats and attacks on poorly managed and secured networks primarily to steal personal data, particularly financial information and password.This paper therefore proposes some policies and guidelines that should be followed by network administrators in organizations to help them ensure effective network management and security of ICT facilities and data.

17 CFR 240.3b-14 - Definition of cash management securities activities.

Science.gov (United States)

2010-04-01

... derivative instruments or other financial instruments; (b) Cash management, in connection with any securities... § 240.15a-1 or any non-securities activities that involve eligible OTC derivative instruments or other... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Definition of cash management...

Management of library and archival security from the outside looking in

CERN Document Server

O'Neill, Robert K

2014-01-01

Providing a substantive approach to the issue, Management of Library and Archival Security: From the Outside Looking In gives librarians and collection directors practical and helpful suggestions for developing policies and procedures to minimize theft. In addition, this text prepares you to deal with the aftermath of a robbery or natural disaster that destroys priceless materials. Through expert opinions and advice, Management of Library and Archival Security will teach you how to protect and secure invaluable collections and the finances invested in them.In addition, Management of Library an

Research on a Valuation Standard and the Actual Condition About Security Management in PACS

International Nuclear Information System (INIS)

Jeong, Jae Ho; Son, Gi Gyeong; Kang, Hee Doo; Dong, Kyung Rae; Kweon, Dae Cheol; Kim, Hyun Soo

2008-01-01

This study is to prepare an evaluation standard about personal information protection and security management of a medical institution and to build up a grade standard of evaluation in PACS environment. We built up evaluation index based on 10 detailed items in four big categories (political security, technical security, data management security and physical security) by referring to ISO17799 (BS 7799), HIPPA (Health Insurance and Portability and Accountability Act of 1996) and domestic medical law. We have investigated at the thirty places where medical facility with the extracted security criteria and security evaluation index. Average score of physical security list, one of the big categories, was 18.5/20 (93%) at all medical institutions. Political security score was 18.5/30 (62%), data management security score was 12/20 (60%) and technical security score was 17.5/30 (58%). Therefore, security evaluation score was average 67 in 30 general hospitals, which was 4th level. The results showed that it is necessary to establish evaluation and management standard about personal information protection and security consciousness which are weak in PACS environment.

Security issues at the Department of Energy and records management

International Nuclear Information System (INIS)

NUSBAUM, ANNA W.

2000-01-01

In order to discuss the connection between security issues within the Department of Energy and records management, the author covers a bit of security history and talks about what she calls ''the Amazing Project''. Initiated in late May 1999, it was to be a tri-laboratory (Lawrence Livermore National Laboratory of Livermore, California, Los Alamos National Laboratory of Los Alamos, New Mexico, and Sandia National Laboratories of Albuquerque, New Mexico, and Livermore, California) project. The team that formed was tasked to develop the best set of security solutions that still enabled weapon mission work to get done and the security solutions were to be the same set for everyone. The amazing project was called ''The Integrated Security Management Project'', or ''ISecM' for short. She'll describe why she thinks this project was so amazing and what it accomplished. There's a bit of sad news about the project, but then she'll move onto discuss what was learned at Sandia as a result of the project and what they're currently doing in records management

On Business-Driven IT Security Management and Mismatches between Security Requirements in Firms, Industry Standards and Research Work

Science.gov (United States)

Frühwirth, Christian

Industry managers have long recognized the vital importance of information security for their businesses, but at the same time they perceived security as a technology-driven rather then a business-driven field. Today, this notion is changing and security management is shifting from technology- to business-oriented approaches. Whereas there is evidence of this shift in the literature, this paper argues that security standards and academic work have not yet taken it fully into account. We examine whether this disconnect has lead to a misalignment of IT security requirements in businesses versus industry standards and academic research. We conducted 13 interviews with practitioners from 9 different firms to investigate this question. The results present evidence for a significant gap between security requirements in industry standards and actually reported security vulnerabilities. We further find mismatches between the prioritization of security factors in businesses, standards and real-world threats. We conclude that security in companies serves the business need of protecting information availability to keep the business running at all times.

COLLABORATIVE NETWORK SECURITY MANAGEMENT SYSTEM BASED ON ASSOCIATION MINING RULE

Directory of Open Access Journals (Sweden)

Nisha Mariam Varughese

2014-07-01

Full Text Available Security is one of the major challenges in open network. There are so many types of attacks which follow fixed patterns or frequently change their patterns. It is difficult to find the malicious attack which does not have any fixed patterns. The Distributed Denial of Service (DDoS attacks like Botnets are used to slow down the system performance. To address such problems Collaborative Network Security Management System (CNSMS is proposed along with the association mining rule. CNSMS system is consists of collaborative Unified Threat Management (UTM, cloud based security centre and traffic prober. The traffic prober captures the internet traffic and given to the collaborative UTM. Traffic is analysed by the Collaborative UTM, to determine whether it contains any malicious attack or not. If any security event occurs, it will reports to the cloud based security centre. The security centre generates security rules based on association mining rule and distributes to the network. The cloud based security centre is used to store the huge amount of tragic, their logs and the security rule generated. The feedback is evaluated and the invalid rules are eliminated to improve the system efficiency.

MANAGEMENT OF RESOURCES IN DYNAMICALLY CHANGING SECURITY ENVRIONMENT

Directory of Open Access Journals (Sweden)

Sevdalina Dimitrova

2014-09-01

Full Text Available The monograph recommends integration between science and practice, experts from national bodies and scientific research potential of academic community of military universities in the field of management of resources of security and defence in accordance to the challenges in security environment caused by its dynamic and often unpredictable changes.

RISK MANAGEMENT FROM THE INFORMATION SECURITY PERSPECTIVE

Directory of Open Access Journals (Sweden)

Riza Ionuț

2017-11-01

Full Text Available Risk management has emerged ever since the appearance of human communities and it has developed at a slow rate. Over time, a significant improvement was made, from accepting hazards to the identification, evaluation and control of unwanted events, threat prevention and exploitation of opportunities through scientific risk management actions. The fundamental role of research in cyber security is to concentrate the efforts on those contexts and conditions which determine the way in which key players reach a common understanding of the way to conceive and eventually answer to certain challenges in cyber security. In order to build a clear perception of these effects, this work presents the main elements which define cyber space, to come to the aid of turning the management process into an efficient one, especially when talking about cyber space as a space for conflicts, both economic and political.

A process framework for information security management

Directory of Open Access Journals (Sweden)

Knut Haufe

2016-01-01

Full Text Available Securing sensitive organizational data has become increasingly vital to organizations. An Information Security Management System (ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's information security. Key elements of the operation of an ISMS are ISMS processes. However, and in spite of its importance, an ISMS process framework with a description of ISMS processes and their interaction as well as the interaction with other management processes is not available in the literature. Cost benefit analysis of information security investments regarding single measures protecting information and ISMS processes are not in the focus of current research, mostly focused on economics. This article aims to fill this research gap by proposing such an ISMS process framework as the main contribution. Based on a set of agreed upon ISMS processes in existing standards like ISO 27000 series, COBIT and ITIL. Within the framework, identified processes are described and their interaction and interfaces are specified. This framework helps to focus on the operation of the ISMS, instead of focusing on measures and controls. By this, as a main finding, the systemic character of the ISMS consisting of processes and the perception of relevant roles of the ISMS is strengthened.

MAVEN Information Security Governance, Risk Management, and Compliance (GRC): Lessons Learned

Science.gov (United States)

Takamura, Eduardo; Gomez-Rosa, Carlos A.; Mangum, Kevin; Wasiak, Fran

2014-01-01

As the first interplanetary mission managed by the NASA Goddard Space Flight Center, the Mars Atmosphere and Volatile EvolutioN (MAVEN) had three IT security goals for its ground system: COMPLIANCE, (IT) RISK REDUCTION, and COST REDUCTION. In a multiorganizational environment in which government, industry and academia work together in support of the ground system and mission operations, information security governance, risk management, and compliance (GRC) becomes a challenge as each component of the ground system has and follows its own set of IT security requirements. These requirements are not necessarily the same or even similar to each other's, making the auditing of the ground system security a challenging feat. A combination of standards-based information security management based on the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), due diligence by the Mission's leadership, and effective collaboration among all elements of the ground system enabled MAVEN to successfully meet NASA's requirements for IT security, and therefore meet Federal Information Security Management Act (FISMA) mandate on the Agency. Throughout the implementation of GRC on MAVEN during the early stages of the mission development, the Project faced many challenges some of which have been identified in this paper. The purpose of this paper is to document these challenges, and provide a brief analysis of the lessons MAVEN learned. The historical information documented herein, derived from an internal pre-launch lessons learned analysis, can be used by current and future missions and organizations implementing and auditing GRC.

Information security management system planning for CBRN facilities

Energy Technology Data Exchange (ETDEWEB)

Lenaeu, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)

2015-12-01

The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

Information security management system planning for CBRN facilities

International Nuclear Information System (INIS)

Lenaeu, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

2015-01-01

The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

Managing Materials and Wastes for Homeland Security Incidents

Science.gov (United States)

To provide information on waste management planning and preparedness before a homeland security incident, including preparing for the large amounts of waste that would need to be managed when an incident occurs, such as a large-scale natural disaster.

Emergency management and homeland security: Exploring the relationship.

Science.gov (United States)

Kahan, Jerome H

2015-01-01

In the years after the 9/11 tragedy, the United States continues to face risks from all forms of major disasters, from potentially dangerous terrorist attacks to catastrophic acts of nature. Professionals in the fields of emergency management and homeland security have responsibilities for ensuring that all levels of government, urban areas and communities, nongovernmental organizations, businesses, and individual citizens are prepared to deal with such hazards though actions that reduce risks to lives and property. Regrettably, the overall efficiency and effectiveness of the nation's ability to deal with disasters is unnecessarily challenged by the absence of a common understanding on how these fields are related in the workforce and educational arenas. Complicating matters further is the fact that neither of these fields has developed agreed definitions. In many ways, homeland security and emergency management have come to represent two different worlds and cultures. These conditions can have a deleterious effect on preparedness planning for public and private stakeholders across the nation when coordinated responses among federal, state, and local activities are essential for dealing with consequential hazards. This article demonstrates that the fields of emergency management and homeland security share many responsibilities but are not identical in scope or skills. It argues that emergency management should be considered a critical subset of the far broader and more strategic field of homeland security. From analytically based conclusions, it recommends five steps that be taken to bring these fields closer together to benefit more from their synergist relationship as well as from their individual contributions.

Security management

International Nuclear Information System (INIS)

Adams, H.W.

1990-01-01

Technical progress is moving more and more quickly and the systems thus produced are so complex and have become so unclear to the individual that he can no longer estimate the consequences: Faith in progress has given way to deep mistrust. Companies have adjusted to this change in consciousness. An interesting tendency can be identified: technical security is already available - now the organization of security has become an important objective for companies. The key message of the book is: If outworn technical systems are no longer adequate, the organization must be thoroughly overhauled. Five chapters deal with the following themes: organization as an aspect of society; risk control; aspects of security; is there security in ADP; the broader concept of security. (orig./HP) [de

The Importance of the Security Culture in SMEs as Regards the Correct Management of the Security of Their Assets

Directory of Open Access Journals (Sweden)

Antonio Santos-Olmo

2016-07-01

Full Text Available The information society is increasingly more dependent on Information Security Management Systems (ISMSs, and the availability of these kinds of systems is now vital for the development of Small and Medium-Sized Enterprises (SMEs. However, these companies require ISMSs that have been adapted to their special features, and which are optimized as regards the resources needed to deploy and maintain them. This article shows how important the security culture within ISMSs is for SMEs, and how the concept of security culture has been introduced into a security management methodology (MARISMA is a Methodology for “Information Security Management System in SMEs” developed by the Sicaman Nuevas Tecnologías Company, Research Group GSyA and Alarcos of the University of Castilla-La Mancha. for SMEs. This model is currently being directly applied to real cases, thus allowing a steady improvement to be made to its implementation.

Managing domino effect-related security of industrial areas

NARCIS (Netherlands)

Reniers, Genserik L L; Dullaert, W.; Audenaert, Amaryllis; Ale, B. J.M.; Soudan, K.

In chemical enterprises, security managers are interested in easy-to-handle and user-friendly decision-support tools, providing them with straightforward information ready for implementation. Therefore, a theoretical conceptualization on how to manage-in a relatively simple way-the prevention and

Guidelines for developing NASA (National Aeronautics and Space Administration) ADP security risk management plans

Science.gov (United States)

Tompkins, F. G.

1983-01-01

This report presents guidance to NASA Computer security officials for developing ADP security risk management plans. The six components of the risk management process are identified and discussed. Guidance is presented on how to manage security risks that have been identified during a risk analysis performed at a data processing facility or during the security evaluation of an application system.

Identity and Access Management and Security in Higher Education.

Science.gov (United States)

Bruhn, Mark; Gettes, Michael; West, Ann

2003-01-01

Discusses the drivers for an identity management system (IdM), components of this system, and its role within a school security strategy, focusing on: basic access management; requirements for access management; middleware support for an access management system; IdM implementation considerations (e.g., access eligibilities, authentication…

Security Attributes Based Digital Rights Management

NARCIS (Netherlands)

Chong, C.N.; van Buuren, R.; van Buuren, R.F.; Hartel, Pieter H.; Kleinhuis, Geert; Boavida, F.; Monteiro, E.; Orvalho, J.

2002-01-01

Most real-life systems delegate responsibilities to different authorities. We apply this model to a digital rights management system, to achieve flexible security. In our model a hierarchy of authorities issues certificates that are linked by cryptographic means. This linkage establishes a chain of

Security Attributes Based Digital Rights Management

NARCIS (Netherlands)

Chong, C.N.; van Buuren, R.; Hartel, Pieter H.; Kleinhuis, Geert

ost real-life systems delegate responsibilities to di�erent authorities. We apply this model to a dig- ital rights management system, to achieve exible security. In our model a hierarchy of authorities issues certi�cates that are linked by cryptographic means. This linkage establishes a chain of

Using VO Concept for Managing Dynamic Security Associations

NARCIS (Netherlands)

Demchenko, Y.; Gommans, L.; de Laat, C.T.A.M.

2006-01-01

This research paper presents results of the analysis how the Virtual Organisation (VO) concept can be used for managing dynamic security associations in collaborative applications and for complex resource provisioning. The paper provides an overview of the current practice in VO management at the

The Effect of Information Security Management on Organizational Processes Integration in Supply Chain

OpenAIRE

Mohsen Shafiei Nikabadi; Ahmad Jafarian; Azam Jalili Bolhasani

2012-01-01

: The major purpose of this article was that how information security management has effect on supply chain integration and the effect of implementing "information security management system" on enhancing supplies chain integration. In this respect, current research was seeking a combination overview to these tow approaches (Information Security Management and Organizational Processes Integration by Enterprise Resources Planning System) and after that determined factors of these two import...

Homeland Security. Management Challenges Facing Federal Leadership

National Research Council Canada - National Science Library

2002-01-01

...) and the Office of Personnel Management (OPM). Additionally, due to the dynamic and evolving nature of the government's homeland security activities, some of our work described in this report has already appeared in congressional testimony...

An Agile Enterprise Regulation Architecture for Health Information Security Management

Science.gov (United States)

Chen, Ying-Pei; Hsieh, Sung-Huai; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

2010-01-01

Abstract Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital. PMID:20815748

An agile enterprise regulation architecture for health information security management.

Science.gov (United States)

Chen, Ying-Pei; Hsieh, Sung-Huai; Cheng, Po-Hsun; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

2010-09-01

Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital.

Security information and event management systems: benefits and inefficiencies

OpenAIRE

Κάτσαρης, Δημήτριος Σ.

2014-01-01

In this Master’s thesis, the new trend in computer and information security industry called Security Information and Event Management systems will be covered. The evolution, advantages and weaknesses of these systems will be described, as well as a home-based implementation with open source tools will be proposed and implemented.

Sustaining Operational Resiliency: A Process Improvement Approach to Security Management

National Research Council Canada - National Science Library

Caralli, Richard A

2006-01-01

... potential to significantly disrupt an organization's pursuit of its mission. Security, business continuity, and IT operations management are activities that traditionally support operational risk management...

The Effect of Information Security Management on Organizational Processes Integration in Supply Chain

Directory of Open Access Journals (Sweden)

Mohsen Shafiei Nikabadi

2012-03-01

Full Text Available : The major purpose of this article was that how information security management has effect on supply chain integration and the effect of implementing "information security management system" on enhancing supplies chain integration. In this respect, current research was seeking a combination overview to these tow approaches (Information Security Management and Organizational Processes Integration by Enterprise Resources Planning System and after that determined factors of these two important issue by factor analysis. Researchers using a series of comments in the automotive experts (production planning and management and supply chain experts and caregivers car makers and suppliers in the first level and second level supply chain industry. In this way, it has been done that impact on how information security management processes enterprise supply chain integration with the help of statistical correlation analysis. The results of this investigation indicated effect of "information security management system" various dimensions that were coordination of information, prevent human errors and hardware, the accuracy of information and education for users on two dimensions of internal and external integration of business processes, supply chain and finally, it can increased integration of business processes in supply chain. At the end owing to quite these results, deployment of "information security management system" increased the integration of organizational processes in supply chain. It could be demonstrate with the consideration of relation of organizational integration processes whit the level of coordination of information, prevent errors and accuracy of information throughout the supply chain.

New secure communication-layer standard for medical image management (ISCL)

Science.gov (United States)

Kita, Kouichi; Nohara, Takashi; Hosoba, Minoru; Yachida, Masuyoshi; Yamaguchi, Masahiro; Ohyama, Nagaaki

1999-07-01

This paper introduces a summary of the standard draft of ISCL 1.00 which will be published by MEDIS-DC officially. ISCL is abbreviation of Integrated Secure Communication Layer Protocols for Secure Medical Image Management Systems. ISCL is a security layer which manages security function between presentation layer and TCP/IP layer. ISCL mechanism depends on basic function of a smart IC card and symmetric secret key mechanism. A symmetry key for each session is made by internal authentication function of a smart IC card with a random number. ISCL has three functions which assure authentication, confidently and integrity. Entity authentication process is done through 3 path 4 way method using functions of internal authentication and external authentication of a smart iC card. Confidentially algorithm and MAC algorithm for integrity are able to be selected. ISCL protocols are communicating through Message Block which consists of Message Header and Message Data. ISCL protocols are evaluating by applying to regional collaboration system for image diagnosis, and On-line Secure Electronic Storage system for medical images. These projects are supported by Medical Information System Development Center. These project shows ISCL is useful to keep security.

76 FR 62439 - Order of Succession for the Office of Disaster Management and National Security

Science.gov (United States)

2011-10-07

... Office of Disaster Management and National Security AGENCY: Office of the Secretary, HUD. ACTION: Notice... Succession for the Office of Disaster Management and National Security. This is the first order of succession... L. McClure, Acting Chief Disaster and National Security Officer, Office of Disaster Management and...

Strategy and management of network security at KEK

International Nuclear Information System (INIS)

Kiyoharu Hashimoto; Teiji Nakamura; Hitoshi Hirose, Yukio Karita; Youhei Morita; Soh Suzuki; Fukuko Yuasa

2001-01-01

Recently the troubles related to the network security have often occurred at KEK. According to their security policy, the authors have started the strategy against the daily attacks. It consists of two fundamental things; the monitoring and the access control. To monitor the network, the authors have installed the intrusion detection system and have managed it since 1998. For the second thing, the authors arranged three categories to classify all hosts (about 5000 hosts) at KEK according to their security level. To realize these three categories, the authors filter the incoming packet from outside KEK whether it has a SYN flag or not. The network monitoring and the access control produced good effects in keeping the security level high. Since 2000 the authors have started the transition of LAN from shared-media network to switched network. Now almost part of LAN was re-configured and in this new LAN 10 Mbps 100 Mbps/1Gbps Ethernet are supported. Currently the authors are planning further speedup (10 Gbps) and redundancy of network. Not only LAN but also WAN, network speed will be upgraded to 10 Gbps thanks to the strong promotion of IT by Japanese government. In this very high speed network, the authors' current strategy will be affected and again the network security becomes a big issue. The authors describe the experiences in practice of the current strategy and management know-how together with the discussion on the new strategy

The cloud security ecosystem technical, legal, business and management issues

CERN Document Server

Ko, Ryan

2015-01-01

Drawing upon the expertise of world-renowned researchers and experts, The Cloud Security Ecosystem comprehensively discusses a range of cloud security topics from multi-disciplinary and international perspectives, aligning technical security implementations with the most recent developments in business, legal, and international environments. The book holistically discusses key research and policy advances in cloud security - putting technical and management issues together with an in-depth treaties on a multi-disciplinary and international subject. The book features contributions from key tho

Implementing Information Security and Its Technology: A LineManagement Perspective

Energy Technology Data Exchange (ETDEWEB)

Barletta, William A.

2005-08-22

Assuring the security and privacy of institutionalinformation assets is a complex task for the line manager responsible forinternational and multi-national transactions. In the face of an unsureand often conflicting international legal framework, the line managermust employ all available tools in an Integrated Security and PrivacyManagement framework that ranges from legal obligations, to policy, toprocedure, to cutting edge technology to counter the rapidly evolvingcyber threat to information assets and the physical systems thatinformation systems control.

17 CFR 240.3b-15 - Definition of ancillary portfolio management securities activities.

Science.gov (United States)

2010-04-01

... governing body of the dealer and included in the internal risk management control system for the dealer... of incidental trading activities for portfolio management purposes; and (3) Are limited to risk... portfolio management securities activities. 240.3b-15 Section 240.3b-15 Commodity and Securities Exchanges...

Crisis-management and the Security in the Internet

Science.gov (United States)

Harada, Izumi

This paper discusses about the crisis-management and the security in the Internet. The crime that not is so far occurs during widespread to the society of the Internet, and a big social trouble. Moreover, the problem of a new security such as a cyber war and cyber terrorism appeared, too. It is necessary to recognize such a situation, and to do both correspondences corresponding to the environmental transformation by government and the people.

An energy security management model using quality function deployment and system dynamics

International Nuclear Information System (INIS)

Shin, Juneseuk; Shin, Wan-Seon; Lee, Changyong

2013-01-01

An energy security management model using quality function deployment (QFD) and system dynamics (SD) is suggested for application in public policymaking in developing economies. Through QFD, experts are guided toward identifying key energy security components, including indicators and policies, and in making these components consistent, focused, and customized for a particular country. Using these components as inputs, we construct an intermediate complex system dynamics model with a minimal number of crucial interactions. Key policies are simulated and evaluated in terms of the improvement of key indicators. Even with little data, our approach provides a coherent, useful, and customized energy security management model to help policymakers more effectively manage national energy security. To demonstrate its advantages, the model is applied to the Korean gas sector as an example. - Highlights: ► We suggest an energy security management model for developing economies. ► We identify a consistent set of key components, indicators and policies by using QFD. ► A coherent and practical system dynamics model based on QFD's output is constructed. ► The model is applied to the Korean gas sector as an example

Program Management at the National Nuclear Security Administration Office of Defense Nuclear Security: A Review of Program Management Documents and Underlying Processes

International Nuclear Information System (INIS)

Madden, Michael S.

2010-01-01

The scope of this paper is to review the National Nuclear Security Administration Office of Defense Nuclear Security (DNS) program management documents and to examine the underlying processes. The purpose is to identify recommendations for improvement and to influence the rewrite of the DNS Program Management Plan (PMP) and the documentation supporting it. As a part of this process, over 40 documents required by DNS or its stakeholders were reviewed. In addition, approximately 12 other documents produced outside of DNS and its stakeholders were reviewed in an effort to identify best practices. The complete list of documents reviewed is provided as an attachment to this paper.

The Importance of Information Security Management in Crisis Prevention in the Company

OpenAIRE

Wawak, Slawomir

2010-01-01

Management information system can be compared to the nervous system of a company. Its malfunction may cause adverse effects in many different areas of the company. Information Security Management is understood as tool of the information confidentiality, availability and integrity assurance. An effective information security management system reduces the risk of crisis in the company. It also allows to reduce the effects of the crisis occurring outside the company.

Information security risk management and incompatible parts of organization

Energy Technology Data Exchange (ETDEWEB)

Talabeigi, E.; Naeeini, S.G.J.

2016-07-01

Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value: The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.

Information security risk management and incompatible parts of organization

International Nuclear Information System (INIS)

Talabeigi, E.; Naeeini, S.G.J.

2016-01-01

Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value: The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.

76 FR 60067 - Privacy Act of 1974; Department of Homeland Security Federal Emergency Management Agency-012...

Science.gov (United States)

2011-09-28

... 1974; Department of Homeland Security Federal Emergency Management Agency--012 Suspicious Activity... establish a new system of records titled, ``Department of Homeland Security/Federal Emergency Management... Department of Homeland Security/Federal Emergency Management Agency to collect, maintain, and retrieve...

INFORMATION SECURITY MANAGEMENT: FACTORS THAT INFLUENCE ITS ADOPTION IN SMALL AND MID-SIZED BUSINESSES

Directory of Open Access Journals (Sweden)

Abner da Silva Netto

2008-02-01

Full Text Available The objectives of this study were verify in what measure the small and medium companies accomplish the management security information and identify which factors influence the small and medium companies to adopt measures of management security information. The source research was exploratory-descriptive and the design used was the survey. The sample was compound of 43 metal production industries located in ABC region. According to management information security literature and Brazilian norm of information security were identified the tools or techniques of management security information and classified it into three layers: physic, logic and human. The study identified that the human layer is the one that presents the major shortage of cares in the companies followed by the logical one. The companies get used to have the antivirus as the main security tool/technique according to the researched companies to guarantee the safety of information. Besides that, the research showed that 59% of the companies have a safety satisfactory level and the main motivator factor to adopt the management security information is "to avoid possible financial loss”. On the other hand, all the inhibitors factors showed important to the researched companies like: lack of knowledge, investments value, organization culture and difficulty to measure cost/benefit.

Information security management: a proposal to improve the effectiveness of information security in the scientific research environment

International Nuclear Information System (INIS)

Alexandria, Joao Carlos Soares de

2009-01-01

The increase of the connectivity in the business environment, combined with the growing dependency of information systems, has become the information security management an important governance tool. Information security has as main goal to protect the business transactions in order to work normally. In this way, It will be safeguarding the business continuity. The threats of information come from hackers' attacks, electronic frauds and spying, as well as fire, electrical energy interruption and humans fault. Information security is made by implementation of a set of controls, including of the others politics, processes, procedures, organizational structures, software and hardware, which require a continuous management and a well established structure to be able to face such challenges. This work tried to search the reasons why the organizations have difficulties to make a practice of information security management. Many of them just limit to adopt points measures, sometimes they are not consistent with their realities. The market counts on enough quantity of standards and regulations related to information security issues, for example, ISO/IEC 27002, American Sarbanes-Oxley act, Basel capital accord, regulations from regulatory agency (such as the Brazilians ones ANATEL, ANVISA and CVM). The market researches have showed that the information security implementation is concentrated on a well-defined group of organization mainly formed by large companies and from specifics sectors of economy, for example, financial and telecommunication. However, information security must be done by all organizations that use information systems to carry out their activities, independently of its size or economic area that it belongs. The situation of information security in the governmental sector of Brazil, and inside its research institutions, is considered worrying by the Brazilian Court of Accounts (TCU). This research work presents an assessment and diagnostic proposal of

Management of information security risks in a federal public institution: a case study

Directory of Open Access Journals (Sweden)

Jackson Gomes Soares Souza

2016-11-01

Full Text Available Public institutions bound to the Brazilian federal public sector must apply security measures, policies, procedures and guidelines as information assets protection measures. This case study sought to determine whether the management of information security risks is applied in a federal public institution according to Information Technology (I.T. managers perceptions and the results expose the importance of the roles played by people, responsibilities, policies, standards, procedures and their implementation aiming greater control of information security risks and opportunities related to information technology security.

The effect of secure attachment state and infant facial expressions on childless adults’ parental motivation

Directory of Open Access Journals (Sweden)

Fangyuan Ding

2016-08-01

Full Text Available This study examined the association between infant facial expressions and parental motivation as well as the interaction between attachment state and expressions. Two-hundred eighteen childless adults (Mage=19.22, 118 males, 100 females were recruited. Participants completed the Chinese version of the State Adult Attachment Measure and the E-prime test, which comprised three components a liking, the specific hedonic experience in reaction to laughing, neutral, and crying infant faces; b representational responding, actively seeking infant faces with specific expressions; and c evoked responding, actively retaining images of three different infant facial expressions. While the first component refers to the liking of infants, the second and third components entail the wanting of an infant. Random intercepts multilevel models with emotion nested within participants revealed a significant interaction between secure attachment state and emotion on both liking and representational response. A hierarchical regression analysis was conducted to examine the unique contributions of secure attachment state. Findings demonstrated that, after controlling for sex, anxious, and avoidant, secure attachment state positively predicted parental motivations (liking and wanting in the neutral and crying conditions, but not the laughing condition. These findings demonstrate the significant role of secure attachment state in parental motivation, specifically when infants display uncertain and negative emotions.

The Effect of Secure Attachment State and Infant Facial Expressions on Childless Adults' Parental Motivation.

Science.gov (United States)

Ding, Fangyuan; Zhang, Dajun; Cheng, Gang

2016-01-01

This study examined the association between infant facial expressions and parental motivation as well as the interaction between attachment state and expressions. Two-hundred eighteen childless adults (M age = 19.22, 118 males, 100 females) were recruited. Participants completed the Chinese version of the State Adult Attachment Measure and the E-prime test, which comprised three components (a) liking, the specific hedonic experience in reaction to laughing, neutral, and crying infant faces; (b) representational responding, actively seeking infant faces with specific expressions; and (c) evoked responding, actively retaining images of three different infant facial expressions. While the first component refers to the "liking" of infants, the second and third components entail the "wanting" of an infant. Random intercepts multilevel models with emotion nested within participants revealed a significant interaction between secure attachment state and emotion on both liking and representational response. A hierarchical regression analysis was conducted to examine the unique contributions of secure attachment state. Findings demonstrated that, after controlling for sex, anxious, and avoidant, secure attachment state positively predicted parental motivations (liking and wanting) in the neutral and crying conditions, but not the laughing condition. These findings demonstrate the significant role of secure attachment state in parental motivation, specifically when infants display uncertain and negative emotions.

IT Security Vulnerability and Incident Response Management

NARCIS (Netherlands)

Hafkamp, W.H.M.; Paulus, S.; Pohlman, N.; Reimer, H.

2006-01-01

This paper summarises the results of a Dutch PhD research project on IT security vulnerability and incident response management, which is supervised by the University of Twente in the Netherlands and which is currently in its final stage. Vulnerabilities are ‘failures or weaknesses in computer

Architecture of security management unit for safe hosting of multiple agents

Science.gov (United States)

Gilmont, Tanguy; Legat, Jean-Didier; Quisquater, Jean-Jacques

1999-04-01

In such growing areas as remote applications in large public networks, electronic commerce, digital signature, intellectual property and copyright protection, and even operating system extensibility, the hardware security level offered by existing processors is insufficient. They lack protection mechanisms that prevent the user from tampering critical data owned by those applications. Some devices make exception, but have not enough processing power nor enough memory to stand up to such applications (e.g. smart cards). This paper proposes an architecture of secure processor, in which the classical memory management unit is extended into a new security management unit. It allows ciphered code execution and ciphered data processing. An internal permanent memory can store cipher keys and critical data for several client agents simultaneously. The ordinary supervisor privilege scheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility. The result is a secure processor that has hardware support for extensible multitask operating systems, and can be used for both general applications and critical applications needing strong protection. The security management unit and the internal permanent memory can be added to an existing CPU core without loss of performance, and do not require it to be modified.

EFFICIENCY INDICATORS INFORMATION MANAGEMENT IN INTEGRATED SECURITY SYSTEMS

Directory of Open Access Journals (Sweden)

N. S. Rodionova

2014-01-01

Full Text Available Summary. Introduction of information technology to improve the efficiency of security activity leads to the need to consider a number of negative factors associated with in consequence of the use of these technologies as a key element of modern security systems. One of the most notable factor is the exposure to information processes in protection systems security threats. This largely relates to integrated security systems (ISS is the system of protection with the highest level of informatization security functions. Significant damage to protected objects that they could potentially incur as a result of abnormal operation ISS, puts a very actual problem of assessing factors that reduce the efficiency of the ISS to justify the ways and methods to improve it. Because of the nature of threats and blocking distortion of information in the ISS of interest are: the volume undistorted ISF working environment, as a characteristic of data integrity; time access to information as a feature of its availability. This in turn leads to the need to use these parameters as the performance characteristics of information processes in the ISS - the completeness and timeliness of information processing. The article proposes performance indicators of information processes in integrated security systems in terms of optimal control procedures to protect information from unauthorized access. Set the considered parameters allows to conduct comprehensive security analysis of integrated security systems, and to provide recommendations to improve the management of information security procedures in them.

Report: Fiscal Year 2011 Federal Information Security Management Act Report Status of EPA’s Computer Security Program

Science.gov (United States)

Report #12-P-0062, November 9, 2011. Attached is the Office of Inspector General’s (OIG’s) Fiscal Year 2011 Federal Information Security Management Act (FISMA) Reporting Template, as prescribed by the Office of Management and Budget (OMB).

Security-Enhanced Autonomous Network Management

Science.gov (United States)

Zeng, Hui

2015-01-01

Ensuring reliable communication in next-generation space networks requires a novel network management system to support greater levels of autonomy and greater awareness of the environment and assets. Intelligent Automation, Inc., has developed a security-enhanced autonomous network management (SEANM) approach for space networks through cross-layer negotiation and network monitoring, analysis, and adaptation. The underlying technology is bundle-based delay/disruption-tolerant networking (DTN). The SEANM scheme allows a system to adaptively reconfigure its network elements based on awareness of network conditions, policies, and mission requirements. Although SEANM is generically applicable to any radio network, for validation purposes it has been prototyped and evaluated on two specific networks: a commercial off-the-shelf hardware test-bed using Institute of Electrical Engineers (IEEE) 802.11 Wi-Fi devices and a military hardware test-bed using AN/PRC-154 Rifleman Radio platforms. Testing has demonstrated that SEANM provides autonomous network management resulting in reliable communications in delay/disruptive-prone environments.

Information security risk management and incompatible parts of organization

Directory of Open Access Journals (Sweden)

Elham Talabeigi

2016-11-01

Full Text Available Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value:  The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.

Managing the human factor in information security how to win over staff and influence business managers

CERN Document Server

Lacey, David

2009-01-01

With the growth in social networking and the potential for larger and larger breaches of sensitive data,it is vital for all enterprises to ensure that computer users adhere to corporate policy and project staff design secure systems. Written by a security expert with more than 25 years'' experience, this book examines how fundamental staff awareness is to establishing security and addresses such challenges as containing threats, managing politics, developing programs, and getting a business to buy into a security plan. Illustrated with real-world examples throughout, this is a must-have guide for security and IT professionals.

Report: Fiscal Year 2010 Federal Information Security Management Act Report

Science.gov (United States)

Report #11-P-0017, November 16, 2010. Attached is the Office of Inspector General’s (OIG’s) Fiscal Year 2010 Federal Information Security Management Act (FISMA) Reporting Template, as prescribed by the Office of Management and Budget (OMB).

Securing a Home Energy Managing Platform

DEFF Research Database (Denmark)

Mikkelsen, Søren Aagaard; Jacobsen, Rune Hylsberg

2016-01-01

Energy management in households gets increasingly more attention in the struggle to integrate more sustainable energy sources. Especially in the electrical system, smart grid towards a better utilisation of the energy production and distribution infrastructure. The Home Energy Management System...... (HEMS) is a critical infrastructure component in this endeavour. Its main goal is to enable energy services utilising smart devices in the households based on the interest of the residential consumers and external actors. With the role of being both an essential link in the communication infrastructure...... for balancing the electrical grid and a surveillance unit in private homes, security and privacy become essential to address. In this chapter, we identify and address potential threats Home Energy Management Platform (HEMP) developers should consider in the progress of designing architecture, selecting hardware...

Practical Methods for Information Security Risk Management

Directory of Open Access Journals (Sweden)

Cristian AMANCEI

2011-01-01

Full Text Available The purpose of this paper is to present some directions to perform the risk man-agement for information security. The article follows to practical methods through question-naire that asses the internal control, and through evaluation based on existing controls as part of vulnerability assessment. The methods presented contains all the key elements that concurs in risk management, through the elements proposed for evaluation questionnaire, list of threats, resource classification and evaluation, correlation between risks and controls and residual risk computation.

Analysis of information security management systems at 5 domestic hospitals with more than 500 beds.

Science.gov (United States)

Park, Woo-Sung; Seo, Sun-Won; Son, Seung-Sik; Lee, Mee-Jeong; Kim, Shin-Hyo; Choi, Eun-Mi; Bang, Ji-Eon; Kim, Yea-Eun; Kim, Ok-Nam

2010-06-01

The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals. The ISMS check-list derived from international/domestic standards was distributed to each hospital to complete and the staff of each hospital was interviewed. Information Security Indicator and Information Security Values were used to estimate the present security levels and evaluate the application of each hospital's current system. With regard to the moderate clause of the ISMS, the hospitals were determined to be in compliance. The most vulnerable clause was asset management, in particular, information asset classification guidelines. The clauses of information security incident management and business continuity management were deemed necessary for the establishment of successful ISMS. The level of current ISMS in the hospitals evaluated was determined to be insufficient. Establishment of adequate ISMS is necessary to ensure patient privacy and the safe use of medical records for various purposes. Implementation of ISMS which meet international standards with a long-term and comprehensive perspective is of prime importance. To reflect the requirements of the varied interests of medical staff, consumers, and institutions, the establishment of political support is essential to create suitable hospital ISMS.

Trust Account Fraud And Effective Information Security Management

Directory of Open Access Journals (Sweden)

Sameera Mubarak

2010-09-01

Full Text Available The integrity of lawyers trust accounts has come under scrutiny in the last few years. There are strong possibilities of information technology security breaches happening within the firms, either accidental or deliberate. The damage caused by these security breaches could be extreme. For example, a trust account fund in an Australian law firm was misused in a security breach in which Telstra charged. A$50,000 for phone usage, mainly for ISD calls to Hong Kong.Our study involved interviewing principles of ten law companies to find out solicitors attitudes to computer security and the possibility of breaches of their trust accounts. We simultaneously carried out a survey to see if the trends identified in our case-studies could be backed up with broader quantitative data. We have also conducted in-depth interviews of 5 trust account regulators from the Law society of South Australia to know their view points on security threats on trust accounts. An overall finding highlights that law firms were not current with technology to combat computer crime, and inadequate access control was a major concern in safeguarding account data. Our conclusions revealed the urgent need for law firms to adopt security controls, implement information security policies and procedures and obtain cooperation from management to communicate these policies to staff.

Software for security event management: Development and utilization

Directory of Open Access Journals (Sweden)

Aleksandr V. Kuznetcov

2017-11-01

Full Text Available We address the challenge to the information security coming from the lack of algorithmic machinery for managing the security events. We start with a mathematical formulation of the problem for a tabular processor by introducing an appropriate target function. Details of corresponding algorithm can be found by following the provided links. We describe our original software module that implements the algorithm for determining the registered security events. The module is based on the tabular processor certified by the Russian Federal Service for Technical and Export Control. We present a control sample for testing the developed module. The sample has the dimension 30x20 and contains 14 choices for threshold values of security events number. The results of the tests comply with the specified boundary conditions and demonstrate a nonlinear dependence of the objective function on the number of registered security events, as well as a nonlinear dependence of the percentage of the detected security event on the total initial number of security events to be registered at the event source. The performance of the module specifically, the central processing unit usage is found acceptable (not exceeding 33%, which allows one to use the software for typical automated workplaces equipped with appropriate tabular processors. Our approach is universal with respect to the application areas.

78 FR 79298 - Securities Exempted; Distribution of Shares by Registered Open-End Management Investment Company...

Science.gov (United States)

2013-12-30

...] Securities Exempted; Distribution of Shares by Registered Open- End Management Investment Company...) 551-6792, Investment Company Rulemaking Office, Division of Investment Management, U.S. Securities and... Distribution of shares by registered open-end management investment company. * * * * * (g) If a plan covers...

Proposal for a security management in cloud computing for health care.

Science.gov (United States)

Haufe, Knut; Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.

Proposal for a Security Management in Cloud Computing for Health Care

Directory of Open Access Journals (Sweden)

Knut Haufe

2014-01-01

Full Text Available Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.

In acceptance we trust? Conceptualising acceptance as a viable approach to NGO security management.

Science.gov (United States)

Fast, Larissa A; Freeman, C Faith; O'Neill, Michael; Rowley, Elizabeth

2013-04-01

This paper documents current understanding of acceptance as a security management approach and explores issues and challenges non-governmental organisations (NGOs) confront when implementing an acceptance approach to security management. It argues that the failure of organisations to systematise and clearly articulate acceptance as a distinct security management approach and a lack of organisational policies and procedures concerning acceptance hinder its efficacy as a security management approach. The paper identifies key and cross-cutting components of acceptance that are critical to its effective implementation in order to advance a comprehensive and systematic concept of acceptance. The key components of acceptance illustrate how organisational and staff functions affect positively or negatively an organisation's acceptance, and include: an organisation's principles and mission, communications, negotiation, programming, relationships and networks, stakeholder and context analysis, staffing, and image. The paper contends that acceptance is linked not only to good programming, but also to overall organisational management and structures. © 2013 The Author(s). Journal compilation © Overseas Development Institute, 2013.

Once more unto the breach managing information security in an uncertain world

CERN Document Server

Simmons, Andrea C

2012-01-01

In Once more unto the Breach, Andrea C Simmons speaks directly to information security managers and provides an insider's view of the role, offering priceless gems from her extensive experience and knowledge. Based on a typical year in the life of an information security manager, the book examines how the general principles can be applied to all situations and discusses the lessons learnt from a real project.

Strategic information security

CERN Document Server

Wylder, John

2003-01-01

Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

Analysis of Information Security Management Systems at 5 Domestic Hospitals with More than 500 Beds

OpenAIRE

Park, Woo-Sung; Seo, Sun-Won; Son, Seung-Sik; Lee, Mee-Jeong; Kim, Shin-Hyo; Choi, Eun-Mi; Bang, Ji-Eon; Kim, Yea-Eun; Kim, Ok-Nam

2010-01-01

Objectives The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals. Methods The ISMS check-list derived from international/domestic standards was distributed to each hospital to com...

77 FR 31643 - Siltronic Corporation FAB1 Plant Including On-Site Leased Workers From Express Temporaries...

Science.gov (United States)

2012-05-29

... Secure Solutions USA, SBM Management Services, LP, ALSCO Portland Industrial, VWR International, Inc... G4S Secure Solutions USA, SBM Management Services, LP, Alsco Portland Industrial, VWR International... workers from Express Temporaries, Aerotek Commercial Staffing, G4S Secure Solutions USA, SBM Management...

Information Security Intelligence as a Basis for Modern Information Security Management

OpenAIRE

Natalia Georgievna Miloslavskaya; Aleksandr Ivanovich Tolstoy

2013-01-01

There is a transfer from the simple Log Management Systems and SIEM systems to those supporting Information Security Intelligence (ISI). ISIe as Business Intelligence enables companies to make more informed business decisions through more effective processing of great volumes of available information concerning their IT infrastructure. The relevance of such a transition is defined. The main goal and advantage of ISI are highlighted. The basic functionality of computer-based systems for ISI ar...

FlySec: a risk-based airport security management system based on security as a service concept

Science.gov (United States)

Kyriazanos, Dimitris M.; Segou, Olga E.; Zalonis, Andreas; Thomopoulos, Stelios C. A.

2016-05-01

Complementing the ACI/IATA efforts, the FLYSEC European H2020 Research and Innovation project (http://www.fly-sec.eu/) aims to develop and demonstrate an innovative, integrated and end-to-end airport security process for passengers, enabling a guided and streamlined procedure from the landside to airside and into the boarding gates, and offering for an operationally validated innovative concept for end-to-end aviation security. FLYSEC ambition turns through a well-structured work plan into: (i) innovative processes facilitating risk-based screening; (ii) deployment and integration of new technologies and repurposing existing solutions towards a risk-based Security paradigm shift; (iii) improvement of passenger facilitation and customer service, bringing security as a real service in the airport of tomorrow;(iv) achievement of measurable throughput improvement and a whole new level of Quality of Service; and (v) validation of the results through advanced "in-vitro" simulation and "in-vivo" pilots. On the technical side, FLYSEC achieves its ambitious goals by integrating new technologies on video surveillance, intelligent remote image processing and biometrics combined with big data analysis, open-source intelligence and crowdsourcing. Repurposing existing technologies is also in the FLYSEC objectives, such as mobile application technologies for improved passenger experience and positive boarding applications (i.e. services to facilitate boarding and landside/airside way finding) as well as RFID for carry-on luggage tracking and quick unattended luggage handling. In this paper, the authors will describe the risk based airport security management system which powers FLYSEC intelligence and serves as the backend on top of which FLYSEC's front end technologies reside for security services management, behaviour and risk analysis.

Certified training for nuclear and radioactive source security management

International Nuclear Information System (INIS)

Johnson, Daniel

2017-01-01

Radioactive sources are used by hospitals, research facilities and industry for such purposes as diagnosing and treating illnesses, sterilising equipment and inspecting welds. Unfortunately, many States, regulatory authorities and licensees may not appreciate how people with malevolent intentions could use radioactive sources, and statistics confirm that a number of security incidents happen around the globe. The adversary could be common thieves, activists, insiders, terrorists and organised crime groups. Mitigating this risk requires well trained and competent staff who have developed the knowledge, attributes and skills necessary to successfully discharge their security responsibilities. The International Atomic Energy Agency and the World Institute for Nuclear Security are leading international training efforts. The target audience is a multi-disciplinary group of professionals with management responsibilities for security at facilities with radioactive sources. These efforts to promote training and competence amongst practitioners have been recognised at the 2014 and 2016 Nuclear Security and Nuclear Industry Summits. (author)

The role of national security culture in crisis management : the case of Kardak crisis

OpenAIRE

Savaş, Özlem

2008-01-01

Ankara : The Department of International Relations, Bilkent University, 2008. Thesis (Master's) -- Bilkent University, 2008. Includes bibliographical references leaves 94-103. This thesis analyzes the role of national security culture in crisis management. The use and significance of national security culture in the management of a crisis is the main concern discussed throughout this study. It is assumed that national security culture serves as the main guideline of states d...

Security and VO management capabilities in a large-scale Grid operating system

OpenAIRE

Aziz, Benjamin; Sporea, Ioana

2014-01-01

This paper presents a number of security and VO management capabilities in a large-scale distributed Grid operating system. The capabilities formed the basis of the design and implementation of a number of security and VO management services in the system. The main aim of the paper is to provide some idea of the various functionality cases that need to be considered when designing similar large-scale systems in the future.

78 FR 43890 - Privacy Act of 1974; Department of Homeland Security, Federal Emergency Management Agency-006...

Science.gov (United States)

2013-07-22

... titled, ``Department of Homeland Security/Federal Emergency Management Agency--006 Citizen Corps Database... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0049] Privacy Act of 1974; Department of Homeland Security, Federal Emergency Management Agency--006 Citizen Corps Program...

Multi-agent integrated password management (MIPM) application secured with encryption

Science.gov (United States)

Awang, Norkhushaini; Zukri, Nurul Hidayah Ahmad; Rashid, Nor Aimuni Md; Zulkifli, Zuhri Arafah; Nazri, Nor Afifah Mohd

2017-10-01

Users use weak passwords and reuse them on different websites and applications. Password managers are a solution to store login information for websites and help users log in automatically. This project developed a system that acts as an agent managing passwords. Multi-Agent Integrated Password Management (MIPM) is an application using encryption that provides users with secure storage of their login account information such as their username, emails and passwords. This project was developed on an Android platform with an encryption agent using Java Agent Development Environment (JADE). The purpose of the embedded agents is to act as a third-party software to ease the encryption process, and in the future, the developed encryption agents can form part of the security system. This application can be used by the computer and mobile users. Currently, users log into many applications causing them to use unique passwords to prevent password leaking. The crypto agent handles the encryption process using an Advanced Encryption Standard (AES) 128-bit encryption algorithm. As a whole, MIPM is developed on the Android application to provide a secure platform to store passwords and has high potential to be commercialised for public use.

Information Security Intelligence as a Basis for Modern Information Security Management

Directory of Open Access Journals (Sweden)

Natalia Georgievna Miloslavskaya

2013-12-01

Full Text Available There is a transfer from the simple Log Management Systems and SIEM systems to those supporting Information Security Intelligence (ISI. ISIe as Business Intelligence enables companies to make more informed business decisions through more effective processing of great volumes of available information concerning their IT infrastructure. The relevance of such a transition is defined. The main goal and advantage of ISI are highlighted. The basic functionality of computer-based systems for ISI are determined.

Information Systems Security Management: A Review and a Classification of the ISO Standards

Science.gov (United States)

Tsohou, Aggeliki; Kokolakis, Spyros; Lambrinoudakis, Costas; Gritzalis, Stefanos

The need for common understanding and agreement of functional and non-functional requirements is well known and understood by information system designers. This is necessary for both: designing the "correct" system and achieving interoperability with other systems. Security is maybe the best example of this need. If the understanding of the security requirements is not the same for all involved parties and the security mechanisms that will be implemented do not comply with some globally accepted rules and practices, then the system that will be designed will not necessarily achieve the desired security level and it will be very difficult to securely interoperate with other systems. It is therefore clear that the role and contribution of international standards to the design and implementation of security mechanisms is dominant. In this paper we provide a state of the art review on information security management standards published by the International Organization for Standardization and the International Electrotechnical Commission. Such an analysis is meaningful to security practitioners for an efficient management of information security. Moreover, the classification of the standards in the clauses of ISO/IEC 27001:2005 that results from our analysis is expected to provide assistance in dealing with the plethora of security standards.

Enterprise security IT security solutions : concepts, practical experiences, technologies

CERN Document Server

Fumy, Walter

2013-01-01

Addressing IT managers and staff, as well as CIOs and other executives dealing with corporate IT security, this book provides a broad knowledge on the major security issues affecting today's corporations and organizations, and presents state-of-the-art concepts and current trends for securing an enterprise.Areas covered include information security management, network and system security, identity and access management (IAM), authentication (including smart card based solutions and biometrics), and security certification. In-depth discussion of relevant technologies and standards (including cr

EUROATLANTIC SECURITY AND CRISIS MANAGEMENT

Directory of Open Access Journals (Sweden)

Constantin MINCU

2011-06-01

Full Text Available This article briefly presents the international security environment developments, evaluated in a realistic way in the new ,,Strategic Concept – NATO (Lisbon 2010"; potential threats and hazards, both military and non-military, are present on a global, regional, national scale, determining an adequate NATO and EU reaction, and also from the member states. States and organizations currently pay and will pay special attention to building up and strengthening viable and effective systems of ”Emergency Situations (Crisis Management". This is also the case of Romania which has started this complex and expensive process in 2004, with satisfying results until now.

Information security risk management for computerized health information systems in hospitals: a case study of Iran.

Science.gov (United States)

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

Symmetric Link Key Management for Secure Neighbor Discovery in a Decentralized Wireless Sensor Network

Science.gov (United States)

2017-09-01

KEY MANAGEMENT FOR SECURE NEIGHBOR DISCOVERY IN A DECENTRALIZED WIRELESS SENSOR NETWORK by Kelvin T. Chew September 2017 Thesis Advisor...and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188) Washington, DC 20503. 1. AGENCY USE ONLY (Leave blank) 2. REPORT...DATE September 2017 3. REPORT TYPE AND DATES COVERED Master’s thesis 4. TITLE AND SUBTITLE SYMMETRIC LINK KEY MANAGEMENT FOR SECURE NEIGHBOR

Certified Training for Nuclear and Radioactive Source Security Management.

Science.gov (United States)

Johnson, Daniel

2017-04-01

Radioactive sources are used by hospitals, research facilities and industry for such purposes as diagnosing and treating illnesses, sterilising equipment and inspecting welds. Unfortunately, many States, regulatory authorities and licensees may not appreciate how people with malevolent intentions could use radioactive sources, and statistics confirm that a number of security incidents happen around the globe. The adversary could be common thieves, activists, insiders, terrorists and organised crime groups. Mitigating this risk requires well trained and competent staff who have developed the knowledge, attributes and skills necessary to successfully discharge their security responsibilities. The International Atomic Energy Agency and the World Institute for Nuclear Security are leading international training efforts. The target audience is a multi-disciplinary group of professionals with management responsibilities for security at facilities with radioactive sources. These efforts to promote training and competence amongst practitioners have been recognised at the 2014 and 2016 Nuclear Security and Nuclear Industry Summits. © The Author 2016. Published by Oxford University Press. All rights reserved. For Permissions, please email: journals.permissions@oup.com.

The Concept of Defense Management in the 21st Century within Indonesia Maritime Security Framework

Directory of Open Access Journals (Sweden)

Herlina Juni Risma Saragih

2018-03-01

Full Text Available Conflict of Maritime Security in the Asia Pacific region, especially South China Sea is a conflict that has long occurred and a problem that is often raised both in a regional and international level. Related to the conflict takes Strategy and Management of the State's defense to anticipate the impact of the conflict situations on defense and security of the region. The purpose of this study is to analyze the concept of Defence Management Indonesia in the 21st century in the context of Indonesian Maritime Security, Case Studies U.S Rebalancing in Asia Pacific and South China Sea conflict, as well as to determine the readiness of Defence Management capabilities in the face of threats. The method used is a qualitative method of data collection methods through in-depth interview to the informant. The results showed that in order to improve maritime security in Indonesia has not been implemented in a structured and comprehensive defense in accordance with the management perspective of the countries more advanced, especially on defense preparedness in logistics management as a managing and defense equipment avaible owned by Indonesia government. Based on these results it is suggested the need for socialization implementation of Defense Management in Asia Pacific by Indonesia government in the context of Maritime Security comprehensively.

Is emergency management an integrated element of business continuity management? A case study with security professionals in Western Australia.

Science.gov (United States)

Frohde, Kenny; Brooks, David J

Emergency management (EM) and business continuity management (BCM) frameworks incorporate various strategic and operational measures. Defined within a number of national and international standards and guidelines, such concepts may be integrated within one another to provide increased resilience to disruptive events. Nevertheless, there is a degree of dispute regarding concept integration among security and EM professionals and bodies of knowledge. In line with cognitive psychology exemplar-based concepts, such disputes may be associated with a lack of precision in communality in the approach to EM and BCM. This paper presents a two-stage study, where stage 1 critiqued national and international literature and stage 2 applied semi-structured interviews with security managers in Western Australia. Findings indicate the existence of contradictory views on EM and its integration within BCM. As such, this study concludes that EM is considered a vital component of BCM by the majority of security managers. However, there is broader dispute regarding its degree of integration. Understanding the underpinnings of such disputes will aid in raising the standards and application of professionalism within security, EM and BCM domains, supporting clarification and definition of professional boundaries.

ORACLE DATABASE SECURITY

OpenAIRE

Cristina-Maria Titrade

2011-01-01

This paper presents some security issues, namely security database system level, data level security, user-level security, user management, resource management and password management. Security is a constant concern in the design and database development. Usually, there are no concerns about the existence of security, but rather how large it should be. A typically DBMS has several levels of security, in addition to those offered by the operating system or network. Typically, a DBMS has user a...

Information security risk management for computerized health information systems in hospitals: a case study of Iran

Science.gov (United States)

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

VIRTUAL COGNITIVE CENTERS AS INTELLIGENT SYSTEMS FOR MANAGEMENT INFORMATION SUPPORT OF REGIONAL SECURITY

Directory of Open Access Journals (Sweden)

A. V. Masloboev

2014-03-01

Full Text Available The paper deals with engineering problems and application perspectives of virtual cognitive centers as intelligent systems for information support of interagency activities in the field of complex security management of regional development. A research prototype of virtual cognitive center for regional security management in crisis situations, implemented as hybrid cloud service based on IaaS architectural framework with the usage of multi-agent and web-service technologies has been developed. Virtual cognitive center is a training simulator software system and is intended for solving on the basis of distributed simulation such problems as: strategic planning and forecasting of risk-sustainable development of regional socioeconomic systems, agents of management interaction specification synthesis for regional components security in different crisis situations within the planning stage of joint anti-crisis actions.

Load control services in the management of power system security costs

International Nuclear Information System (INIS)

Jayantilal, A.; Strbac, G.

1999-01-01

The new climate of deregulation in the electricity industry is creating a need for a more transparent cost structure and within this framework the cost of system security has been a subject of considerable interest. Traditionally power system security has been supplied by out-of-merit generation, in the short term, and transmission reinforcement, in the long term. This paper presents a method of analysing the role of load-demand in the management of power system security costs by utilising load control services (LCS). It also proposes a competitive market to enable bidding from various participants within the electricity industry to supply system security. (author)

Using a Prediction Model to Manage Cyber Security Threats

Directory of Open Access Journals (Sweden)

Venkatesh Jaganathan

2015-01-01

Full Text Available Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

Using a Prediction Model to Manage Cyber Security Threats.

Science.gov (United States)

Jaganathan, Venkatesh; Cherurveettil, Priyesh; Muthu Sivashanmugam, Premapriya

2015-01-01

Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

Using a Prediction Model to Manage Cyber Security Threats

Science.gov (United States)

Muthu Sivashanmugam, Premapriya

2015-01-01

Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization. PMID:26065024

Key Management for Secure Multicast over IPv6 Wireless Networks

Directory of Open Access Journals (Sweden)

Siddiqi Mohammad Umar

2006-01-01

Full Text Available Multicasting is an efficient method for transmission and routing of packets to multiple destinations using fewer network resources. Along with widespread deployment of wireless networks, secure multicast over wireless networks is an important and challenging goal. In this paper, we extend the scope of a recent new key distribution scheme to a security framework that offers a novel solution for secure multicast over IPv6 wireless networks. Our key management framework includes two scenarios for securely distributing the group key and rekey messages for joining and leaving a mobile host in secure multicast group. In addition, we perform the security analysis and provide performance comparisons between our approach and two recently published scenarios. The benefits of our proposed techniques are that they minimize the number of transmissions required to rekey the multicast group and impose minimal storage requirements on the multicast group. In addition, our proposed schemes are also very desirable from the viewpoint of transmission bandwidth savings since an efficient rekeying mechanism is provided for membership changes and they significantly reduce the required bandwidth due to key updating in mobile networks. Moreover, they achieve the security and scalability requirements in wireless networks.

Information Technology Management: Social Security Administration Practices Can Be Improved

National Research Council Canada - National Science Library

Shaw, Clay

2001-01-01

To improve SSAs IT management practices, we recommend that the Acting Commissioner of Social Security direct the Chief Information Officer and the Deputy Commissioner for Systems to complete the following actions...

Group Policy Fundamentals, Security, and the Managed Desktop

CERN Document Server

Moskowitz, Jeremy

2010-01-01

The ultimate Group Policy guide-now updated for Windows 7 and Server 2008 R2!. IT and network administrators can streamline their Windows Server management tasks by using Group Policy tools to automate or implement rules, processes, or new security across the enterprise. In this comprehensive guide, Microsoft Group Policy MVP Jeremy Moskowitz thoroughly explores Group Policy across all Windows platforms, including the latest on Windows 7 and Server 2008 R2. If you're a Windows network administrator managing scores of users and computers, you need this essential reference on your desk.: Covers

Three Essays on Information Technology Security Management in Organizations

Science.gov (United States)

Gupta, Manish

2011-01-01

Increasing complexity and sophistication of ever evolving information technologies has spurred unique and unprecedented challenges for organizations to protect their information assets. Companies suffer significant financial and reputational damage due to ineffective information technology security management, which has extensively been shown to…

Database and applications security integrating information security and data management

CERN Document Server

Thuraisingham, Bhavani

2005-01-01

This is the first book to provide an in-depth coverage of all the developments, issues and challenges in secure databases and applications. It provides directions for data and application security, including securing emerging applications such as bioinformatics, stream information processing and peer-to-peer computing. Divided into eight sections, each of which focuses on a key concept of secure databases and applications, this book deals with all aspects of technology, including secure relational databases, inference problems, secure object databases, secure distributed databases and emerging

TECHNIQUE OF OPTIMAL AUDIT PLANNING FOR INFORMATION SECURITY MANAGEMENT SYSTEM

Directory of Open Access Journals (Sweden)

F. N. Shago

2014-03-01

Full Text Available Complication of information security management systems leads to the necessity of improving the scientific and methodological apparatus for these systems auditing. Planning is an important and determining part of information security management systems auditing. Efficiency of audit will be defined by the relation of the reached quality indicators to the spent resources. Thus, there is an important and urgent task of developing methods and techniques for optimization of the audit planning, making it possible to increase its effectiveness. The proposed technique gives the possibility to implement optimal distribution for planning time and material resources on audit stages on the basis of dynamics model for the ISMS quality. Special feature of the proposed approach is the usage of a priori data as well as a posteriori data for the initial audit planning, and also the plan adjustment after each audit event. This gives the possibility to optimize the usage of audit resources in accordance with the selected criteria. Application examples of the technique are given while planning audit information security management system of the organization. The result of computational experiment based on the proposed technique showed that the time (cost audit costs can be reduced by 10-15% and, consequently, quality assessments obtained through audit resources allocation can be improved with respect to well-known methods of audit planning.

Information Security Management Practices of K-12 School Districts

Science.gov (United States)

Nyachwaya, Samson

2013-01-01

The research problem addressed in this quantitative correlational study was the inadequacy of sound information security management (ISM) practices in K-12 school districts, despite their increasing ownership of information assets. Researchers have linked organizational and sociotechnical factors to the implementation of information security…

A novel proposed network security management approach for cyber attacks

International Nuclear Information System (INIS)

Ahmed, Z.; Nazir, B.; Zafar, M.F.; Anwar, M.M.; Azam, K.; Asar, A.U.

2007-01-01

Network security is a discipline that focuses on securing networks from unauthorized access. Given the Escalating threats of malicious cyber attacks, modern enterprises employ multiple lines of defense. A comprehensive defense strategy against such attacks should include (I) an attack detection component that deter- mines the fact that a program is compromised, (2) an attack identification and prevention component that identifies attack packets so that one can block such packets in the future and prevents the attack from further propagation. Over the last decade, a significant amount of research has been vested in the systems that can detect cyber attacks either statically at compile time or dynamically at run time, However, not much effort is spent on automated attack packet identification or attack prevention. In this paper we present a unified solution to the problems mentioned above. We implemented this solution after the forward engineering of Open Source Security Information Management (OSSIM) system called Preventive Information Security management (PrISM) system that correlates input from different sensors so that the resulting product can automatically detect any cyber attack against it and prevents by identifying the actual attack packet(s). The PrISM was always able to detect the attacks, identify the attack packets and most often prevent by blocking the attacker's IP address to continue normal execution. There is no additional run-time performance overhead for attack prevention. (author)

Leadership, Management, and Organization for National Security Space: Report to Congress of the Independent Assessment Panel on the Organization and Management of National Security Space

National Research Council Canada - National Science Library

Young, A. T; Anderson, Edward; Bien, Lyle; Fogleman, Ronald R; Hall, Keith; Lyles, Lester; Mark, Hans

2008-01-01

The Independent Assessment Panel (IAP) was chartered to review and assess the DoD management and organization of National Security in Space and make appropriate recommendations to strengthen the U.S. position...

Enforcement actions and their effectiveness in securities regulation: Empirical evidence from management earnings forecasts

Directory of Open Access Journals (Sweden)

Yunling Song

2012-03-01

Full Text Available Due to resource constraints, securities regulators cannot find or punish all firms that have conducted irregular or even illegal activities (hereafter referred to as fraud. Those who study securities regulations can only find the instances of fraud that have been punished, not those that have not been punished, and it is these unknown cases that would make the best control sample for studies of enforcement action criteria. China’s mandatory management earnings forecasts solve this sampling problem. In the A-share market, firms that have not forecasted as mandated are likely in a position to be punished by securities regulators or are attempting to escape punishment, and their identification allows researchers to build suitable study and control samples when examining securities regulations. Our results indicate that enforcement actions taken by securities regulators are selective. The probability that a firm will be punished for irregular management forecasting is significantly related to proxies for survival rates. Specifically, fraudulent firms with lower return on assets (ROAs or higher cash flow risk are more likely to be punished. Further analysis shows that selective enforcement of regulations has had little positive effect on the quality of listed firms’ management forecasts.

A NEW FORM OF SECURITY COOPERATION AND COLLECTIVECONFLICT MANAGEMENT IN THE POST COLD WARINTERNATIONAL SYSTEM

Directory of Open Access Journals (Sweden)

Sinem KOCAMAZ

2011-01-01

Full Text Available International security environment changed completely after the Cold War.During the Cold War years security challenges wereshaped by competitive powerrelations between Soviet Union and the United States. On the other hand after theend of the Cold War, global security was redefinedand wide range of securitychallenges and threats occurred. After fragmentation of security threats, newthreats emerged such as terrorist attacks, massacres which are made by humansown governments, chronic politic instabilities, environmental degradations etc.Under these circumstances new forms of security cooperation became more vitalin order to cope with these complex challenges. Inthis respect third partiesbecame an actor to manage conflicts, security challenges and crises. Unliketraditional nation-state intervention, regional organizations, international agenciesand non-governmental organizations became more active in conflict managementprocess. In this framework this study will evaluateperformance and theeffectiveness of the main actors in the collectiveconflict management (CCMprocess.

Survey on Security Issues in File Management in Cloud Computing Environment

Science.gov (United States)

Gupta, Udit

2015-06-01

Cloud computing has pervaded through every aspect of Information technology in past decade. It has become easier to process plethora of data, generated by various devices in real time, with the advent of cloud networks. The privacy of users data is maintained by data centers around the world and hence it has become feasible to operate on that data from lightweight portable devices. But with ease of processing comes the security aspect of the data. One such security aspect is secure file transfer either internally within cloud or externally from one cloud network to another. File management is central to cloud computing and it is paramount to address the security concerns which arise out of it. This survey paper aims to elucidate the various protocols which can be used for secure file transfer and analyze the ramifications of using each protocol.

Information Security Management as a Bridge in Cloud Systems from Private to Public Organizations

Directory of Open Access Journals (Sweden)

Myeonggil Choi

2015-08-01

Full Text Available Cloud computing has made it possible for private companies to make rapid changes in their computing environments. However, in the public sector, security issues hinder institutions from adopting cloud computing. To solve these security challenges, in this paper, we propose a methodology for information security management, which quantitatively classifies the importance of information in cloud systems in the public sector. In this study, we adopt a Delphi approach to establish the classification criteria of the proposed methodology in an objective and systematic manner. Further, through a case study of a public corporation, we try to validate the usefulness of the proposed methodology. The results of this study will help public institutions to consider introducing cloud computing and to manage cloud systems effectively and securely.

Information governance and security protecting and managing your company's proprietary information

CERN Document Server

Iannarelli, John G

2014-01-01

Information Governance and Security shows managers in any size organization how to create and implement the policies, procedures and training necessary to keep their organization's most important asset-its proprietary information-safe from cyber and physical compromise. Many intrusions can be prevented if appropriate precautions are taken, and this book establishes the enterprise-level systems and disciplines necessary for managing all the information generated by an organization. In addition, the book encompasses the human element by considering proprietary information lost, damaged, or destroyed through negligence. By implementing the policies and procedures outlined in Information Governance and Security, organizations can proactively protect their reputation against the threats that most managers have never even thought of. Provides a step-by-step outline for developing an information governance policy that is appropriate for your organization Includes real-world examples and cases to help illustrate key ...

Cyber indicators of compromise: a domain ontology for security information and event management

Science.gov (United States)

2017-03-01

heuristics, mapping, and detection. CybOX is aimed at supporting a broad range of important cyber security domains to include [31]: • Digital...REPORT TYPE AND DATES COVERED Master’s thesis 4. TITLE AND SUBTITLE CYBER INDICATORS OF COMPROMISE: A DOMAIN ONTOLOGY FOR SECURITY INFORMATION AND...Distribution is unlimited. CYBER INDICATORS OF COMPROMISE: A DOMAIN ONTOLOGY FOR SECURITY INFORMATION AND EVENT MANAGEMENT Marsha D. Rowell

User Behaviours Associated with Password Security and Management

Directory of Open Access Journals (Sweden)

Kay Bryant

2006-11-01

Full Text Available Control mechanisms established on the boundary of an information system are an important preliminary step to minimising losses from security breaches. The primary function of such controls is to restrict the use of information systems and resources to authorized users. Password-based systems remain the predominant method of user authentication despite the many sophisticated and viable security alternatives that have emerged from research and development. However, the literature shows that passwords are often compromised through the poor security and management practices of users. This paper examines user password composition and security practices for email accounts. The results of a survey that examines user practice in creating and using passwords are reported. The results show that many users know about the risks of hackers, viruses and so on and take preliminary steps to combat them such as having passwords longer than eight characters. However, this appears to be as far as many users are willing to accede to the probability that their information and computing resources can be compromised. This paper makes some recommendations for the education of users in creating and maintaining their passwords. The responsibility for these educational programs can be shared between governments, organisations, educational institutions at all levels, and software vendors.

A governor's guide to emergency management. Volume two : homeland security

Science.gov (United States)

2002-09-19

Homeland security is a complex challenge that demands significant investment; collaboration among local, state, and federal governments; and integration with the private sector. The purpose of A Governor's Guide to Emergency Management Volume Two: Ho...

The information systems security officer's guide establishing and managing an information protection program

CERN Document Server

Kovacich, Gerald L

2003-01-01

Information systems security continues to grow and change based on new technology and Internet usage trends. In order to protect your organization's confidential information, you need information on the latest trends and practical advice from an authority you can trust. The new ISSO Guide is just what you need. Information Systems Security Officer's Guide, Second Edition, from Gerald Kovacich has been updated with the latest information and guidance for information security officers. It includes more information on global changes and threats, managing an international information secur

Security, privacy and ethics in electronic records management in the ...

African Journals Online (AJOL)

Security, privacy and ethics in electronic records management in the South African public sector. ... Computers have become such valuable tools for conducting business ... One great advantage of the computers is the ease with which a large

US-China Security Management: Assessing the Military-to-Miltary Relationship

National Research Council Canada - National Science Library

Pollpeter, Kevin

2004-01-01

.... This study documents the history of U.S. security management with China from 1971 to the present and, based on that history, examines the arguments for and against conducting certain types of activities with the PLA...

Security of pipeline facilities

Energy Technology Data Exchange (ETDEWEB)

Lee, S.C. [Alberta Energy and Utilities Board, Calgary, AB (Canada); Van Egmond, C.; Duquette, L. [National Energy Board, Calgary, AB (Canada); Revie, W. [Canada Centre for Mineral and Energy Technology, Ottawa, ON (Canada)

2005-07-01

This working group provided an update on provincial, federal and industry directions regarding the security of pipeline facilities. The decision to include security issues in the NEB Act was discussed as well as the Pipeline Security Management Assessment Project, which was created to establish a better understanding of existing security management programs as well as to assist the NEB in the development and implementation of security management regulations and initiatives. Amendments to the NEB were also discussed. Areas of pipeline security management assessment include physical safety management; cyber and information security management; and personnel security. Security management regulations were discussed, as well as implementation policies. Details of the Enbridge Liquids Pipelines Security Plan were examined. It was noted that the plan incorporates flexibility for operations and is integrated with Emergency Response and Crisis Management. Asset characterization and vulnerability assessments were discussed, as well as security and terrorist threats. It was noted that corporate security threat assessment and auditing are based on threat information from the United States intelligence community. It was concluded that the oil and gas industry is a leader in security in North America. The Trans Alaska Pipeline Incident was discussed as a reminder of how costly accidents can be. Issues of concern for the future included geographic and climate issues. It was concluded that limited resources are an ongoing concern, and that the regulatory environment is becoming increasingly prescriptive. Other concerns included the threat of not taking international terrorism seriously, and open media reporting of vulnerability of critical assets, including maps. tabs., figs.

Bibliography on peace, security, and international conflict management

International Nuclear Information System (INIS)

Anon.

1993-01-01

This bibliography presents an annotated list of approximately one hundred titles for public libraries seeking to serve the college-educated nonspecialist in the fields of peace, security, and international conflict management. representative titles have been selected in eight subject areas: (1) arms control, disarmament, and proliferation; (2) causes and nature of international conflict; (3) conflict management, diplomacy, and negotiation; (4) human rights and ethnic and religious conflicts; (5) international law and international order; (6) international organizations and transnationalism; (7) other approaches to, and overviews of, security and peace; and (8) religion and ethics. Three criteria determined selection of titles: the book is in print and is expected to remain in print for the foreseeable future; the book is of interest to the college-educated lay reader with a serious interest in the subject; and the list, as a whole, illustrates the full spectrum of debate, both in selection of topics and selection of titles. As an aid to the identification and acquisition of any of these materials, the editors have provided a bibliographic citation with an annotation that includes the following: author, title, statement of responsibility, publisher, publication information, pagination, and ISBN or ISSN

Security credentials management system (SCMS) design and analysis for the connected vehicle system : draft.

Science.gov (United States)

2013-12-27

This report presents an analysis by Booz Allen Hamilton (Booz Allen) of the technical design for the Security Credentials Management System (SCMS) intended to support communications security for the connected vehicle system. The SCMS technical design...

Computer Security: the security marathon, part 2

CERN Multimedia

Computer Security Team

2014-01-01

Do you recall our latest article on the “Security Marathon” (see here) and why it’s wrong to believe that computer security is a sprint, that a quick hack is invulnerable, that quick bug-fixing is sufficient, that plugging security measures on top of existing structures is a good idea, that once you are secure, your life is cosy?   In fact, security is a marathon for us too. Again and again, we have felt comfortable with the security situation at CERN, with dedicated protections deployed on individual hosts, with the security measures deployed by individual service managers, with the attentiveness and vigilance of our users, and with the responsiveness of the Management. Again and again, however, we subsequently detect or receive reports that this is wrong, that protections are incomplete, that security measures are incomplete, that security awareness has dropped. Thus, unfortunately, we often have to go back to square one and address similar issues over and over...

A computer science approach to managing security in health care.

Science.gov (United States)

Asirelli, P; Braccini, G; Caramella, D; Coco, A; Fabbrini, F

2002-09-01

The security of electronic medical information is very important for health care organisations, which have to ensure confidentiality, integrity and availability of the information provided. This paper will briefly outline the legal measures adopted by the European Community, Italy and the United States to regulate the use and disclosure of medical records. It will then go on to highlight how information technology can help to address these issues with special reference to the management of organisation policies. To this end, we will present a modelling example for the security policy of a radiological department.

Quantifiably secure power grid operation, management, and evolution :

Energy Technology Data Exchange (ETDEWEB)

Gray, Genetha Anne.; Watson, Jean-Paul; Silva Monroy, Cesar Augusto; Gramacy, Robert B.

2013-09-01

This report summarizes findings and results of the Quantifiably Secure Power Grid Operation, Management, and Evolution LDRD. The focus of the LDRD was to develop decisionsupport technologies to enable rational and quantifiable risk management for two key grid operational timescales: scheduling (day-ahead) and planning (month-to-year-ahead). Risk or resiliency metrics are foundational in this effort. The 2003 Northeast Blackout investigative report stressed the criticality of enforceable metrics for system resiliency the grids ability to satisfy demands subject to perturbation. However, we neither have well-defined risk metrics for addressing the pervasive uncertainties in a renewable energy era, nor decision-support tools for their enforcement, which severely impacts efforts to rationally improve grid security. For day-ahead unit commitment, decision-support tools must account for topological security constraints, loss-of-load (economic) costs, and supply and demand variability especially given high renewables penetration. For long-term planning, transmission and generation expansion must ensure realized demand is satisfied for various projected technological, climate, and growth scenarios. The decision-support tools investigated in this project paid particular attention to tailoriented risk metrics for explicitly addressing high-consequence events. Historically, decisionsupport tools for the grid consider expected cost minimization, largely ignoring risk and instead penalizing loss-of-load through artificial parameters. The technical focus of this work was the development of scalable solvers for enforcing risk metrics. Advanced stochastic programming solvers were developed to address generation and transmission expansion and unit commitment, minimizing cost subject to pre-specified risk thresholds. Particular attention was paid to renewables where security critically depends on production and demand prediction accuracy. To address this

Security risks in nuclear waste management: Exceptionalism, opaqueness and vulnerability.

Science.gov (United States)

Vander Beken, Tom; Dorn, Nicholas; Van Daele, Stijn

2010-01-01

This paper analyses some potential security risks, concerning terrorism or more mundane forms of crime, such as fraud, in management of nuclear waste using a PEST scan (of political, economic, social and technical issues) and some insights of criminologists on crime prevention. Nuclear waste arises as spent fuel from ongoing energy generation or other nuclear operations, operational contamination or emissions, and decommissioning of obsolescent facilities. In international and EU political contexts, nuclear waste management is a sensitive issue, regulated specifically as part of the nuclear industry as well as in terms of hazardous waste policies. The industry involves state, commercial and mixed public-private bodies. The social and cultural dimensions--risk, uncertainty, and future generations--resonate more deeply here than in any other aspect of waste management. The paper argues that certain tendencies in regulation of the industry, claimed to be justified on security grounds, are decreasing transparency and veracity of reporting, opening up invisible spaces for management frauds, and in doing allowing a culture of impunity in which more serious criminal or terrorist risks could arise. What is needed is analysis of this 'exceptional' industry in terms of the normal cannons of risk assessment - a task that this paper begins. Copyright 2009 Elsevier Ltd. All rights reserved.

The Economic Security of the City in the Strategic Management System

Directory of Open Access Journals (Sweden)

Hubarieva Iryna O.

2017-03-01

Full Text Available The article investigates the problem of economic security of the city in the strategic management system. The article describes the process of ensuring the economic security of the city. The organizational approach was approved using the example of Kharkiv city. The list of threats to the economic security of the city and their urgency is justified by combining such methods as expert surveys, SWOT-analysis and the hierarchy analysis method. There proposed a methodical approach to assessing the economic security of the city based on a hierarchically built system of indices (integral, complex and partial, which allowed determining the level of economic security of the city and imbalances in the development of its functional components. It is proposed to work out scenarios for ensuring the economic security of the city by combining the cognitive modeling and the scenario approach, which makes it possible to determine directions of the implementation of the strategy for ensuring the economic security of the city and choose leverages of state regulation. There presented a mechanism for ensuring the economic security of the city, which includes the following elements: an action plan to implement the strategy for ensuring the economic security of the city; institutional and organizational support; programming and project planning; scientific and methodological support; financial support. The obtained results reveal, deepen and establish conceptual foundations for ensuring the economic security of the city.

Evaluation of the nuclear security culture

International Nuclear Information System (INIS)

Spitalnik, Jorge

2003-01-01

The security culture of an organization resides in its workers and it is expressed by the way the personnel that works in a particular organization practice daily its activities. The security culture can be practice in a high or in a low level, but it always exists and it can always be improved. It is based on the security condition and procedures that have been established in the planning phase and in the implementation of a project. After its implantation, in order to avoid deterioration, basically it is necessary to maintain and to bring updated those conditions and procedures through strategies of follow up and control. This process establishes the basis of a program of maintenance and improvement of the Security Culture. Many self-evaluations that have been accomplished at nuclear organizations based on workers perception concerning working conditions and management environment, have permitted objectively determine if the security doctrine, which the organization assure to follow rigorously into its dally activities, is really so (LS)

Advanced Approach to Information Security Management System Model for Industrial Control System

Directory of Open Access Journals (Sweden)

Sanghyun Park

2014-01-01

Full Text Available Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS. ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

Advanced approach to information security management system model for industrial control system.

Science.gov (United States)

Park, Sanghyun; Lee, Kyungho

2014-01-01

Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

Advanced Approach to Information Security Management System Model for Industrial Control System

Science.gov (United States)

2014-01-01

Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS. PMID:25136659

On Security Management: Improving Energy Efficiency, Decreasing Negative Environmental Impact, and Reducing Financial Costs for Data Centers

Directory of Open Access Journals (Sweden)

Katarzyna Mazur

2015-01-01

Full Text Available Security management is one of the most significant issues in nowadays data centers. Selection of appropriate security mechanisms and effective energy consumption management together with caring for the environment enforces a profound analysis of the considered system. In this paper, we propose a specialized decision support system with a multilevel, comprehensive analysis scheme. As a result of the extensive use of mathematical methods and statistics, guidelines and indicators returned by the proposed approach facilitate the decision-making process and conserve decision-maker’s time and attention. In the paper we utilized proposed multilevel analysis scheme to manage security-based data flow in the example data center. Determining the most secure, energy-efficient, environmental friendly security mechanisms, we implemented the role-based access control method in Quality of Protection Modeling Language (QoP-ML and evaluated its performance in terms of mentioned factors.

Information Systems Security Audit

OpenAIRE

Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

2007-01-01

The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

Discussion on the Technology and Method of Computer Network Security Management

Science.gov (United States)

Zhou, Jianlei

2017-09-01

With the rapid development of information technology, the application of computer network technology has penetrated all aspects of society, changed people's way of life work to a certain extent, brought great convenience to people. But computer network technology is not a panacea, it can promote the function of social development, but also can cause damage to the community and the country. Due to computer network’ openness, easiness of sharing and other characteristics, it had a very negative impact on the computer network security, especially the loopholes in the technical aspects can cause damage on the network information. Based on this, this paper will do a brief analysis on the computer network security management problems and security measures.

The corporate security professional

DEFF Research Database (Denmark)

Petersen, Karen Lund

2013-01-01

In our age of globalization and complex threat environments, every business is called upon to manage security. This tendency is reflected in the fact that a wide range of businesses increasingly think about security in broad terms and strive to translate national security concerns into corporate...... speech. This article argues that the profession of the security manager has become central for understanding how the relationship between national and corporate security is currently negotiated. The national security background of most private sector security managers makes the corporate security...... professional inside the company a powerful hybrid agent. By zooming in on the profession and the practice of national security inside companies, the article raises questions about where to draw the line between corporate security and national security along with the political consequences of the constitution...

Information and Knowledge Management in the Scope of the Information Security practices: the human factor within Organizations

Directory of Open Access Journals (Sweden)

Luciana Emirena Santos Carneiro

2013-08-01

Full Text Available The security of informational assets has always been a corporate requirement. These assets can be scaled in three main spheres, namely, people, organizational processes and technologies. The internet, the web, the broadcast of networks, and the growing presence of technology both in people's lives and in organizational contexts have caused profound transformations in the intrinsic processes that constitute personal and organizational routines. On the one hand, these changes provided by the technological progress have fostered competitiveness and decentralization; on the other hand, they require better management, control, security and protection for information and knowledge. This article presents the results of an investigation within information security realm, focusing on the human aspects of knowledge and information management related to security practices. Using a quality-quantitative approach, we identify behavioral actions and profiles of employees of a company in the field of healthcare, which reveal some connections with information security failures. We conclude that the human element is a relevant variable, even a critical one, for the management of information security in organizations.

Mathematical model as means of optimization of the automation system of the process of incidents of information security management

Directory of Open Access Journals (Sweden)

Yulia G. Krasnozhon

2018-03-01

Full Text Available Modern information technologies have an increasing importance for development dynamics and management structure of an enterprise. The management efficiency of implementation of modern information technologies directly related to the quality of information security incident management. However, issues of assessment of the impact of information security incidents management on quality and efficiency of the enterprise management system are not sufficiently highlighted neither in Russian nor in foreign literature. The main direction to approach these problems is the optimization of the process automation system of the information security incident management. Today a special attention is paid to IT-technologies while dealing with information security incidents at mission-critical facilities in Russian Federation such as the Federal Tax Service of Russia (FTS. It is proposed to use the mathematical apparatus of queueing theory in order to build a mathematical model of the system optimization. The developed model allows to estimate quality of the management taking into account the rules and restrictions imposed on the system by the effects of information security incidents. Here an example is given in order to demonstrate the system in work. The obtained statistical data are shown. An implementation of the system discussed here will improve the quality of the Russian FTS services and make responses to information security incidents faster.

Managing information security in a process industrial environment; Gestao de seguranca da informacao em processos industriais

Energy Technology Data Exchange (ETDEWEB)

Pereira, Raphael Gomes; Aguiar, Leandro Pfleger de [Siemens Company (Brazil)

2008-07-01

With the recently globalization expansion (growth), the exploration of energetic resources is crossing over countries boundaries, resulting in worldwide companies exploring Oil and Gas fields available in any place of the world. To the government's bodies, this information about those fields should be treated as a national security interest subject by bringing an adequate management and protection to all the important and critical information and assets, and making possible, at the same time, the freedom and transparency in concurrence processes. This create a complex security context to be managed, where information disruption might, for instance, imply in broke of integrity in public auctions processes as a result of privileged information usage. Furthermore, with the terrorism problem, the process itself becomes an attractive target for different kinds of attacks, motivated by the opportunism to explore the known incapacity of the big industries in well manage their large and complex environments. With all transformations that are happening in productive processes, as the growing TCP/IP protocol usage, the Windows operating systems adoption in SCADA systems and the integration of industrial with business network, are factors that contribute to an eminent landscape of problems. This landscape demonstrates the need from the organizations and countries that are operating in energetic resources exploration, for renew their risk management areas, establishing a unique and integrated process to protect information security infrastructure. This work presents a study of the challenges to be faced by the organizations while rebuilding their internal processes to integrate the risk management and information security areas, as long as a set of essential steps to establish an affective corporative governance of risk management and compliance aspects. Moreover, the work presents the necessary points of the government involvement to improve all the regulatory aspects

Adequate Security Protocols Adopt in a Conceptual Model in Identity Management for the Civil Registry of Ecuador

Science.gov (United States)

Toapanta, Moisés; Mafla, Enrique; Orizaga, Antonio

2017-08-01

We analyzed the problems of security of the information of the civil registries and identification at world level that are considered strategic. The objective is to adopt the appropriate security protocols in a conceptual model in the identity management for the Civil Registry of Ecuador. In this phase, the appropriate security protocols were determined in a Conceptual Model in Identity Management with Authentication, Authorization and Auditing (AAA). We used the deductive method and exploratory research to define the appropriate security protocols to be adopted in the identity model: IPSec, DNSsec, Radius, SSL, TLS, IEEE 802.1X EAP, Set. It was a prototype of the location of the security protocols adopted in the logical design of the technological infrastructure considering the conceptual model for Identity, Authentication, Authorization, and Audit management. It was concluded that the adopted protocols are appropriate for a distributed database and should have a direct relationship with the algorithms, which allows vulnerability and risk mitigation taking into account confidentiality, integrity and availability (CIA).

Homeland Security

Science.gov (United States)

Provides an overview of EPA's homeland security roles and responsibilities, and links to specific homeland security issues: water security, research, emergency response, recovery, and waste management.

Network Security Is Manageable

Science.gov (United States)

Roberts, Gary

2006-01-01

An effective systems librarian must understand security vulnerabilities and be proactive in preventing problems. Specifics of future attacks or security challenges cannot possibly be anticipated, but this paper suggests some simple measures that can be taken to make attacks less likely to occur: program the operating system to get automatic…

Information security management principles

CERN Document Server

Taylor, Andy; Finch, Amanda; Sutton, David; Taylor, Andy

2013-01-01

In today's technology-driven environment, there is an ever-increasing demand for information delivery. A compromise has to be struck between security and availability. This book is a pragmatic guide to information assurance for both business professionals and technical experts. This second edition includes the security of cloud-based resources.

The promise of acceptance as an NGO security management approach.

Science.gov (United States)

Fast, Larissa; Freeman, Faith; O'Neill, Michael; Rowley, Elizabeth

2015-04-01

This paper explores three questions related to acceptance as a security management approach. Acceptance draws upon relationships with community members, authorities, belligerents and other stakeholders to provide consent for the presence and activities of a non-governmental organisation (NGO), thereby reducing threats from these actors. Little is documented about how NGOs gain and maintain acceptance, how they assess and monitor the presence and degree of acceptance, or how they determine whether acceptance is effective in a particular context. Based on field research conducted in April 2011 in Kenya, South Sudan and Uganda, we address each of these three issues and argue that acceptance must be actively sought as both a programme and a security management strategy. In the paper we delineate elements common to all three contexts as well as missed opportunities, which identify areas that NGOs can and should address as part of an acceptance approach. © 2015 The Author(s). Disasters © Overseas Development Institute, 2015.

Concepts for a standard based cross-organisational information security management system in the context of a nationwide EHR.

Science.gov (United States)

Mense, Alexander; Hoheiser-Pförtner, Franz; Schmid, Martin; Wahl, Harald

2013-01-01

Working with health related data necessitates appropriate levels of security and privacy. Information security, meaning ensuring confidentiality, integrity, and availability, is more organizational, than technical in nature. It includes many organizational and management measures, is based on well-defined security roles, processes, and documents, and needs permanent adaption of security policies, continuously monitoring, and measures assessment. This big challenge for any organization leads to implementation of an information security management system (ISMS). In the context of establishing a regional or national electronic health record for integrated care (ICEHR), the situation is worse. Changing the medical information exchange from on-demand peer-to-peer connections to health information networks requires all organizations participating in the EHR system to have consistent security levels and to follow the same security guidelines and rules. Also, the implementation must be monitored and audited, establishing cross-organizational information security management systems (ISMS) based on international standards. This paper evaluates requirements and defines basic concepts for an ISO 27000 series-based cross-organizational ISMS in the healthcare domain and especially for the implementation of the nationwide electronic health record in Austria (ELGA).

BUSINESS PROCESS MANAGEMENT, AN IMPORTANT AID IN OPTIMIZING ORGANIZATIONAL PROCESSES IN NATIONAL SECURITY INSTITUTIONS

Directory of Open Access Journals (Sweden)

Laurentiu Barcan

2018-04-01

Full Text Available Being required to conform to the large number of regulations, standards and requirements, information security should be considered a general problem of organization that requires involvement at the level of management and must involve all departments and activities of an organization, from professionals in the field to information to users. Creating a culture of security is essential to the organization through continuous education of staff, permanent collaboration with partners in a common approach to security issues, but also through customer awareness of information security risks.

a review of game theory approach to cyber security risk management

African Journals Online (AJOL)

HOD

Keywords: Cyber Security, Risk Management, Game Theory, Model. 1. INTRODUCTION. Risk is ... behaviors. This implies they are triggered by self- motivated goal .... embrace diligence verification of the recipient of the email as well as lack of ...

Natural Resources Management and Food Security in the Context of Sustainable Development

International Nuclear Information System (INIS)

John, H.

2011-01-01

This paper elaborates on the inseparable link between sustain ability of natural resources and food security. A strategic framework that envisages conservation, improvement and sustainable uses of natural resources is proposed which meets the essential requirements for food security. Sustainability has traditionally been accepted as encompassing three dimensions, namely environment, economics and society but it is necessary to widen this approach for a more complete understanding of this term. Environmental degradation curtails ecosystem services, leading to impoverishment of vulnerable communities and insecurity. Food, whether derived from land or sea, is a product of complex environmental linkages, and biodiversity has a pivotal role to play in producing it. Technology, production methods and management requirements are different for food derived from land and sea, but essentially all foodstuffs utilize environmental resources whose sustain ability is crucial for food security. This analysis necessitates consideration of the basic concepts of sustainable development and food security, the strength of the link between these and differences in the patterns of sustainable management of agriculture, fisheries and aquaculture. The growing role of genetically engineered organisms has been included because of the immense possibilities these offer for maximizing food production despite the environmental and ethical concerns raised. (author)

Sustaining Operational Resiliency: A Process Improvement Approach to Security Management

National Research Council Canada - National Science Library

Caralli, Richard A

2006-01-01

.... Coordinating these efforts to sustain operational resiliency requires a process-oriented approach that can be defined, measured, and actively managed. This report describes the fundamental elements and benefits of a process approach to security and operational resiliency and provides a notional view of a framework for process improvement.

The Shaping of Managers' Security Objectives through Information Security Awareness Training

Science.gov (United States)

Harris, Mark A.

2010-01-01

Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…

Auditing Organizational Security

Science.gov (United States)

2017-01-01

Organi- zation for Standardiza- tion ( ISO ): ISO 27000 : Information Systems Se- curity Management. A robust program of internal auditing of a...improvement is the basis and underpinning of the ISO . All processes must be considered ongoing and never at an “end state.” Top management develops a...security management system, including security policies and security objectives, plus threats and risks. Orga- nizations already working with ISO 9000

Computers, business, and security the new role for security

CERN Document Server

Schweitzer, James A

1987-01-01

Computers, Business, and Security: The New Role for Security addresses the professional security manager's responsibility to protect all business resources, with operating environments and high technology in mind. This book discusses the technological aspects of the total security programs.Organized into three parts encompassing 10 chapters, this book begins with an overview of how the developing information age is affecting business management, operations, and organization. This text then examines a number of vulnerabilities that arise in the process of using business computing and communicat

AUTOCHTHONOUS APPROACHING IN THE MANAGEMENT OF THE SECURITY RISK

Directory of Open Access Journals (Sweden)

Burtescu Emil

2008-05-01

Full Text Available An optimal management for a corporation, no matter what size the corporation is, it must contain the management of the security risk. On the importance that is given to the risk management can depend the well functioning of the corporation. An important role in this process has the owner of the business and the way that this one understands the risk. A good understanding of the risk by the owner will have as effect the allocation of sufficient funds to implement controls meant to bring the risk level in order to be an acceptable one. The autochthonous corporations, in a great part even because of the inexistence of reglementations in this domain, have an empiric approach of the phenomena.

Secure Software Configuration Management Processes for nuclear safety software development environment

International Nuclear Information System (INIS)

Chou, I.-Hsin

2011-01-01

Highlights: → The proposed method emphasizes platform-independent security processes. → A hybrid process based on the nuclear SCM and security regulations is proposed. → Detailed descriptions and Process Flow Diagram are useful for software developers. - Abstract: The main difference between nuclear and generic software is that the risk factor is infinitely greater in nuclear software - if there is a malfunction in the safety system, it can result in significant economic loss, physical damage or threat to human life. However, secure software development environment have often been ignored in the nuclear industry. In response to the terrorist attacks on September 11, 2001, the US Nuclear Regulatory Commission (USNRC) revised the Regulatory Guide (RG 1.152-2006) 'Criteria for use of computers in safety systems of nuclear power plants' to provide specific security guidance throughout the software development life cycle. Software Configuration Management (SCM) is an essential discipline in the software development environment. SCM involves identifying configuration items, controlling changes to those items, and maintaining integrity and traceability of them. For securing the nuclear safety software, this paper proposes a Secure SCM Processes (S 2 CMP) which infuses regulatory security requirements into proposed SCM processes. Furthermore, a Process Flow Diagram (PFD) is adopted to describe S 2 CMP, which is intended to enhance the communication between regulators and developers.

Ecosystem Management: Tomorrow’s Approach to Enhancing Food Security under a Changing Climate

Directory of Open Access Journals (Sweden)

Mike Rivington

2011-06-01

Full Text Available This paper argues that a sustainable ecosystem management approach is vital to ensure the delivery of essential ‘life support’ ecosystem services and must be mainstreamed into societal conscience, political thinking and economic processes. Feeding the world at a time of climate change, environmental degradation, increasing human population and demand for finite resources requires sustainable ecosystem management and equitable governance. Ecosystem degradation undermines food production and the availability of clean water, hence threatening human health, livelihoods and ultimately societal stability. Degradation also increases the vulnerability of populations to the consequences of natural disasters and climate change impacts. With 10 million people dying from hunger each year, the linkages between ecosystems and food security are important to recognize. Though we all depend on ecosystems for our food and water, about seventy per cent of the estimated 1.1 billion people in poverty around the world live in rural areas and depend directly on the productivity of ecosystems for their livelihoods. Healthy ecosystems provide a diverse range of food sources and support entire agricultural systems, but their value to food security and sustainable livelihoods are often undervalued or ignored. There is an urgent need for increased financial investment for integrating ecosystem management with food security and poverty alleviation priorities. As the world’s leaders worked towards a new international climate change agenda in Cancun, Mexico, 29 November–10 December 2010 (UNFCCC COP16, it was clear that without a deep and decisive post-2012 agreement and major concerted effort to reduce the food crisis, the Millennium Development Goals will not be attained. Political commitment at the highest level will be needed to raise the profile of ecosystems on the global food agenda. It is recommended that full recognition and promotion be given of the linkages

Quality of Security Service: Adaptive Security

National Research Council Canada - National Science Library

Levin, Timothy E; Irvine, Cynthia E; Spyropoulou, Evdoxia

2004-01-01

The premise of Quality of Security Service is that system and network management functions can be more effective if variable levels of security services and requirements can be presented to users or network tasks...

Cyber Security for the Spaceport Command and Control System: Vulnerability Management and Compliance Analysis

Science.gov (United States)

Gunawan, Ryan A.

2016-01-01

With the rapid development of the Internet, the number of malicious threats to organizations is continually increasing. In June of 2015, the United States Office of Personnel Management (OPM) had a data breach resulting in the compromise of millions of government employee records. The National Aeronautics and Space Administration (NASA) is not exempt from these attacks. Cyber security is becoming a critical facet to the discussion of moving forward with projects. The Spaceport Command and Control System (SCCS) project at the Kennedy Space Center (KSC) aims to develop the launch control system for the next generation launch vehicle in the coming decades. There are many ways to increase the security of the network it uses, from vulnerability management to ensuring operating system images are compliant with securely configured baselines recommended by the United States Government.

Applicants' preference for impression management tactic in employment interviews by Transportation Security Administration.

Science.gov (United States)

Scudder, Joseph N; Lamude, Kevin G

2009-04-01

Following past findings on employment interviews, this study hypothesized applicants would have a preference for using self-promoting tactics of impression management over other focuses. Self-reports of impression management tactics were collected from 124 applicants who had interviews for screener positions with the Transportation Security Administration. Contrary to the hypothesis, analysis indicated participants reported they used more ingratiation tactics attempting to praise the interviewer than self-promotion tactics which focused on their own accomplishments. Special qualifications for security jobs which required well-developed perceptual abilities and the controlling structure of the interview context were perhaps responsible for present results differing from prior findings.

Building effective cybersecurity programs a security manager's handbook

CERN Document Server

Schreider, Tari

2017-01-01

You know by now that your company could not survive without the Internet. Not in today's market. You are either part of the digital economy or reliant upon it. With critical information assets at risk, your company requires a state-of-the-art cybersecurity program. But how do you achieve the best possible program? Tari Schreider, in Building Effective Cybersecurity Programs: A Security Manager's Handbook, lays out the step-by-step roadmap to follow as you build or enhance your cybersecurity program.

Security Management in a Multimedia System

Science.gov (United States)

Rednic, Emanuil; Toma, Andrei

2009-01-01

In database security, the issue of providing a level of security for multimedia information is getting more and more known. For the moment the security of multimedia information is done through the security of the database itself, in the same way, for all classic and multimedia records. So what is the reason for the creation of a security…

Adaptive engineering management tools of enterprise economic security

Directory of Open Access Journals (Sweden)

G.E. Krokhicheva

2018-06-01

Full Text Available This paper discusses the organizational and methodological foundations and methods exploited to forecast, analyze and scale down threats and risks in the sphere of economic security, to solve the adaptation problems, to implement and to evaluate of the potency of protective measures. The object of the conducted research is associated with various economic activities of the commercial enterprises affiliated in Rostov region. A suggested model of the formation and functioning of adaptive engineering tools for managing economic security in the form of derivative balance of the enterprise resources and the sources of their formation will allow the proprietors, executive board and mana-gerial staff to obtain necessary information within the requested context regarding the enterprise vital economic interests. In addition, the paper pays attention to the methodological aspects of accounting description and estimation of the iterative achievements to meet the desired adaptation results, implemented within the framework of the described iterative algorithm aimed at ensuring strategic prediction.

Development of information security and vulnerability risk management system for J-PARC

International Nuclear Information System (INIS)

Ishikawa, Hiroyuki; Tate, Akihiro; Murakami, Tadashi

2012-02-01

In J-PARC (Japan Proton Accelerator Research Complex) we have set up intra-network (internal network, we will abbreviate it as JLAN, below) to support research activity and communication among users. In JLAN, we set up various kinds of security devices to keep JLAN secure. However, the servers which provide information or service to public are still in danger of being accessed illegally. If there is an illegal access, that may cause defacement of data or information leak. Furthermore, the victim servers are manipulated by the malicious attackers, and they themselves attack the external information equipments. Vulnerability of servers enables unauthorized access. So, vulnerability test with use of a vulnerability tool is one of the most effective ways to take measures for vulnerability of the equipments. However, it is not enough to just conduct a vulnerability test. It is also essential for information security to take measures to cover constantly for the vulnerability of servers. We focused on the points above, and developed the vulnerability testing system for security. It is not only a testing tool for the vulnerability of servers, but also management system which enables the server administrators in charge of taking measures for vulnerabilities to manage risks and handles PDCA (Plan-Do-Check-Action) cycles as countermeasure for vulnerability. In this paper, we report the technologies and ingenuities for the development of the above system. (author)

Center for computer security: Computer Security Group conference. Summary

Energy Technology Data Exchange (ETDEWEB)

None

1982-06-01

Topics covered include: computer security management; detection and prevention of computer misuse; certification and accreditation; protection of computer security, perspective from a program office; risk analysis; secure accreditation systems; data base security; implementing R and D; key notarization system; DOD computer security center; the Sandia experience; inspector general's report; and backup and contingency planning. (GHT)

Security dialogues: building better relationships between security and business

OpenAIRE

Ashenden, Debi; Lawrence, Darren

2016-01-01

In the real world, there's often a discrepancy between an organization's mandated security processes and what actually happens. The social practice of security flourishes in the space between and around formal organizational security processes. By recognizing the value of risk management as a communication tool, security practitioners can tap opportunities to improve the security dialogue with staff.

Management of organizations in Serbia from the aspect of the maturity analysis of information security

Directory of Open Access Journals (Sweden)

Trivan Dragan

2016-01-01

Full Text Available The aim of this work is focused on research of information security in organizations, with a focus on cybersecurity. In accordance with the theoretical analysis, the subject of the empirical part of the work is the analysis of information security in Serbia, in order to better understand the information security programs and management structures in organizations in Serbia. The survey covers a variety of industries and discusses how organizations assess, develop, create and support their programs to ensure information security. The survey included 53 companies. The results that were obtained enabled us to select five core elements of the program on the state of information security and cybersecurity in Serbian companies: most companies had not been exposed to cybersecurity incidents; in most companies policy, procedures and spheres of responsibility for information security exist, there are not enough controls to ensure compliance with relevant safety standards by third parties, top management and end-users are insufficiently familiar with cybersecurity risks, although they apply basic measures of protection, safety protection systems are very rare. The scientific goal of this work is to, on the basis of the results obtained, make conclusions that can contribute to the study of corporate information security with special emphasis on cybersecurity. The practical aim of the research is the application of the results for more efficient implementation process of security against cyber attacks in the Serbian organizations.

Use of a "secure room" and a security guard in the management of the violent, aggressive or suicidal patient in a rural hospital: a 3-year audit.

Science.gov (United States)

Brock, Gordon; Gurekas, Vydas; Gelinas, Anne-Fredrique; Rollin, Karina

2009-01-01

Little has been published on the management of psychiatric crises in rural areas, and little is known of the security needs or use of "secure rooms" in rural hospitals. We conducted a 3-year retrospective chart audit on the use of our secure room/security guard system at a rural hospital in a town of 3500, located 220 km from our psychiatric referral centre. Use of our secure room/security guard system occurred at the rate of 1.1 uses/1000 emergency department visits, with the most common indication being physician perception of risk of patient suicide or self-harm. Concern for staff safety was a factor in 10% of uses. Eighty percent of patients were treated locally, with most being released from the secure room after 2 days or less. Fourteen percent of patients required ultimate transfer to our psychiatric referral centre and 6% to a detoxification centre. The average annual cost of security was $16 259.61. A secure room can provide the opportunity for close observation of a potentially self-harming patient, additional security for staff and early warning if a patient flees the hospital. Most admissions were handled locally, obviating the need for transfer to distant psychiatric referral centres. Most patients who were admitted were already known as having a psychiatric illness and 80% of the patients required the use of the secure room/security guard system for less than a 2-night stay, suggesting that most rural mental health crises pass quickly. Most patients admitted to a rural hospital with a mental health crisis can be managed locally if an adequate secure room/security guard system is available.

The Effects of Secure Attachments on Preschool Children's Conflict Management Skills.

Science.gov (United States)

Kesner, John

This study examined the relationship between the security of children's attachment relationships to parents and teachers and how children negotiate and manage conflicts. Sixty-six preschool-aged children participated in story completion tasks regarding their attachment relationship with parents and teachers, and in hypothetical situations…

The Identity Crisis. Security, Privacy and Usability Issues in Identity Management

NARCIS (Netherlands)

Alpár, G.; Hoepman, J.H.; Siljee, B.I.J.

2011-01-01

This paper studies the current "identity crisis" caused by the substantial security, privacy and usability shortcomings encountered in existing systems for identity management. Some of these issues are well known, while others are much less understood. This paper brings them together in a single,

Connected Vehicle Pilot Deployment Program phase 1 : security management operating concept : New York City : final report.

Science.gov (United States)

2016-05-18

This document describes the Security Management Operating Concept (SMOC) for the New York City Department of Transportation (NYCDOT) Connected Vehicle Pilot Deployment (CVPD) Project. This SMOC outlines the security mechanisms that will be used to pr...

Information security risk management and incompatible parts of organization

OpenAIRE

Talabeigi, Elham; Naeeini, Seyyed Gholamreza Jalali

2016-01-01

Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in...

Standardi za upravljanje sigurnošću podataka / Standards for management data security

Directory of Open Access Journals (Sweden)

Dejan Vuletić

2006-10-01

Full Text Available U radu su analizirani osnovni pojmovi vezani za upravljanje sigurnošću podataka. Ukazano je na potrebu i značaj standardizacije u oblasti informaciono-komunikacionih tehnologija, naročito prema standardima Međunarodne organizacije za standardizaciju (International Standardization Organization - ISO. U završnom delu rada prikazane su proaktivne i reaktivne aktivnosti u upravljanju sigurnošću podataka. / In this article basic notions of management data security are analyzed. We indicated demand and importance of standardization in information-communication technology domain, especially according to International Standardization Organization. In the final part of the article we illustrated both proactive and reactive activities in management data security.

Building organisational cyber resilience: A strategic knowledge-based view of cyber security management.

Science.gov (United States)

Ferdinand, Jason

The concept of cyber resilience has emerged in recent years in response to the recognition that cyber security is more than just risk management. Cyber resilience is the goal of organisations, institutions and governments across the world and yet the emerging literature is somewhat fragmented due to the lack of a common approach to the subject. This limits the possibility of effective collaboration across public, private and governmental actors in their efforts to build and maintain cyber resilience. In response to this limitation, and to calls for a more strategically focused approach, this paper offers a knowledge-based view of cyber security management that explains how an organisation can build, assess, and maintain cyber resilience.

System of economics' security management in economic activity of meat processing enterprises formation

OpenAIRE

Iryna Sosnovska

2015-01-01

This article is devoted to creation of economics' security management system production and economic activity of meat current processing enterprises. The article reflects research results of various scientists scientific works regarding interpretation of economic security system and shows the lack of this concept single interpretation. There are summarized observation of current activities of meat processing plants specifics as a conclusion there are a large number of different programs and c...

Information Security Policy Modeling for Network Security Systems

Directory of Open Access Journals (Sweden)

Dmitry Sergeevich Chernyavskiy

2014-12-01

Full Text Available Policy management for network security systems (NSSs is one of the most topical issues of network security management. Incorrect configurations of NSSs lead to system outages and appearance of vulnerabilities. Moreover, policy management process is a time-consuming task, which includes significant amount of manual work. These factors reduce efficiency of NSSs’ utilization. The paper discusses peculiarities of policy management process and existing approaches to policy modeling, presents a model aimed to formalize policies for NSSs independently on NSSs’ platforms and select the most effective NSSs for implementation of the policies.

Evaluation of the central libraries information security management at governmental universities located in Tehran, according to the international standard ISO/IEC 27002

Directory of Open Access Journals (Sweden)

Milad Malekolkalami

2014-02-01

Full Text Available This study assessed the evaluation of information security management status in central Libraries of governmental universities located in Tehran, according to ISO / I.E.C. 27002. Research method applied for the study is descriptive Survey and a questionnaire was used for collecting information. The questionnaire was distributed between the 74 central library managers of governmental universities in Tehran according to the recent list on the website of Ministry of Science, Research and Technology, that includes 39 components based on 11 indicators of the standard ISO/ I.E.C. 27002. Analysis of data has been done by using both descriptive and inferential statistics by Microsoft Excel 2007and SPSS statistical softwares. The results of research showed that the mean for libraries in 11 indexes are as follows: The mean for the first index, Security policy, is 3.91 , in the second index, organization of information security, is 4.23, in the third index, asset security management, is 4.38, in the fourth index, Human Resources Security management, is 4, in the fifth index, physical and environment Security management, is 4.07, in the sixth index, operations management and communications, is 4.15, in the Seventh index, access controls management, is 4.38, in the eighth index, information system acquisition, development and maintenance, is 3.92, in the ninth index, information security incident management, is 3.84, in the tenth index, business continuity management, is 3.46, in the eleventh index, compliance, is 3.69 that match with the standard ISO / IEC. 27002. The results of Research shown that totally mean for standard ISO/I.E.C. 27002 in the field of information security management in the central libraries, is 4 being in a good condition and there is no significant differences between the performance of the Central libraries of the governmental Universities in Tehran, since It is not observed significant difference between them in the field of

Security and emergency management technical assistance for the top 50 transit agencies

Science.gov (United States)

2007-04-01

Between May 2002 and July 2006, the Federal Transit Administration (FTA) provided technical assistance to the top 50 transit agencies through the Security and Emergency Management Technical Assistance Program (SEMTAP). The scope and purpose of the pr...

Secure Trust Based Key Management Routing Framework for Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Jugminder Kaur

2016-01-01

Full Text Available Security is always a major concern in wireless sensor networks (WSNs. Several trust based routing protocols are designed that play an important role in enhancing the performance of a wireless network. However they still have some disadvantages like limited energy resources, susceptibility to physical capture, and little protection against various attacks due to insecure wireless communication channels. This paper presents a secure trust based key management (STKF routing framework that establishes a secure trustworthy route depending upon the present and past node to node interactions. This route is then updated by isolating the malicious or compromised nodes from the route, if any, and a dedicated link is created between every pair of nodes in the selected route with the help of “q” composite random key predistribution scheme (RKPS to ensure data delivery from source to destination. The performance of trust aware secure routing framework (TSRF is compared with the proposed routing scheme. The results indicate that STKF provides an effective mechanism for finding out a secure route with better trustworthiness than TSRF which avoids the data dropping, thereby increasing the data delivery ratio. Also the distance required to reach the destination in the proposed protocol is less hence effectively utilizing the resources.

Evaluating the Level of Internal Control System in the Management of Financial Security of Bank

Directory of Open Access Journals (Sweden)

Pidvysotska Lyudmyla J.

2017-06-01

Full Text Available The article is aimed at studying the organization and technology of evaluation process of the internal control system of bank in order to ensure financial security management of its activities. The work of the internal audit service on monitoring and evaluating the performance of the bank’s internal control system was analyzed. It has been found that improving the level of financial security of commercial banks is conditional upon improvements in the quality of audits and the provision of sound and objective conclusions. The interrelation of the tasks of internal audit service and the tasks of bank’s financial security management has been determined. Methodological recommendations on evaluation of the bank’s internal control system on the basis of results of audit have been proposed.

17 CFR 249.325 - Form 13F, report of institutional investment manager pursuant to section 13(f) of the Securities...

Science.gov (United States)

2010-04-01

... institutional investment manager pursuant to section 13(f) of the Securities Exchange Act of 1934. 249.325... manager pursuant to section 13(f) of the Securities Exchange Act of 1934. This form shall be used by institutional investment managers which are required to furnish reports pursuant to section 13(f) of the...

Information Security Governance: When Compliance Becomes More Important than Security

OpenAIRE

Tan , Terence C. C.; Ruighaver , Anthonie B.; Ahmad , Atif

2010-01-01

International audience; Current security governance is often based on a centralized decision making model and still uses an ineffective 20th century risk management approach to security. This approach is relatively simple to manage since it needs almost no security governance below the top enterprise level where most decisions are made. However, while there is a role for more corporate governance, new regulations, and improved codes of best practice to address current weak organizational secu...

ITIL® and information security

International Nuclear Information System (INIS)

Jašek, Roman; Králík, Lukáš; Popelka, Miroslav

2015-01-01

This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework

Factors Influencing the Adoption of Biometric Security Technologies by Decision Making Information Technology and Security Managers

OpenAIRE

Lease, David R.

2005-01-01

The research conducted under this study offers an understanding of the reasons why information technology (IT) and/or information assurance (IA) managers choose to recommend or not to recommend particular technologies, specifically biometric security, to their organizations. A review of the relevant literature provided the foundation to develop a set of research questions and factors for this research effort. The research questions became the basis of the study’s stated hypotheses for examini...

Evaluating of foreign trade security

OpenAIRE

Vasyliev Andriy

2015-01-01

A method of evaluating foreign trade security is considered based on horizontally integrated approach to research security issues, taking into account the conditions of management, factors, components and levels of external security. The work was based theories of security, economics, management theory, practice of state regulation of foreign trade.

75 FR 11191 - Privacy Act of 1974; Retirement of Department of Homeland Security Federal Emergency Management...

Science.gov (United States)

2010-03-10

... 20472. For privacy issues please contact: Mary Ellen Callahan (703-235- 0780), Chief Privacy Officer... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Privacy Act of 1974; Retirement of Department of Homeland Security Federal Emergency Management Agency System of Records AGENCY: Privacy Office...

LESSONS LEARNED FROM CYBER SECURITY ASSESSMENTS OF SCADA AND ENERGY MANAGEMENT SYSTEMS

Energy Technology Data Exchange (ETDEWEB)

Ray Fink

2006-10-01

The results from ten cyber security vulnerability assessments of process control, SCADA and energy management systems, or components of those systems were reviewed to identify common problem areas. The common vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. In each vulnerability category, relative measures were assigned to the severity of the vulnerability and ease with which an attacker could exploit the vulnerability. Suggested mitigations are identified in each category. Recommended mitigations having the highest impact on reducing vulnerability are listed for asset owners and system vendors.

A Model for an Information Security Risk Management (ISRM) Framework for Saudi Arabian Organisations

Science.gov (United States)

Alshareef, Naser

2016-01-01

Countries in the Gulf represent thriving, globally important commercial centres. They have embraced technology and modern management methods, often originating in the western countries. In adapting to quite different cultures these do not always operate as successfully. The adoption and practices of the Information Security Risk Management (ISRM)…

Implementing an Information Security Program

Energy Technology Data Exchange (ETDEWEB)

Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.; O' Neil, Lori Ross; Leitch, Rosalyn; Johnson, Christopher; Lewis, John G.; Rodger, Robert M.

2017-11-01

The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to cover information security best practices, planning for an information security management system, and implementing security controls for information security.

A Risk Management Process for Consumers: The Next Step in Information Security

NARCIS (Netherlands)

van Cleeff, A.

2010-01-01

Simply by using information technology, consumers expose themselves to considerable security risks. Because no technical or legal solutions are readily available, and awareness programs have limited impact, the only remedy is to develop a risk management process for consumers. Consumers need to

Managing the security of nursing data in the electronic health record.

Science.gov (United States)

Samadbeik, Mahnaz; Gorzin, Zahra; Khoshkam, Masomeh; Roudbari, Masoud

2015-02-01

The Electronic Health Record (EHR) is a patient care information resource for clinicians and nursing documentation is an essential part of comprehensive patient care. Ensuring privacy and the security of health information is a key component to building the trust required to realize the potential benefits of electronic health information exchange. This study was aimed to manage nursing data security in the EHR and also discover the viewpoints of hospital information system vendors (computer companies) and hospital information technology specialists about nursing data security. This research is a cross sectional analytic-descriptive study. The study populations were IT experts at the academic hospitals and computer companies of Tehran city in Iran. Data was collected by a self-developed questionnaire whose validity and reliability were confirmed using the experts' opinions and Cronbach's alpha coefficient respectively. Data was analyzed through Spss Version 18 and by descriptive and analytic statistics. The findings of the study revealed that user name and password were the most important methods to authenticate the nurses, with mean percent of 95% and 80%, respectively, and also the most significant level of information security protection were assigned to administrative and logical controls. There was no significant difference between opinions of both groups studied about the levels of information security protection and security requirements (p>0.05). Moreover the access to servers by authorized people, periodic security update, and the application of authentication and authorization were defined as the most basic security requirements from the viewpoint of more than 88 percent of recently-mentioned participants. Computer companies as system designers and hospitals information technology specialists as systems users and stakeholders present many important views about security requirements for EHR systems and nursing electronic documentation systems. Prioritizing

Secure data management : 8th VLDB workshop, SDM 2011 Seattle, WA, USA, September 2, 2011 : proceedings

NARCIS (Netherlands)

Jonker, W.; Petkovic, M.

2011-01-01

Preface. This year was the eighth edition of the VLDB Secure Data Management Workshop. The topic of data security remains an important area of research especially due to the steady growing proliferation of emerging data services such as cloud computing, location-based services, and health-related

Risk management and security services interaction--a must in today's health care environment.

Science.gov (United States)

Stultz, M S

1990-01-01

The author shows why risk managers and security directors are natural partners in the effort of a hospital to reduce risks from such occurrences as baby kidnappings, serial killers, thefts, and rapes/sexual assaults.

Security robots for nuclear materials management

International Nuclear Information System (INIS)

Deming, R.

1986-01-01

Robots have successfully invaded industry where they have replaced costly personnel performing their tasks cheaper and better in most cases. There may be a place for a unique class of robots, security robots, in nuclear materials management. Robots could be employed in the functions of general response, patrol and neutralizing dangerous situations. The last is perhaps most important. Ion Track Instruments of Burlington, Massachusetts has designed an excellent unit to protect life in hazardous situations. The unit can detect, disrupt or remove explosives. It can enter dangerous areas to reconnoiter the extent of danger. It can communicate with those in a dangerous area. It can fight fires or clean an area using a 2 1/2 inch, two man hose. If necessary, it can engage an adversary in a fire fight using a twelve gauge shot gun

Obtaining Knowledge for Innovation: Benefits and Harms of Procedures for Managing Information Security

Directory of Open Access Journals (Sweden)

José Geraldo Pereira Barbosa

2012-06-01

Full Text Available The research reported in this article aims to describe how the processes of information security used in a manufacturing and packaging paper company influenced the attainment of knowledge on two innovations. The study was conducted through field research, using interviews, narratives, direct observation and thematic analysis for data collection and data processing. The research started from the assumption that even considering the importance of managing information security and its benefits to an organization, the processes of logical security, and physical access controls, would undermine the process of obtaining and transference of knowledge required by innovations. It was observed the presence of five instruments of physical and logical security: "confidentiality", "general control of protection", "antivirus", "backups" and "facility security procedures" which did not interfere negatively in obtaining knowledge. The single barrier identified for the transfer of knowledge was the lack of absorptive capacity of knowledge workers. Therefore, the case describes a situation where a clearly and consistent information security policy allowed the obtaining and transferring of knowledge necessary for innovation. In other words, the assumption of the research was rejected by the findings.

Management of Control System Information SecurityI: Control System Patch Management

Energy Technology Data Exchange (ETDEWEB)

Quanyan Zhu; Miles McQueen; Craig Rieger; Tamer Basar

2011-09-01

The use of information technologies in control systems poses additional potential threats due to the frequent disclosure of software vulnerabilities. The management of information security involves a series of policy-making on the vulnerability discovery, disclosure, patch development and patching. In this paper, we use a system approach to devise a model to understand the interdependencies of these decision processes. In more details, we establish a theoretical framework for making patching decision for control systems, taking into account the requirement of functionability of control systems. We illustrate our results with numerical simulations and show that the optimal operation period of control systems given the currently estimated attack rate is roughly around a half a month.

Panel on protection and management of plutonium: Subpanel on safeguards and security

International Nuclear Information System (INIS)

Tape, J.W.

1995-01-01

Nuclear materials safeguards and security systems are described in the context of the nuclear nonproliferation regime. Materials of interest to safeguards, threats, proposals to strengthen International Atomic Energy Agency safeguards, evolving safeguards issues and requirements, system effectiveness, and elements of a global nuclear materials management regime are discussed. Safeguards are seen as an essential element of nuclear materials management, but not a driver for decisions regarding nuclear power or the disposal of excess weapon nuclear materials

Indirect effect of management support on users' compliance behaviour towards information security policies.

Science.gov (United States)

Humaidi, Norshima; Balakrishnan, Vimala

2018-01-01

Health information systems are innovative products designed to improve the delivery of effective healthcare, but they are also vulnerable to breaches of information security, including unauthorised access, use, disclosure, disruption, modification or destruction, and duplication of passwords. Greater openness and multi-connectedness between heterogeneous stakeholders within health networks increase the security risk. The focus of this research was on the indirect effects of management support (MS) on user compliance behaviour (UCB) towards information security policies (ISPs) among health professionals in selected Malaysian public hospitals. The aim was to identify significant factors and provide a clearer understanding of the nature of compliance behaviour in the health sector environment. Using a survey design and stratified random sampling method, self-administered questionnaires were distributed to 454 healthcare professionals in three hospitals. Drawing on theories of planned behaviour, perceived behavioural control (self-efficacy (SE) and MS components) and the trust factor, an information system security policies compliance model was developed to test three related constructs (MS, SE and perceived trust (PT)) and their relationship to UCB towards ISPs. Results showed a 52.8% variation in UCB through significant factors. Partial least squares structural equation modelling demonstrated that all factors were significant and that MS had an indirect effect on UCB through both PT and SE among respondents to this study. The research model based on the theory of planned behaviour in combination with other human and organisational factors has made a useful contribution towards explaining compliance behaviour in relation to organisational ISPs, with trust being the most significant factor. In adopting a multidimensional approach to management-user interactions via multidisciplinary concepts and theories to evaluate the association between the integrated management

Information technology as a tool for the Italian Institute of Social Security (INPS) in the management of social security and civil disability: Pro and cons.

Science.gov (United States)

Sammicheli, Michele; Scaglione, Marcella

2018-01-01

We examine, from a medical-legal perspective, the pro and cons of the information technology procedures that the Italian Institute of Social Security (INPS) has implemented to manage the provision of social disability assistance, meaning that separate from the payment of pension contributions, being welfare, anchored to an administrative requirement by way of the compulsory payment of a minimum social security contribution.

Homeland Security and Emergency Management Education: An Investigation into Workforce Needs

Science.gov (United States)

Carlson, Cameron D.

2017-01-01

The U.S. Department of Homeland Security (DHS) was created in the wake of the September 11th 2001 terrorist events. DHS's formation, the largest reorganization of a governmental agency in over 50 years, brought a new emphasis on the protection of the nation, its citizens and its infrastructure to government emergency management policy. Previously,…

Using Blockchain and smart contracts for secure data provenance management

OpenAIRE

Ramachandran, Aravind; Kantarcioglu, Dr. Murat

2017-01-01

Blockchain technology has evolved from being an immutable ledger of transactions for cryptocurrencies to a programmable interactive the environment for building distributed reliable applications. Although, blockchain technology has been used to address various challenges, to our knowledge none of the previous work focused on using blockchain to develop a secure and immutable scientific data provenance management framework that automatically verifies the provenance records. In this work, we le...

Information security becoming a priority for utilities

Energy Technology Data Exchange (ETDEWEB)

Nicolaides, S. [Numerex, Atlanta, GA (United States)

2009-10-15

As part of North America's national critical infrastructure, utilities are finding themselves at the forefront of a security issue. In October 2007, a leading security service provider reported a 90 per cent increase in the number of hackers attempting to attack its utility clients in just one year. Utilities are vulnerable to cyber attacks that could disrupt power production and the transmission system. This article discussed the need for intelligent technologies in securely enabling resource management and operational efficiency of the utilities market. It discussed the unique security challenges that utilities face at a time of greater regulatory activity, heightened environmental concerns, tighter data security requirements and an increasing need for remote monitoring and control. A new tool has emerged for cyber security in the form of an international standard that may offer a strong guideline to work toward 11 security domains. These include security policy; organization of information security; asset management; human resources security; physical and environmental security; communications and operations management; access control; information systems acquisition; development and maintenance; information security incident management; business continuity management; and compliance. 2 figs.

THE ROLE OF THE INNOVATION POTENTIAL IN THE MANAGEMENT SYSTEM OF ECONOMIC SECURITY OF ENTERPRISES

Directory of Open Access Journals (Sweden)

Y. P. Anisimov

2015-01-01

Full Text Available The article explores the theoretical foundations of innovative potential of the enterprise and its role for sustainable development and economic security. The urgency of the problem of sustainable development innovative capacity, low level of theoretical and practical elaboration, poor methodological and conceptual basis for the development of economic security, increasing competitiveness and strengthening market situation of enterprises, determined the choice of the research topic. Scientific awareness of the key problems of the economy determined the significance of the research topic, the relevance of which is determined by the need for new theoretical concepts, methodological developments and practical recommendations on the role of innovation potential in the management system of economic security of enterprises. The system of economic security management is the basis of the successful functioning and development of enterprises. In market conditions, the economic security of organizations is directly outside-the implementation of innovations into the production process, which is an effective means of increasing competitiveness, improving the quality of products. The innovative capacity of enterprises consists of a unique ability to increase such components as material and investment, information, personnel that will help the organization to achieve new strategic goals. It should be noted that not all products are offered by organizations on the existing market, generates potential, but only one that is potentially profitable. That is, the products created on the basis of innovative technologies, from-while a high quality and should demand amongst consumers. Economic security policy is a system of views, different measures, methods of solutions, specific actions in the area of economic security, which determine the conditions for achieving business goals. Thus, the implemented security policy allocates the organization to carry out economic

Security management based on trust determination in cognitive radio networks

Science.gov (United States)

Li, Jianwu; Feng, Zebing; Wei, Zhiqing; Feng, Zhiyong; Zhang, Ping

2014-12-01

Security has played a major role in cognitive radio networks. Numerous researches have mainly focused on attacking detection based on source localization and detection probability. However, few of them took the penalty of attackers into consideration and neglected how to implement effective punitive measures against attackers. To address this issue, this article proposes a novel penalty mechanism based on cognitive trust value. The main feature of this mechanism has been realized by six functions: authentication, interactive, configuration, trust value collection, storage and update, and punishment. Data fusion center (FC) and cluster heads (CHs) have been put forward as a hierarchical architecture to manage trust value of cognitive users. Misbehaving users would be punished by FC by declining their trust value; thus, guaranteeing network security via distinguishing attack users is of great necessity. Simulation results verify the rationality and effectiveness of our proposed mechanism.

Managing Security Risks in an Industrial Investment – Analysis Directions

Directory of Open Access Journals (Sweden)

Stefan Dragomir

2016-05-01

Full Text Available This paper achieved an analysis of some important management strategies for an investment, in correlation with index of global pollution. Environmental security assessment shall be determined taking into account the workplace security and effects on health, safety of workers in an industry investment. It is necessary to observe and collect a larger number of data generated by the development of an industrial process, so as to make a deep analysis on global pollution index and how it is affected industrial investment environment. This research shows how can the substances that infest the environment to produce much damage and influence the environmental factors (air, water, soil, landscape, fauna and flora. When we know the risks that characterize the plant equipment, we can protect the life and we can protect the environment for a sustainable development in the future.

Gene expression programming for power system static security ...

African Journals Online (AJOL)

user

fuzzy logic, artificial neural networks and expert systems have been explored for static security assessment problems (Bansal et ..... MATLAB version 7.6 neural network toolbox was ..... Vision 2020 Dynamic Security Assessment in Real time.

National Cyber Security Policy

Indian Academy of Sciences (India)

National Cyber Security Policy. Salient Features: Caters to ... Creating a secure cyber ecosystem. Creating an assurance framework. Encouraging Open Standards. Strengthening the Regulatory framework. Creating mechanisms for security threat early warning, vulnerability management and response to security threats.

Securing radioactive sources into disuse, NORM, management, security assessment, exclusion, exemption and clearance

International Nuclear Information System (INIS)

Bastidas Pazmino, Jorge

2008-01-01

Full text: The Ecuadorian Atomic Energy Commission, through the unity of Radiation Protection Services, with the area of Radioactive Waste Management, has made the study of disused radioactive sources at the national level and are kept in the Temporary Storage of Radioactive Waste; has been made joint efforts with the Department of Energy of the United States for the repatriation of sources originating in that country; similarly, the use of radioactive materials in medicine, industry and research has had a significant increase in the country in the recent years, resulting in the generation of radioactive wastes requiring proper management, to ensure protection to human health and the environment now and into the future. Ecuador, through the Ecuadorian Atomic Energy Commission ensures that the Radioactive Waste Management is done by ensuring an adequate level of protection to human beings and the environment, seeks to meet the objectives of protection of human health, environmental protection, protection beyond national borders; protection of future generations; charges imposed on future generations; national legal framework; control of the production of radioactive wastes; unit interplay between production and radioactive waste management; security installations; in the same way within this framework are the NORM of which has been carried out preliminary studies in the Ecuador Orient, which is part of the lung that Amazon uses oxygen to the whole world, have been submitted NORM as a result of oil hidden within the operation, which has presented measures of exposure high inlays within hose from the wells operating and currently looking to move to the next stage, which are considering different alternatives for managing radioactive waste as more appropriate. (author)

Unix Security Cookbook

Science.gov (United States)

Rehan, S. C.

This document has been written to help Site Managers secure their Unix hosts from being compromised by hackers. I have given brief introductions to the security tools along with downloading, configuring and running information. I have also included a section on my recommendations for installing these security tools starting from an absolute minimum security requirement.

Security Clearances and the Protection of National Security Information: Law and Procedures

National Research Council Canada - National Science Library

Cohen, Sheldon

2000-01-01

... designed to protect National Security information. The report provides an authoritative compendium for lawyers, security officers and for managers of corporations who must deal with the legal and procedural aspects of security clearances...

Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security

National Research Council Canada - National Science Library

Ganger, Gregory

2000-01-01

This report contains the technical content of a recent funding proposal. In it, we propose a new approach to network security in which each individual device erects its own security perimeter and defends its own critical resources...

Study on Mandatory Access Control in a Secure Database Management System

Institute of Scientific and Technical Information of China (English)

无

2001-01-01

This paper proposes a security policy model for mandatory access control in class B1 database management system whose level of labeling is tuple. The relation-hierarchical data model is extended to multilevel relation-hierarchical data model. Based on the multilevel relation-hierarchical data model, the concept of upper-lower layer relational integrity is presented after we analyze and eliminate the covert channels caused by the database integrity. Two SQL statements are extended to process polyinstantiation in the multilevel secure environment. The system is based on the multilevel relation-hierarchical data model and is capable of integratively storing and manipulating multilevel complicated objects (e. g., multilevel spatial data) and multilevel conventional data ( e. g., integer. real number and character string).

Managing security in an e-business environment

OpenAIRE

Davcev, Ljupco

2009-01-01

Technological developments over the past few years have made significant contributions to securing the Internet for e-business. Ensuring security for e-business information exchange is essential as it entails exchange of sensitive information. E-business transactions entail transfer of funds with buyers, sellers and business partners. Vulnerabilities and security incidents in the digital environment require an understanding of technology issues and security challenges for privacy and trust...

How to implement security controls for an information security program at CBRN facilities

International Nuclear Information System (INIS)

Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

2015-01-01

This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

How to implement security controls for an information security program at CBRN facilities

Energy Technology Data Exchange (ETDEWEB)

Lenaeus, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)

2015-12-01

This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

An Energy-Efficient Secure Routing and Key Management Scheme for Mobile Sinks in Wireless Sensor Networks Using Deployment Knowledge

Directory of Open Access Journals (Sweden)

Le Xuan Hung

2008-12-01

Full Text Available For many sensor network applications such as military or homeland security, it is essential for users (sinks to access the sensor network while they are moving. Sink mobility brings new challenges to secure routing in large-scale sensor networks. Previous studies on sink mobility have mainly focused on efficiency and effectiveness of data dissemination without security consideration. Also, studies and experiences have shown that considering security during design time is the best way to provide security for sensor network routing. This paper presents an energy-efficient secure routing and key management for mobile sinks in sensor networks, called SCODEplus. It is a significant extension of our previous study in five aspects: (1 Key management scheme and routing protocol are considered during design time to increase security and efficiency; (2 The network topology is organized in a hexagonal plane which supports more efficiency than previous square-grid topology; (3 The key management scheme can eliminate the impacts of node compromise attacks on links between non-compromised nodes; (4 Sensor node deployment is based on Gaussian distribution which is more realistic than uniform distribution; (5 No GPS or like is required to provide sensor node location information. Our security analysis demonstrates that the proposed scheme can defend against common attacks in sensor networks including node compromise attacks, replay attacks, selective forwarding attacks, sinkhole and wormhole, Sybil attacks, HELLO flood attacks. Both mathematical and simulation-based performance evaluation show that the SCODEplus significantly reduces the communication overhead, energy consumption, packet delivery latency while it always delivers more than 97 percent of packets successfully.

Security risk assessment and management in chemical plants : Challenges and new trends

NARCIS (Netherlands)

Khakzad Rostami, N.; Martinez, Imee Su; Kwon, Hyuk-Myun; Stewart, Constantine; Perera, Rohan; Reniers, G.L.L.M.E.

2017-01-01

he present study is to point out the outcomes of the Sem-inar on the Chemical Weapon Convention and Chemical Safety and Security Management for Member States in the Asia Region held by Organization for the Prohibition of Chemical Weapons in Doha, Qatar, in February 2017. The seminar was aimed at

Convergence of Corporate and Information Security

OpenAIRE

Syed; Rahman, M.; Donahue, Shannon E.

2010-01-01

As physical and information security boundaries have become increasingly blurry many organizations are experiencing challenges with how to effectively and efficiently manage security within the corporate. There is no current standard or best practice offered by the security community regarding convergence; however many organizations such as the Alliance for Enterprise Security Risk Management (AESRM) offer some excellent suggestions for integrating a converged security program. This paper rep...

Media rights and media security

Science.gov (United States)

Baugher, Mark

2005-03-01

Digital Rights Management (DRM) systems typically do not treat rights management as a security problem. DRM uses cryptographic techniques but not security relationships. Instead, DRM systems use "tamper-resistant mechanisms" to discourage unauthorized access to rights-managed content. Although proven ineffective in practice, tamper-resistant mechanisms penalize legitimate customers with added complexity and costs that arise from tamper-resisting data or program code. This paper explores how a security relationship between provider and consumer might be more effective for managing rights to content works on two-way networks.

INFORMATION SECURITY MANAGEMENT IN ORGANIZATIONS

OpenAIRE

Ndungu , Maryanne; Kandel, Sushila

2015-01-01

In today's globally interconnected economy, information security has become one of the most complex issues of concern at the world's leading organizations. The capital value of information is significantly increasing and forming a large part of the shareholder value due to increased dependence on information. Organizations that want to achieve competitive advantage amongst other goals have information security at the centre of their concerns. It is now evident that information is a busin...

Fault-tolerant and QoS based Network Layer for Security Management

Directory of Open Access Journals (Sweden)

Mohamed Naceur Abdelkrim

2013-07-01

Full Text Available Wireless sensor networks have profound effects on many application fields like security management which need an immediate, fast and energy efficient route. In this paper, we define a fault-tolerant and QoS based network layer for security management of chemical products warehouse which can be classified as real-time and mission critical application. This application generate routine data packets and alert packets caused by unusual events which need a high reliability, short end to end delay and low packet loss rate constraints. After each node compute his hop count and build his neighbors table in the initialization phase, packets can be routed to the sink. We use FELGossiping protocol for routine data packets and node-disjoint multipath routing protocol for alert packets. Furthermore, we utilize the information gathering phase of FELGossiping to update the neighbors table and detect the failed nodes, and we adapt the network topology changes by rerun the initialization phase when chemical units were added or removed from the warehouse. Analysis shows that the network layer is energy efficient and can meet the QoS constraints of unusual events packets.

Optimisation of the securities portfolio as a part of the risk management process

Directory of Open Access Journals (Sweden)

Srečko Devjak

2004-01-01

Full Text Available Securities of Slovene companies are listed at the Ljubljana Stock Exchange. Market capitalisation at the Ljubljana Stock Exchange has been growing since 1996 due to new listings of equities. On the basis of financial data time series for listed equities, the financial investor can calculate a risk for each individual security with a selected risk measure and can determine an optimal portfolio, subject to selected constraints. In this paper, we shall consequently determine an optimal portfolio of equities for the financial investor, investing his assets only in selected equities listed at the Ljubljana Stock Exchange. Selecting an appropriate risk measure is especially important for a commercial bank in a risk management process. Commercial banks can use internal models in the risk management process and for the purpose of capital charges as well. An optimal portfolio will be calculated, using a non-linear mathematical model.

45 CFR 2508.9 - What officials are responsible for the security, management and control of Corporation record...

Science.gov (United States)

2010-10-01

..., management and control of Corporation record keeping systems? 2508.9 Section 2508.9 Public Welfare... IMPLEMENTATION OF THE PRIVACY ACT OF 1974 § 2508.9 What officials are responsible for the security, management and control of Corporation record keeping systems? (a) The Director of Administration and Management...

Managing for Enterprise Security

National Research Council Canada - National Science Library

Caralli, Richard A; Allen, Julia H; Stevens, James F; Willke, Bradford J; Wilson, William R

2004-01-01

Security has become one of the most urgent issues for many organizations. It is an essential requirement for doing business in a globally networked economy and for achieving organizational goals and mission...

Controlling disasters: Local emergency management perceptions about Federal Emergency Management and Homeland Security actions after September 11, 2001.

Science.gov (United States)

Hildebrand, Sean

This article examines local emergency manager's beliefs regarding control over tasks during various stages of the hazard cycle since federal policies went into effect following the September 11 attacks. The study considers whether a disparity exists between the actions of local officials during each phase of the "hazard cycle" and the policy expectations of the federal government, which call for greater federal control over activities in emergency management and homeland security. To do so, hypothesis testing investigates the jurisdiction's use of comprehensive emergency management (CEM) practices, the perceived "clarity" of the federal policy demands, and if the local actors feel coerced to comply with federal policy demands so that grant funding is not compromised. Using a model developed from "third-generation" policy implementation research, the results show that the odds of local officials citing federal control over these actions have very limited statistical significance. This signals that the perceived lack of local input into the development of these federal policies and the policies' limited use of traditional CEM measures may not be in concert with what local actors perform in the field. Simply put, the respondents claim to understand the federal policy demands, support the concept of federal control as the policies describe, yet follow their own plans or traditional CEM principles, even if such actions do not support the federal policy demands. These results align with pre-existing research in the emergency management field that show issues with efforts to centralize policies under the Department of Homeland Security and Federal Emergency Management Agency.

Communicating Uncertainty about Climate Change for Application to Security Risk Management

Science.gov (United States)

Gulledge, J. M.

2011-12-01

The science of climate change has convincingly demonstrated that human activities, including the release of greenhouse gases, land-surface changes, particle emissions, and redistribution of water, are changing global and regional climates. Consequently, key institutions are now concerned about the potential social impacts of climate change. For example, the 2010 Quadrennial Defense Review Report from the U.S. Department of Defense states that "climate change, energy security, and economic stability are inextricably linked." Meanwhile, insured losses from climate and weather-related natural disasters have risen dramatically over the past thirty years. Although these losses stem largely from socioeconomic trends, insurers are concerned that climate change could exacerbate this trend and render certain types of climate risk non-diversifiable. Meanwhile, the climate science community-broadly defined as physical, biological, and social scientists focused on some aspect of climate change-remains largely focused scholarly activities that are valued in the academy but not especially useful to decision makers. On the other hand, climate scientists who engage in policy discussions have generally permitted vested interests who support or oppose climate policies to frame the discussion of climate science within the policy arena. Such discussions focus on whether scientific uncertainties are sufficiently resolved to justify policy and the vested interests overstate or understate key uncertainties to support their own agendas. Consequently, the scientific community has become absorbed defending scientific findings to the near exclusion of developing novel tools to aid in risk-based decision-making. For example, the Intergovernmental Panel on Climate Change (IPCC), established expressly for the purpose of informing governments, has largely been engaged in attempts to reduce unavoidable uncertainties rather than helping the world's governments define a science-based risk-management

Enhancing LoRaWAN Security through a Lightweight and Authenticated Key Management Approach.

Science.gov (United States)

Sanchez-Iborra, Ramon; Sánchez-Gómez, Jesús; Pérez, Salvador; Fernández, Pedro J; Santa, José; Hernández-Ramos, José L; Skarmeta, Antonio F

2018-06-05

Luckily, new communication technologies and protocols are nowadays designed considering security issues. A clear example of this can be found in the Internet of Things (IoT) field, a quite recent area where communication technologies such as ZigBee or IPv6 over Low power Wireless Personal Area Networks (6LoWPAN) already include security features to guarantee authentication, confidentiality and integrity. More recent technologies are Low-Power Wide-Area Networks (LP-WAN), which also consider security, but present initial approaches that can be further improved. An example of this can be found in Long Range (LoRa) and its layer-two supporter LoRa Wide Area Network (LoRaWAN), which include a security scheme based on pre-shared cryptographic material lacking flexibility when a key update is necessary. Because of this, in this work, we evaluate the security vulnerabilities of LoRaWAN in the area of key management and propose different alternative schemes. Concretely, the application of an approach based on the recently specified Ephemeral Diffie⁻Hellman Over COSE (EDHOC) is found as a convenient solution, given its flexibility in the update of session keys, its low computational cost and the limited message exchanges needed. A comparative conceptual analysis considering the overhead of different security schemes for LoRaWAN is carried out in order to evaluate their benefits in the challenging area of LP-WAN.

Managing the security of radioactive sources

International Nuclear Information System (INIS)

Cameron, R.

2003-01-01

The issue of security of radioactive sources had arisen as a result of incidents where people were unintentionally exposed in various parts of the world. However after 11 September 2001, the focus on security was intensified by concerns over those who might wish to use radioactive sources for malevolent purposes. This paper will discuss the questions of the type and nature of these concerns and outline a process for assessing the threat and then assigning security measures for sources. The paper is based on work done by the author while at the IAEA and published as part of IAEATecdoc-1355

Macro Security Methodology for Conducting Facility Security and Sustainability Assessments

International Nuclear Information System (INIS)

Herdes, Greg A.; Freier, Keith D.; Wright, Kyle A.

2007-01-01

Pacific Northwest National Laboratory (PNNL) has developed a macro security strategy that not only addresses traditional physical protection systems, but also focuses on sustainability as part of the security assessment and management process. This approach is designed to meet the needs of virtually any industry or environment requiring critical asset protection. PNNL has successfully demonstrated the utility of this macro security strategy through its support to the NNSA Office of Global Threat Reduction implementing security upgrades at international facilities possessing high activity radioactive sources that could be used in the assembly of a radiological dispersal device, commonly referred to as a 'dirty bomb'. Traditional vulnerability assessments provide a snap shot in time of the effectiveness of a physical protection system without significant consideration to the sustainability of the component elements that make up the system. This paper describes the approach and tools used to integrate technology, plans and procedures, training, and sustainability into a simple, quick, and easy-to-use security assessment and management tool.

Information Security Maturity as an Integral Part of ISMS based Risk Management Tools

NARCIS (Netherlands)

Fetler, Ben; Harpes, Carlo

2016-01-01

Measuring the continuous improvement of Information Security Management Systems (ISMS) is often neglected as most organizations do not know how to extract key-indicators that could be used for this purpose. The underlying work presents a six-level maturity model which can be fully integrated in a

Top management turnover and firm default risk: Evidence from the Chinese securities market

Directory of Open Access Journals (Sweden)

Wei Ting

2011-06-01

Full Text Available China has moved rapidly from a socialist planned economy to a market economy. As a result, many enterprises in China are seeking talented top management to increase their performance and decrease their default risk. Studies abound regarding top management turnover and its relationship with firm performance, however, few studies have connected top management turnover with firm default risk. In China, a market with extensive financial fraud, firm default risk is an important factor and thus we explore this relationship in the Chinese securities market. Our results indicate that firms with higher default risk are more likely to change their top management in the next financial reporting period. In addition, following changes in top management, such firms default less than other companies.

Top management turnover and firm default risk:Evidence from the Chinese securities market

Institute of Scientific and Technical Information of China (English)

Wei; Ting

2011-01-01

China has moved rapidly from a socialist planned economy to a market economy.As a result,many enterprises in China are seeking talented top management to increase their performance and decrease their default risk.Studies abound regarding top management turnover and its relationship with firm performance,however,few studies have connected top management turnover with firm default risk.In China,a market with extensive financial fraud,firm default risk is an important factor and thus we explore this relationship in the Chinese securities market.Our results indicate that firms with higher default risk are more likely to change their top management in the next financial reporting period.In addition,following changes in top management,such firms default less than other companies.

Information Security Maturity Model

OpenAIRE

Information Security Maturity Model

2011-01-01

To ensure security, it is important to build-in security in both the planning and the design phases andadapt a security architecture which makes sure that regular and security related tasks, are deployedcorrectly. Security requirements must be linked to the business goals. We identified four domains thataffect security at an organization namely, organization governance, organizational culture, thearchitecture of the systems, and service management. In order to identify and explore the strengt...

On the Importance of Safety and Security at Work for the Organizational Management

Directory of Open Access Journals (Sweden)

Jeanina Ciurea

2017-12-01

Full Text Available One of the most important aspects regarding human resource management in any organization should be the one concerning the safety and security at work of the employees. Unfortunately, this remains an insufficiently discussed issue, not only in literature, but also in practice. Articles in this field are not so numerous, while official reports indicate a high number of incidents that occur every year, in every country. The enterprises should focus much more on this aspect, but in many cases, the management lacks from this point of view, the policy regarding the safety and health of employees being kept at the lowest positions on the list of aspects that need immediate attention. The present paper tries to highlight the importance of the issue of safety and security at work, the first part consisting in a brief review of the literature in this field, while the second part presents statistical data available for the past years, both in Romania and Europe, regarding this problem.

Information security architecture an integrated approach to security in the organization

CERN Document Server

Killmeyer, Jan

2006-01-01

Information Security Architecture, Second Edition incorporates the knowledge developed during the past decade that has pushed the information security life cycle from infancy to a more mature, understandable, and manageable state. It simplifies security by providing clear and organized methods and by guiding you to the most effective resources available.

Securing Hadoop

CERN Document Server

Narayanan, Sudheesh

2013-01-01

This book is a step-by-step tutorial filled with practical examples which will focus mainly on the key security tools and implementation techniques of Hadoop security.This book is great for Hadoop practitioners (solution architects, Hadoop administrators, developers, and Hadoop project managers) who are looking to get a good grounding in what Kerberos is all about and who wish to learn how to implement end-to-end Hadoop security within an enterprise setup. It's assumed that you will have some basic understanding of Hadoop as well as be familiar with some basic security concepts.

ITIL{sup ®} and information security

Energy Technology Data Exchange (ETDEWEB)

Jašek, Roman; Králík, Lukáš; Popelka, Miroslav [Tomas Bata University in Zlin, Faculty of Applied Informatics NadStranemi 4511, 760 05 Zlin (Czech Republic)

2015-03-10

This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework.

Core software security security at the source

CERN Document Server

Ransome, James

2013-01-01

First and foremost, Ransome and Misra have made an engaging book that will empower readers in both large and small software development and engineering organizations to build security into their products. This book clarifies to executives the decisions to be made on software security and then provides guidance to managers and developers on process and procedure. Readers are armed with firm solutions for the fight against cyber threats.-Dr. Dena Haritos Tsamitis. Carnegie Mellon UniversityIn the wake of cloud computing and mobile apps, the issue of software security has never been more importan

Experience feedback committee in emergency medicine: a tool for security management.

Science.gov (United States)

Lecoanet, André; Sellier, Elodie; Carpentier, Françoise; Maignan, Maxime; Seigneurin, Arnaud; François, Patrice

2014-11-01

Emergency departments are high-risk structures. The objective was to analyse the functioning of an experience feedback committee (EFC), a security management tool for the analysis of incidents in a medical department. We conducted a descriptive study based on the analysis of the written documents produced by the EFC between November 2009 and May 2012. We performed a double analysis of all incident reports, meeting minutes and analysis reports. During the study period, there were 22 meetings attended by 15 professionals. 471 reported incidents were transmitted to the EFC. Most of them (95%) had no consequence for the patients. Only one reported incident led to the patient's death. 12 incidents were analysed thoroughly and the committee decided to set up 14 corrective actions, including eight guideline writing actions, two staff trainings, two resource materials provisions and two organisational changes. The staff took part actively in the EFC. Following the analysis of incidents, the EFC was able to set up actions at the departmental level. Thus, an EFC seems to be an appropriate security management tool for an emergency department. Published by the BMJ Publishing Group Limited. For permission to use (where not already granted under a licence) please go to http://group.bmj.com/group/rights-licensing/permissions.

Implementing Information Security Management System as a part of business processes : Where to gain competitive advantage for ISMS?

OpenAIRE

Flyktman, Jari

2016-01-01

The Idea and background to the study subject lies in the interest in security, leadership and organizational development. The research question was how to provide best practices to fit these all together in harmony. The objective was to help small and medium sized organizations to understand the multifaceted nature of cybersecurity and requirements for successful implementation of information security management system (ISMS). ISMS help companies to form the needed security structures in pra...

Enhancing LoRaWAN Security through a Lightweight and Authenticated Key Management Approach

Directory of Open Access Journals (Sweden)

Ramon Sanchez-Iborra

2018-06-01

Full Text Available Luckily, new communication technologies and protocols are nowadays designed considering security issues. A clear example of this can be found in the Internet of Things (IoT field, a quite recent area where communication technologies such as ZigBee or IPv6 over Low power Wireless Personal Area Networks (6LoWPAN already include security features to guarantee authentication, confidentiality and integrity. More recent technologies are Low-Power Wide-Area Networks (LP-WAN, which also consider security, but present initial approaches that can be further improved. An example of this can be found in Long Range (LoRa and its layer-two supporter LoRa Wide Area Network (LoRaWAN, which include a security scheme based on pre-shared cryptographic material lacking flexibility when a key update is necessary. Because of this, in this work, we evaluate the security vulnerabilities of LoRaWAN in the area of key management and propose different alternative schemes. Concretely, the application of an approach based on the recently specified Ephemeral Diffie–Hellman Over COSE (EDHOC is found as a convenient solution, given its flexibility in the update of session keys, its low computational cost and the limited message exchanges needed. A comparative conceptual analysis considering the overhead of different security schemes for LoRaWAN is carried out in order to evaluate their benefits in the challenging area of LP-WAN.

Security Research on Engineering Database System

Institute of Scientific and Technical Information of China (English)

无

2002-01-01

Engine engineering database system is an oriented C AD applied database management system that has the capability managing distributed data. The paper discusses the security issue of the engine engineering database management system (EDBMS). Through studying and analyzing the database security, to draw a series of securi ty rules, which reach B1, level security standard. Which includes discretionary access control (DAC), mandatory access control (MAC) and audit. The EDBMS implem ents functions of DAC, ...

Security Vulnerability and Patch Management in Electric Utilities: A Data-Driven Analysis

Energy Technology Data Exchange (ETDEWEB)

Li, Qinghua [Univ. of Arkansas, Fayetteville, AR (United States); Zhang, Fengli [Univ. of Arkansas, Fayetteville, AR (United States)

2018-01-18

This paper explores a real security vulnerability and patch management dataset from an electric utility in order to shed light on characteristics of the vulnerabilities that electric utility assets have and how they are remediated in practice. Specifically, it first analyzes the distribution of vulnerabilities over software, assets, and other metric. Then it analyzes how vulnerability features affect remediate actions.

Security Analysis of the Electronic Management System for a Total Site Utility System

DEFF Research Database (Denmark)

Manso Cortes, Oscar

2016-01-01

This paper presents the Security Analysis of the Electronic Management System (EMS) of a Total Site Utility System as proposed under the scope of the Efenis project. The Efenis project has been funded by the European Commission via the seventh framework programme (EC FP7) with the aim to improve ...

Perceptions of rewards as a motivator amongst managers at a furniture retail company

OpenAIRE

2013-01-01

M. Com. (Business Management) Managers are increasingly expressing their anxiety about their future security, and are more concerned than ever about their job security and a stable set of rewards. This concern has been triggered by the employers who are having to make increasingly difficult decisions about their workforce compensation and its relationship to performance. There is a general perception that organisations use ‘one size fits all’, type of rewards to motivate their managers. Th...

Whither probabilistic security management for real-time operation of power systems ?

OpenAIRE

Karangelos, Efthymios; Panciatici, Patrick; Wehenkel, Louis

2016-01-01

This paper investigates the stakes of introducing probabilistic approaches for the management of power system’s security. In real-time operation, the aim is to arbitrate in a rational way between preventive and corrective control, while taking into account i) the prior probabilities of contingencies, ii) the possible failure modes of corrective control actions, iii) the socio-economic consequences of service interruptions. This work is a first step towards the construction of a globally co...

Global water risks and national security: Building resilience (Invited)

Science.gov (United States)

Pulwarty, R. S.

2013-12-01

The UN defines water security as the capacity of a population to safeguard sustainable access to adequate quantities of acceptable quality water for sustaining livelihoods, human well-being, and socio-economic development, for ensuring protection against water-borne pollution and water-related disasters, and for preserving ecosystems in a climate of peace and political stability. This definition highlights complex and interconnected challenges and underscores the centrality of water for environmental services and human aactivities. Global risks are expressed at the national level. The 2010 Quadrennial Defense Review and the 2010 National Security Strategy identify climate change as likely to trigger outcomes that will threaten U.S. security including how freshwater resources can become a security issue. Impacts will be felt on the National Security interest through water, food and energy security, and critical infrastructure. This recognition focuses the need to consider the rates of change in climate extremes, in the context of more traditional political, economic, and social indicators that inform security analyses. There is a long-standing academic debate over the extent to which resource constraints and environmental challenges lead to inter-state conflict. It is generally recognized that water resources as a security issue to date exists mainly at the substate level and has not led to physical conflict between nation states. In conflict and disaster zones, threats to water security increase through inequitable and difficult access to water supply and related services, which may aggravate existing social fragility, tensions, violence, and conflict. This paper will (1) Outline the dimensions of water security and its links to national security (2) Analyze water footprints and management risks for key basins in the US and around the world, (3) map the link between global water security and national concerns, drawing lessons from the drought of 2012 and elsewhere

Wireless LAN security management with location detection capability in hospitals.

Science.gov (United States)

Tanaka, K; Atarashi, H; Yamaguchi, I; Watanabe, H; Yamamoto, R; Ohe, K

2012-01-01

In medical institutions, unauthorized access points and terminals obstruct the stable operation of a large-scale wireless local area network (LAN) system. By establishing a real-time monitoring method to detect such unauthorized wireless devices, we can improve the efficiency of security management. We detected unauthorized wireless devices by using a centralized wireless LAN system and a location detection system at 370 access points at the University of Tokyo Hospital. By storing the detected radio signal strength and location information in a database, we evaluated the risk level from the detection history. We also evaluated the location detection performance in our hospital ward using Wi-Fi tags. The presence of electric waves outside the hospital and those emitted from portable game machines with wireless communication capability was confirmed from the detection result. The location detection performance showed an error margin of approximately 4 m in detection accuracy and approximately 5% in false detection. Therefore, it was effective to consider the radio signal strength as both an index of likelihood at the detection location and an index for the level of risk. We determined the location of wireless devices with high accuracy by filtering the detection results on the basis of radio signal strength and detection history. Results of this study showed that it would be effective to use the developed location database containing radio signal strength and detection history for security management of wireless LAN systems and more general-purpose location detection applications.

The DISAM Journal of International Security Assistance Management. Volume 23, Number 1, Fall 2000

Science.gov (United States)

2000-01-01

Security Assistance Command Figure 1 The USASAC, including OPM-SANG, is staffed by 621 men and women , of whom 104 are military. These professionals are...by program managers. These program managers are like “front-line entreprenuers ” delivering products and services to their customers. They have been...NATO history was to be commanded by a Polish general in June 1988. The brigade of some 3000 men and women was composed of five national battalions

A Distributed Energy-Aware Trust Management System for Secure Routing in Wireless Sensor Networks

Science.gov (United States)

Stelios, Yannis; Papayanoulas, Nikos; Trakadas, Panagiotis; Maniatis, Sotiris; Leligou, Helen C.; Zahariadis, Theodore

Wireless sensor networks are inherently vulnerable to security attacks, due to their wireless operation. The situation is further aggravated because they operate in an infrastructure-less environment, which mandates the cooperation among nodes for all networking tasks, including routing, i.e. all nodes act as “routers”, forwarding the packets generated by their neighbours in their way to the sink node. This implies that malicious nodes (denying their cooperation) can significantly affect the network operation. Trust management schemes provide a powerful tool for the detection of unexpected node behaviours (either faulty or malicious). Once misbehaving nodes are detected, their neighbours can use this information to avoid cooperating with them either for data forwarding, data aggregation or any other cooperative function. We propose a secure routing solution based on a novel distributed trust management system, which allows for fast detection of a wide set of attacks and also incorporates energy awareness.

Android security cookbook

CERN Document Server

Makan, Keith

2013-01-01

Android Security Cookbook' breaks down and enumerates the processes used to exploit and remediate Android app security vulnerabilities in the form of detailed recipes and walkthroughs.""Android Security Cookbook"" is aimed at anyone who is curious about Android app security and wants to be able to take the necessary practical measures to protect themselves; this means that Android application developers, security researchers and analysts, penetration testers, and generally any CIO, CTO, or IT managers facing the impeding onslaught of mobile devices in the business environment will benefit from

Improvement of economic security management system of municipalities with account of transportation system development: methods of assessment

Science.gov (United States)

Khe Sun, Pak; Vorona-Slivinskaya, Lubov; Voskresenskay, Elena

2017-10-01

The article highlights the necessity of a complex approach to assess economic security of municipalities, which would consider municipal management specifics. The approach allows comparing the economic security level of municipalities, but it does not describe parameter differences between compared municipalities. Therefore, there is a second method suggested: parameter rank order method. Applying these methods allowed to figure out the leaders and outsiders of the economic security among municipalities and rank all economic security parameters according to the significance level. Complex assessment of the economic security of municipalities, based on the combination of the two approaches, allowed to assess the security level more accurate. In order to assure economic security and equalize its threshold values, one should pay special attention to transportation system development in municipalities. Strategic aims of projects in the area of transportation infrastructure development in municipalities include the following issues: contribution into creating and elaborating transportation logistics and manufacture transport complexes, development of transportation infrastructure with account of internal and external functions of the region, public transport development, improvement of transport security and reducing its negative influence on the environment.

Report: EPA Should Improve Management Practices and Security Controls for Its Network Directory Service System and Related Servers

Science.gov (United States)

Report #12-P-0836, September 20, 2012. EPA's OEI is not managing key system management documentation, system administration functions, the granting and monitoring of privileged accounts, and the application of security controls associated with its DSS.

A Multilayer Secure Biomedical Data Management System for Remotely Managing a Very Large Number of Diverse Personal Healthcare Devices

Directory of Open Access Journals (Sweden)

KeeHyun Park

2015-01-01

Full Text Available In this paper, a multilayer secure biomedical data management system for managing a very large number of diverse personal health devices is proposed. The system has the following characteristics: the system supports international standard communication protocols to achieve interoperability. The system is integrated in the sense that both a PHD communication system and a remote PHD management system work together as a single system. Finally, the system proposed in this paper provides user/message authentication processes to securely transmit biomedical data measured by PHDs based on the concept of a biomedical signature. Some experiments, including the stress test, have been conducted to show that the system proposed/constructed in this study performs very well even when a very large number of PHDs are used. For a stress test, up to 1,200 threads are made to represent the same number of PHD agents. The loss ratio of the ISO/IEEE 11073 messages in the normal system is as high as 14% when 1,200 PHD agents are connected. On the other hand, no message loss occurs in the multilayered system proposed in this study, which demonstrates the superiority of the multilayered system to the normal system with regard to heavy traffic.

Hybrid Security Policies

Directory of Open Access Journals (Sweden)

Radu CONSTANTINESCU

2006-01-01

Full Text Available Policy is defined as the rules and regulations set by the organization. They are laid down by management in compliance with industry regulations, law and internal decisions. Policies are mandatory. Security policies rules how the information is protected against security vulnerabilities and they are the basis for security awareness, training and vital for security audits. Policies are focused on desired results. The means of achieving the goals are defined on controls, standards and procedures.

The Societal Security Standardization Promotes Social Management Sdentification——Interview with Wang Zhongmin, President of CNIS

Institute of Scientific and Technical Information of China (English)

2012-01-01

China Standardization:In February 2011,President Hu Jintao gave an important speech on the opening ceremony of the seminar of social management and its innovation for provincial and ministerial level leaders,stressing that the scientific level of social management must be raised and building a social management system with Chinese socialism charactetistics.Would you please talk about the role of the societal security standardization in improving the scientific social manageraent?

Laboratory Information Management System Chain of Custody: Reliability and Security

Science.gov (United States)

Tomlinson, J. J.; Elliott-Smith, W.; Radosta, T.

2006-01-01

A chain of custody (COC) is required in many laboratories that handle forensics, drugs of abuse, environmental, clinical, and DNA testing, as well as other laboratories that want to assure reliability of reported results. Maintaining a dependable COC can be laborious, but with the recent establishment of the criteria for electronic records and signatures by US regulatory agencies, laboratory information management systems (LIMSs) are now being developed to fully automate COCs. The extent of automation and of data reliability can vary, and FDA- and EPA-compliant electronic signatures and system security are rare. PMID:17671623

Security controls in a Cullinet database environment

International Nuclear Information System (INIS)

Thompson, R.E.

1988-01-01

Security controls using Cullinet's Integrated Data Management System (IDMS) are examined. IDMS software integrity problems, with emphasis on security package interfaces, are disclosed. Solutions applied at Sandia Laboratories Engineering Information Management computing facilty are presented. An overall IDMS computer security philosophy is reviewed

5 CFR 9701.508 - Homeland Security Labor Relations Board.

Science.gov (United States)

2010-01-01

... MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations § 9701.508 Homeland Security Labor... impression or a major policy. (2) In cases where the full HSLRB acts, a vote of the majority of the HSLRB (or...

Privacy and Security Research Group workshop on network and distributed system security: Proceedings

Energy Technology Data Exchange (ETDEWEB)

1993-05-01

This report contains papers on the following topics: NREN Security Issues: Policies and Technologies; Layer Wars: Protect the Internet with Network Layer Security; Electronic Commission Management; Workflow 2000 - Electronic Document Authorization in Practice; Security Issues of a UNIX PEM Implementation; Implementing Privacy Enhanced Mail on VMS; Distributed Public Key Certificate Management; Protecting the Integrity of Privacy-enhanced Electronic Mail; Practical Authorization in Large Heterogeneous Distributed Systems; Security Issues in the Truffles File System; Issues surrounding the use of Cryptographic Algorithms and Smart Card Applications; Smart Card Augmentation of Kerberos; and An Overview of the Advanced Smart Card Access Control System. Selected papers were processed separately for inclusion in the Energy Science and Technology Database.

Security research roadmap; Security-tutkimuksen roadmap

Energy Technology Data Exchange (ETDEWEB)

Naumanen, M.; Rouhiainen, V. (eds.)

2006-02-15

security products and technologies needed are, for example, management of total security, detection, identification, localisation and communication, protection of information networks and systems, and physical protection. This report presents in more detail the knowledge and development needs as well as future development potentials seen in the security area. (orig.)

Secure or Insure: An Economic Analysis of Security Interdependencies and Investment Types

Science.gov (United States)

Grossklags, Jens

2009-01-01

Computer users express a strong desire to prevent attacks, and to reduce the losses from computer and information security breaches. However, despite the widespread availability of various technologies, actual investments in security remain highly variable across the Internet population. As a result, attacks such as distributed denial-of-service…

Leveraging Service Oriented Architecture to Enhance Information Sharing for Surface Transportation Security

Science.gov (United States)

2008-09-01

Fire and Emergency Management Services, Suffolk County Sheriff’s Department, the U.S. Attorney’s Office, the Bureau of Alcohol, Tobacco and Firearms...mass transit services. These include express and regular bus service, a downtown Skyway monorail , a trolley service and the Stadium Shuttle for various...safety related incidents rather than security, including transportation disruptions due to derailments, accidents, fires , hazardous materials spills

Network and Database Security: Regulatory Compliance, Network, and Database Security - A Unified Process and Goal

Directory of Open Access Journals (Sweden)

Errol A. Blake

2007-12-01

Full Text Available Database security has evolved; data security professionals have developed numerous techniques and approaches to assure data confidentiality, integrity, and availability. This paper will show that the Traditional Database Security, which has focused primarily on creating user accounts and managing user privileges to database objects are not enough to protect data confidentiality, integrity, and availability. This paper is a compilation of different journals, articles and classroom discussions will focus on unifying the process of securing data or information whether it is in use, in storage or being transmitted. Promoting a change in Database Curriculum Development trends may also play a role in helping secure databases. This paper will take the approach that if one make a conscientious effort to unifying the Database Security process, which includes Database Management System (DBMS selection process, following regulatory compliances, analyzing and learning from the mistakes of others, Implementing Networking Security Technologies, and Securing the Database, may prevent database breach.

Risk Based Security Management at Research Reactors

Energy Technology Data Exchange (ETDEWEB)

Ek, David R. [Sandia National Laboratories (SNL-NM), Albuquerque, NM (United States)

2015-09-01

This presentation provides a background of what led to the international emphasis on nuclear security and describes how nuclear security is effectively implemented so as to preserve the societal benefits of nuclear and radioactive materials.

Securing cloud services a pragmatic approach to security architecture in the cloud

CERN Document Server

Newcombe, Lee

2012-01-01

This book provides an overview of security architecture processes and explains how they may be used to derive an appropriate set of security controls to manage the risks associated with working in the Cloud.

Managing nutrient for both food security and environmental sustainability in China: an experiment for the world

Directory of Open Access Journals (Sweden)

Fusuo ZHANG, Zhenling CUI, Weifeng ZHANG

2014-02-01

Full Text Available The challenges of how to simultaneously ensure global food security, improve nitrogen use efficiency (NUE and protect the environment have received increasing attention. However, the dominant agricultural paradigm still considers high yield and reducing environmental impacts to be in conflict with one another. Here we examine a Three-Step-Strategy of past 20 years to produce more with less in China, showing that tremendous progress has been made to reduce N fertilizer input without sacrificing crop yield. The first step is to use technology for in-season root-zone nutrient management to significantly increase NUE. The second is to use technology for integrated nutrient management to increase both yield and NUE by 15%—20%. The third step is to use technology for integrated soil-crop system management to increase yield and NUE by 30%—50% simultaneously. These advances can thus be considered an effective agricultural paradigm to ensure food security, while increasing NUE and improving environmental quality.

Grid Security

CERN Multimedia

CERN. Geneva

2004-01-01

The aim of Grid computing is to enable the easy and open sharing of resources between large and highly distributed communities of scientists and institutes across many independent administrative domains. Convincing site security officers and computer centre managers to allow this to happen in view of today's ever-increasing Internet security problems is a major challenge. Convincing users and application developers to take security seriously is equally difficult. This paper will describe the main Grid security issues, both in terms of technology and policy, that have been tackled over recent years in LCG and related Grid projects. Achievements to date will be described and opportunities for future improvements will be addressed.

Secure Key Management in the Cloud

DEFF Research Database (Denmark)

Damgård, Ivan Bjerre; Jakobsen, Thomas Pelle; Nielsen, Jesper Buus

2013-01-01

information such as cryptographic keys. Applications like this include many cases where secure multiparty computation is outsourced to the cloud, and in particular a number of online auctions and benchmark computations with confidential inputs. We consider fully autonomous servers that switch between online......We consider applications involving a number of servers in the cloud that go through a sequence of online periods where the servers communicate, separated by offline periods where the servers are idle. During the offline periods, we assume that the servers need to securely store sensitive...... and offline periods without communicating with anyone from outside the cloud, and semi-autonomous servers that need a limited kind of assistance from outside the cloud when doing the transition. We study the levels of security one can – and cannot – obtain in this model, propose light-weight protocols...

DOT Cyber Security Assessment Management -

Data.gov (United States)

Department of Transportation — This data set contains information about the security and compliance status of FISMA systems within the Department. The information contains detailed descriptions of...

The Effectiveness of an Electronic Security Management System in a Privately Owned Apartment Complex

Science.gov (United States)

Greenberg, David F.; Roush, Jeffrey B.

2009-01-01

Poisson and negative binomial regression methods are used to analyze the monthly time series data to determine the effects of introducing an integrated security management system including closed-circuit television (CCTV), door alarm monitoring, proximity card access, and emergency call boxes to a large privately-owned complex of apartment…

Management of the Interface between Nuclear Safety and Security for Research Reactors

International Nuclear Information System (INIS)

2016-08-01

The aim of this publication is to provide technical guidelines and practical information to assist Member States, operating organizations and regulatory bodies, on the basis of international good practices, and to manage the interface between nuclear safety and security at research reactor facilities in an integrated and coordinated manner. The publication was developed based on input from IAEA technical and consultants' meetings held between 2013 and 2015

Security Mechanism Based on Hospital Authentication Server for Secure Application of Implantable Medical Devices

Science.gov (United States)

2014-01-01

After two recent security attacks against implantable medical devices (IMDs) have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient's life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician's treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance. PMID:25276797

Security mechanism based on Hospital Authentication Server for secure application of implantable medical devices.

Science.gov (United States)

Park, Chang-Seop

2014-01-01

After two recent security attacks against implantable medical devices (IMDs) have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient's life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician's treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance.

Security and policy driven computing

CERN Document Server

Liu, Lei

2010-01-01

Security and Policy Driven Computing covers recent advances in security, storage, parallelization, and computing as well as applications. The author incorporates a wealth of analysis, including studies on intrusion detection and key management, computer storage policy, and transactional management.The book first describes multiple variables and index structure derivation for high dimensional data distribution and applies numeric methods to proposed search methods. It also focuses on discovering relations, logic, and knowledge for policy management. To manage performance, the text discusses con

Windows Security patch required

CERN Multimedia

3004-01-01

This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables,... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

Competition, Speculative Risks, and IT Security Outsourcing

Science.gov (United States)

Cezar, Asunur; Cavusoglu, Huseyin; Raghunathan, Srinivasan

Information security management is becoming a more critical and, simultaneously, a challenging function for many firms. Even though many security managers are skeptical about outsourcing of IT security, others have cited reasons that are used for outsourcing of traditional IT functions for why security outsourcing is likely to increase. Our research offers a novel explanation, based on competitive externalities associated with IT security, for firms' decisions to outsource IT security. We show that if competitive externalities are ignored, then a firm will outsource security if and only if the MSSP offers a quality (or a cost) advantage over in-house operations, which is consistent with the traditional explanation for security outsourcing. However, a higher quality is neither a prerequisite nor a guarantee for a firm to outsource security. The competitive risk environment and the nature of the security function outsourced, in addition to quality, determine firms' outsourcing decisions. If the reward from the competitor's breach is higher than the loss from own breach, then even if the likelihood of a breach is higher under the MSSP the expected benefit from the competitive demand externality may offset the loss from the higher likelihood of breaches, resulting in one or both firms outsourcing security. The incentive to outsource security monitoring is higher than that of infrastructure management because the MSSP can reduce the likelihood of breach on both firms and thus enhance the demand externality effect. The incentive to outsource security monitoring (infrastructure management) is higher (lower) if either the likelihood of breach on both firms is lower (higher) when security is outsourced or the benefit (relative to loss) from the externality is higher (lower). The benefit from the demand externality arising out of a security breach is higher when more of the customers that leave the breached firm switch to the non-breached firm.

Information security and business continuity in Tecnatom

International Nuclear Information System (INIS)

Fernandez de Miguel, C.

2013-01-01

Information security is a key issue for companies that manage and process nuclear business related data. Availability of information systems as well as new data exchange facilities through simple and broad communication networks are the pillars of cooperation between different organizations, generating significant savings in costs and expanding the capacity to minimeze them. In this regard, information security is one of the major challenges for IT departments. This articles presents Tecnatoms experience in the Information Security Management Implementation project. Over several years, since 2004, the information security management has been developed and consolidated as an ongoing and horizontal process. (Author)

Water availability and management for food security

Science.gov (United States)

Food security is directly linked to water security for food production. Water availability for crop production will be dependent upon precipitation or irrigation, soil water holding capacity, and crop water demand. The linkages among these components in rainfed agricultural systems shows the impact ...

22 CFR 8.7 - Security.

Science.gov (United States)

2010-04-01

... 22 Foreign Relations 1 2010-04-01 2010-04-01 false Security. 8.7 Section 8.7 Foreign Relations DEPARTMENT OF STATE GENERAL ADVISORY COMMITTEE MANAGEMENT § 8.7 Security. (a) All officers and members of a committee must have a security clearance for the subject matter level of security at which the committee...

Critical Success Factors for an Effective Security Risk Management Program in an Organization: An Exploratory Case Study

Science.gov (United States)

Zafar, Humayun

2010-01-01

This study investigates differences in perception between layers of management (executive, middle, and lower) and staff with regard to the influence of critical success factors (CSFs) on security risk management (SRM) effectiveness. This is an in-depth case study conducted at a Fortune 500 company. Rockart's (1979) CSF method is modified through…

FS-OpenSecurity: A Taxonomic Modeling of Security Threats in SDN for Future Sustainable Computing

Directory of Open Access Journals (Sweden)

Yunsick Sung

2016-09-01

Full Text Available Software Defined Networking (SDN has brought many changes in terms of the interaction processes between systems and humans. It has become the key enabler of software defined architecture, which allows enterprises to build a highly agile Information Technology (IT infrastructure. For Future Sustainability Computing (FSC, SDN needs to deliver on many information technology commitments—more automation, simplified design, increased agility, policy-based management, and network management bond to more liberal IT workflow systems. To address the sustainability problems, SDN needs to provide greater collaboration and tighter integration with networks, servers, and security teams that will have an impact on how enterprises design, plan, deploy and manage networks. In this paper, we propose FS-OpenSecurity, which is a new and pragmatic security architecture model. It consists of two novel methodologies, Software Defined Orchestrator (SDO and SQUEAK, which offer a robust and secure architecture. The secure architecture is required for protection from diverse threats. Usually, security administrators need to handle each threat individually. However, handling threats automatically by adapting to the threat landscape is a critical demand. Therefore, the architecture must handle defensive processes automatically that are collaboratively based on intelligent external and internal information.

Junos Security

CERN Document Server

Cameron, Rob; Giecco, Patricio; Eberhard, Timothy; Quinn, James

2010-01-01

Junos® Security is the complete and authorized introduction to the new Juniper Networks SRX hardware series. This book not only provides a practical, hands-on field guide to deploying, configuring, and operating SRX, it also serves as a reference to help you prepare for any of the Junos Security Certification examinations offered by Juniper Networks. Network administrators and security professionals will learn how to use SRX Junos services gateways to address an array of enterprise data network requirements -- including IP routing, intrusion detection, attack mitigation, unified threat manag

6th Annual Homeland Security and Defense Education Summit, Developing an Adaptive Homeland Security Environment

OpenAIRE

2013-01-01

6th Annual Homeland Security and Defense Education Summit Developing an Adaptive Homeland Security Environment, Burlington, MA, September 26-28, 2013 2013 Summit Agenda Naval Postgraduate School Center for Homeland Defense and Security In Partnership With Northeastern University, Department of Homeland Security, Federal Emergency Management Agency, National Guard Homeland Security Institute, National Homeland Defense Foundation Naval Postgraduate School Center for Homeland Defense and S...

Incorporating Security Quality Requirements Engineering (SQUARE) into Standard Life-Cycle Models

National Research Council Canada - National Science Library

Mead, Nancy R; Viswanathan, Venkatesh; Padmanabhan, Deepa; Raveendran, Anusha

2008-01-01

...). This report is for information technology managers and security professionals, management personnel with technical and information security knowledge, and any personnel who manage security-critical...

Notes on risks analysis and security management in a hospital organization: a case study in a city of Rio de Janeiro

Directory of Open Access Journals (Sweden)

Priscila Carneiro Hamada

2016-04-01

Full Text Available This study aimed to analyze the processes of security management in a hospital in a big city at Rio de Janeiro’s State. The research method used was case study, strategy chosen by include both direct observation as a series of interviews. The obtained results allowed to highlight the importance of security management in a hospital, educate employees, assess risk scenarios, control the logistics flows of patients and contaminated products and waste.

Securing Metering Infrastructure of Smart Grid: A Machine Learning and Localization Based Key Management Approach

Directory of Open Access Journals (Sweden)

Imtiaz Parvez

2016-08-01

Full Text Available In smart cities, advanced metering infrastructure (AMI of the smart grid facilitates automated metering, control and monitoring of power distribution by employing a wireless network. Due to this wireless nature of communication, there exist potential threats to the data privacy in AMI. Decoding the energy consumption reading, injecting false data/command signals and jamming the networks are some hazardous measures against this technology. Since a smart meter possesses limited memory and computational capability, AMI demands a light, but robust security scheme. In this paper, we propose a localization-based key management system for meter data encryption. Data are encrypted by the key associated with the coordinate of the meter and a random key index. The encryption keys are managed and distributed by a trusted third party (TTP. Localization of the meter is proposed by a method based on received signal strength (RSS using the maximum likelihood estimator (MLE. The received packets are decrypted at the control center with the key mapped with the key index and the meter’s coordinates. Additionally, we propose the k-nearest neighbors (kNN algorithm for node/meter authentication, capitalizing further on data transmission security. Finally, we evaluate the security strength of a data packet numerically for our method.

Outsourcing information security

CERN Document Server

Axelrod, Warren

2004-01-01

This comprehensive and timely resource examines security risks related to IT outsourcing, clearly showing you how to recognize, evaluate, minimize, and manage these risks. Unique in its scope, this single volume offers you complete coverage of the whole range of IT security services and fully treats the IT security concerns of outsourcing. The book helps you deepen your knowledge of the tangible and intangible costs and benefits associated with outsourcing IT and IS functions.

Methodology for Management of Information Security in Industrial Control Systems: A Proof of Concept aligned with Enterprise Objectives.

Directory of Open Access Journals (Sweden)

Fabian Bustamante

2017-04-01

Full Text Available This article is an extended version of the study presented at the IEEE Ecuador Technical Chapters Meeting (ETCM-2016. At that time, a methodological proposal was designed, implemented, and applied in a group of industrial plants for the management of the information security of the Industrial control systems (ICS. The present study displays an adaptation and improvement of such methodology with the purpose of aligning the proposal for the effective management of information security with the strategic objectives. The development of this study has been divided into three distinctive phases. Firstly, we induced the articulation of PMI-PMBOK v5 and ITIL v3 both for the management of the project and for the verification of risks in the IT services. Second, we applied a set of risk mitigation strategies based on international standards as NIST 800-82 and 800-30. Thirdly, we assembled the two mentioned phases in a Guide for standards-based instructions and security policies, which previously have been encouraged on NIST 800-82, 800-53 and 800-12. Hereby, we observed the reduction of incidents of information security, the correct delimitation of the functions of the direct responsible of the ICS and the improvement of the communication between the operative and technical areas of the involved companies. The results demonstrate the functionality of these improvements, especially in the context of the availability and integrity of information, which generates an added value to the enterprise.

Notification: Audit of the U.S. EPA's Compliance with the Federal Information Security Management Act (FISMA)

Science.gov (United States)

Project #OA-FY13-0280, May 9, 2013. The Office of Inspector General plans to begin fieldwork for an audit of the U.S. Environmental Protection Agency’s compliance with the Federal Information Security Management Act.

Secure data management : 6th VLDB workshop, SDM 2009 Lyon, France, August 28, 2009 : proceedings

NARCIS (Netherlands)

Jonker, W.; Petkovic, M.

2009-01-01

Preface. The new emerging technologies put new requirements on security and data management. As data are accessible anytime anywhere, it becomes much easier to get unauthorized data access. Furthermore, the use of new technologies has brought some privacy concerns. It becomes simpler to collect,

A simple security architecture for smart water management system

CSIR Research Space (South Africa)

Ntuli, N

2016-05-01

Full Text Available . Secure booting prevents installation of malicious code onto the device. By making sure that the booting process is secured, we can establish securely the root of trust for the device. Public key cryptography is utilized at this stage. During... Architecture 1168 Nonhlanhla Ntuli and Adnan Abu-Mahfouz / Procedia Computer Science 83 ( 2016 ) 1164 – 1169 3.2. Secure Communication While public key cryptography can be used in the first step (secure booting), it would be too heavy to use during...

A Security Assessment Approach with Graded Importance Score of Security Controls and Asset Consequence for I and C Systems in Operating NPPs

Energy Technology Data Exchange (ETDEWEB)

Lee, Sooill; Kim, Yong Sik; Moon, Insun; Lee, Euijong [KHNP CRI, Daejeon (Korea, Republic of)

2016-10-15

This paper introduces a security assessment approach with graded importance score of security controls and the asset consequence through an asset and risk analysis to manage the security levels in operating NPPs (Nuclear Power Plants). Whereas, those are being exposed to various types of new and existing cyber threats, vulnerabilities and risks which significantly increase the likelihood that those could be compromised. U.S. NRC(United States Nuclear Regulatory Commission) and KINAC(Korea Institute of Nuclear Nonproliferation And Control) request the cyber security plan by establishing the cyber security program through assessing and managing the potential for adverse effect on safety, security and emergency preparedness functions so as to provide high assurance that critical functions are properly protected from the cyber-attack. This paper shows the security assessment approach with graded importance score of security controls and the asset consequence. It could lead to manage the security levels consistent with the purpose of defense in- depth strategy based on regulatory rule as well as internal risk-based self-assessment. Also, this management of the security level may make effect of encouraging the installation of high ranked countermeasures in order to rapidly increase the security level. Proposed approach could be conducted for the pilot test on the model plants with each reactor type of operating NPPs.

A Security Assessment Approach with Graded Importance Score of Security Controls and Asset Consequence for I and C Systems in Operating NPPs

International Nuclear Information System (INIS)

Lee, Sooill; Kim, Yong Sik; Moon, Insun; Lee, Euijong

2016-01-01

This paper introduces a security assessment approach with graded importance score of security controls and the asset consequence through an asset and risk analysis to manage the security levels in operating NPPs (Nuclear Power Plants). Whereas, those are being exposed to various types of new and existing cyber threats, vulnerabilities and risks which significantly increase the likelihood that those could be compromised. U.S. NRC(United States Nuclear Regulatory Commission) and KINAC(Korea Institute of Nuclear Nonproliferation And Control) request the cyber security plan by establishing the cyber security program through assessing and managing the potential for adverse effect on safety, security and emergency preparedness functions so as to provide high assurance that critical functions are properly protected from the cyber-attack. This paper shows the security assessment approach with graded importance score of security controls and the asset consequence. It could lead to manage the security levels consistent with the purpose of defense in- depth strategy based on regulatory rule as well as internal risk-based self-assessment. Also, this management of the security level may make effect of encouraging the installation of high ranked countermeasures in order to rapidly increase the security level. Proposed approach could be conducted for the pilot test on the model plants with each reactor type of operating NPPs

Security Mechanism Based on Hospital Authentication Server for Secure Application of Implantable Medical Devices

Directory of Open Access Journals (Sweden)

Chang-Seop Park

2014-01-01

Full Text Available After two recent security attacks against implantable medical devices (IMDs have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient’s life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician’s treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance.

Results of special security inspection on improvement of security management setup in Head Office and Tsuruga Nuclear Power Station of the Japan Atomic Power Company and improvement of facilities in Tsuruga Nuclear Power Station

International Nuclear Information System (INIS)

1982-01-01

In connection with the series of accidents in the Tsuruga Nuclear Power Station, the Agency of Natural Resources and Energy had instructed JAPC to make comprehensive inspection on the security management setup and to take improvement measures in the nuclear power station. The results of the subsequent inspection by ANRE confirmed that the improvements made by JAPC are adequate, and the following items are described: improvement of security management setup - communication and reporting in emergency, the management of inspection and maintenance records, work control and supervision in repair, improvement, etc., functional authority and responsibility in maintenance management, operation management, radiation control, personnel education; improvement of facilities - feed water heaters, laundry waste-water filter room, radioactive waste treatment facility, general drainage, concentrated waste liquid storage tanks in newly-built waste treatment building, etc. (J.P.N.)

Agile IT Security Implementation Methodology

CERN Document Server

Laskowski, Jeff

2011-01-01

The book is a tutorial that goes from basic to professional level for Agile IT security. It begins by assuming little knowledge of agile security. Readers should hold a good knowledge of security methods and agile development. The book is targeted at IT security managers, directors, and architects. It is useful for anyone responsible for the deployment of IT security countermeasures. Security people with a strong knowledge of agile software development will find this book to be a good review of agile concepts.

Security for multihop wireless networks

CERN Document Server

Khan, Shafiullah

2014-01-01

Security for Multihop Wireless Networks provides broad coverage of the security issues facing multihop wireless networks. Presenting the work of a different group of expert contributors in each chapter, it explores security in mobile ad hoc networks, wireless sensor networks, wireless mesh networks, and personal area networks.Detailing technologies and processes that can help you secure your wireless networks, the book covers cryptographic coprocessors, encryption, authentication, key management, attacks and countermeasures, secure routing, secure medium access control, intrusion detection, ep

Households and food security: lessons from food secure households in East Africa.

NARCIS (Netherlands)

Silvestri, Silvia; Douxchamps, Sabine; Kristjanson, Patti; Förch, Wiebke; Radeny, Maren; Mutie, Lanetta; Quiros, F.C.; Herrero, M.; Ndungu, Anthony; Claessens, L.F.G.

2015-01-01

Background
What are the key factors that contribute to household-level food security? What lessons can we learn from food secure households? What agricultural options and management strategies are likely to benefit female-headed households in particular? This paper addresses these questions

Gender Differences in the Field of Information Security Technology Management: A Qualitative, Phenomenological Study

Science.gov (United States)

Johnson, Marcia L.

2013-01-01

This qualitative study explored why there are so few senior women in the information security technology management field and whether gender played a part in the achievement of women in the field. Extensive interviews were performed to capture the lived experiences of successful women in the field regarding the obstacles and common denominators of…

Android application security essentials

CERN Document Server

Rai, Pragati

2013-01-01

Android Application Security Essentials is packed with examples, screenshots, illustrations, and real world use cases to secure your apps the right way.If you are looking for guidance and detailed instructions on how to secure app data, then this book is for you. Developers, architects, managers, and technologists who wish to enhance their knowledge of Android security will find this book interesting. Some prior knowledge of development on the Android stack is desirable but not required.

Electronic healthcare information security

CERN Document Server

Dube, Kudakwashe; Shoniregun, Charles A

2010-01-01

The ever-increasing healthcare expenditure and pressing demand for improved quality and efficiency of patient care services are driving innovation in healthcare information management. The domain of healthcare has become a challenging testing ground for information security due to the complex nature of healthcare information and individual privacy. ""Electronic Healthcare Information Security"" explores the challenges of e-healthcare information and security policy technologies. It evaluates the effectiveness of security and privacy implementation systems for anonymization methods and techniqu

Collaborative eHealth Meets Security: Privacy-Enhancing Patient Profile Management.

Science.gov (United States)

Sanchez-Guerrero, Rosa; Mendoza, Florina Almenarez; Diaz-Sanchez, Daniel; Cabarcos, Patricia Arias; Lopez, Andres Marin

2017-11-01

Collaborative healthcare environments offer potential benefits, including enhancing the healthcare quality delivered to patients and reducing costs. As a direct consequence, sharing of electronic health records (EHRs) among healthcare providers has experienced a noteworthy growth in the last years, since it enables physicians to remotely monitor patients' health and enables individuals to manage their own health data more easily. However, these scenarios face significant challenges regarding security and privacy of the extremely sensitive information contained in EHRs. Thus, a flexible, efficient, and standards-based solution is indispensable to guarantee selective identity information disclosure and preserve patient's privacy. We propose a privacy-aware profile management approach that empowers the patient role, enabling him to bring together various healthcare providers as well as user-generated claims into an unique credential. User profiles are represented through an adaptive Merkle Tree, for which we formalize the underlying mathematical model. Furthermore, performance of the proposed solution is empirically validated through simulation experiments.

41 CFR 109-38.202-50 - Security.

Science.gov (United States)

2010-07-01

... 41 Public Contracts and Property Management 3 2010-07-01 2010-07-01 false Security. 109-38.202-50 Section 109-38.202-50 Public Contracts and Property Management Federal Property Management Regulations....202-50 Security. Unissued license tags shall be stored in a locked drawer, cabinet, or storage area...

Security leader insights for information protection lessons and strategies from leading security professionals

CERN Document Server

Fahy, Bob

2014-01-01

How do you, as a busy security executive or manager, stay current with evolving issues, familiarize yourself with the successful practices of your peers, and transfer this information to build a knowledgeable, skilled workforce the times now demand? With Security Leader Insights for Information Protection, a collection of timeless leadership best practices featuring insights from some of the nation's most successful security practitioners, you can. This book can be used as a quick and effective resource to bring your security staff up to speed on security's role in information protection. I

Usability of Security Management:Defining the Permissions of Guests

Science.gov (United States)

Johnson, Matthew; Stajano, Frank

Within the scenario of a Smart Home, we discuss the issues involved in allowing limited interaction with the environment for unidentified principals, or guests. The challenges include identifying and authenticating guests on one hand and delegating authorization to them on the other. While the technical mechanisms for doing so in generic distributed systems have been around for decades, existing solutions are in general not applicable to the smart home because they are too complex to manage. We focus on providing both security and usability; we therefore seek simple and easy to understand approaches that can be used by a normal computer-illiterate home owner, not just by a trained system administrator. This position paper describes ongoing research and does not claim to have all the answers.

Modelling of Processes of Logistics in Cyberspace Security

Directory of Open Access Journals (Sweden)

Konečný Jiří

2017-01-01

Full Text Available The goal of this contribution is especially to familiarize experts in various fields with the need for a new approach to the system-defined model and modelling of processes in the engineering practice and the expression of some state variables' possibilities for the modelling of real-world systems with regard to the highly dynamic development of structures and to the behaviour of systems of logistics. Thus, in this contribution, the necessity of making full use of cybernetics as a field for the management and communication of information is expressed, and also the environment of cybernetics as a much needed cybernetic realm (cyberspace, determining the steady state between cyber-attacks and cyber-defence as a modern knowledge-based potential in general and specifically of logistics in cyber security. Connected with this process is the very important area of lifelong training of experts in the dynamic world of science and technology (that is, also in a social system which is also expressed here briefly, and also the cyber and information security, all of which falls under the cyberspace of new perspective electronic learning (e-learning with the use of modern laboratories with new effects also for future possibilities of process modelling of artificial intelligence (AI with a perspective of mass use of UAVs in logistics.

Governing for Enterprise Security

National Research Council Canada - National Science Library

Allen, Julia

2005-01-01

... business. If an organization's management -- including boards of directors, senior executives, and all managers -- does not establish and reinforce the business need for effective enterprise security...

Strengthening the Security of ESA Ground Data Systems

Science.gov (United States)

Flentge, Felix; Eggleston, James; Garcia Mateos, Marc

2013-08-01

A common approach to address information security has been implemented in ESA's Mission Operations (MOI) Infrastructure during the last years. This paper reports on the specific challenges to the Data Systems domain within the MOI and how security can be properly managed with an Information Security Management System (ISMS) according to ISO 27001. Results of an initial security risk assessment are reported and the different types of security controls that are being implemented in order to reduce the risks are briefly described.

Strengthen Cloud Computing Security with Federal Identity Management Using Hierarchical Identity-Based Cryptography

Science.gov (United States)

Yan, Liang; Rong, Chunming; Zhao, Gansen

More and more companies begin to provide different kinds of cloud computing services for Internet users at the same time these services also bring some security problems. Currently the majority of cloud computing systems provide digital identity for users to access their services, this will bring some inconvenience for a hybrid cloud that includes multiple private clouds and/or public clouds. Today most cloud computing system use asymmetric and traditional public key cryptography to provide data security and mutual authentication. Identity-based cryptography has some attraction characteristics that seem to fit well the requirements of cloud computing. In this paper, by adopting federated identity management together with hierarchical identity-based cryptography (HIBC), not only the key distribution but also the mutual authentication can be simplified in the cloud.

Ensuring the security of electricity supply in Ontario: is demand-side management the answer?

International Nuclear Information System (INIS)

Chuddy, B.

2004-01-01

This paper examines the issues relating to ensuring the security of electricity supply in Ontario. In particular, it focuses on demand-side management as a means of achieving these objectives. The solution involves both conservation and supply. It is therefore critical that there be investment in new supply with multiple buyers/sellers. regulatory environment and pricing could encourage conservation

Secure Real-Time Monitoring and Management of Smart Distribution Grid using Shared Cellular Networks

DEFF Research Database (Denmark)

Nielsen, Jimmy Jessen; Ganem, Hervé; Jorguseski, Ljupco

2017-01-01

capabilities. Thanks to the advanced measurement devices, management framework, and secure communication infrastructure developed in the FP7 SUNSEED project, the Distribution System Operator (DSO) now has full observability of the energy flows at the medium/low voltage grid. Furthermore, the prosumers are able......, where the smart grid ICT solutions are provided through shared cellular LTE networks....

Secure grid-based computing with social-network based trust management in the semantic web

Czech Academy of Sciences Publication Activity Database

Špánek, Roman; Tůma, Miroslav

2006-01-01

Roč. 16, č. 6 (2006), s. 475-488 ISSN 1210-0552 R&D Projects: GA AV ČR 1ET100300419; GA MŠk 1M0554 Institutional research plan: CEZ:AV0Z10300504 Keywords : semantic web * grid computing * trust management * reconfigurable networks * security * hypergraph model * hypergraph algorithms Subject RIV: IN - Informatics, Computer Science

IT Security Specialist | IDRC - International Development Research ...

International Development Research Centre (IDRC) Digital Library (Canada)

The IT Security Specialist takes a strategic role in the delivery of Infrastructure ... on IT Security to project managers, business clients and senior management. ... as a team member or a team leader by undertaking research, investigations, ...

A Student Information Management System Based on Fingerprint Identification and Data Security Transmission

Directory of Open Access Journals (Sweden)

Pengtao Yang

2017-01-01

Full Text Available A new type of student information management system is designed to implement student information identification and management based on fingerprint identification. In order to ensure the security of data transmission, this paper proposes a data encryption method based on an improved AES algorithm. A new S-box is cleverly designed, which can significantly reduce the encryption time by improving ByteSub, ShiftRow, and MixColumn in the round transformation of the traditional AES algorithm with the process of look-up table. Experimental results show that the proposed algorithm can significantly improve the encryption time compared with the traditional AES algorithm.

Maternal Mental State Language and Preschool Children's Attachment Security: Relation to Children's Mental State Language and Expressions of Emotional Understanding

Science.gov (United States)

Mcquaid, Nancy; Bigelow, Ann E.; McLaughlin, Jessica; MacLean, Kim

2008-01-01

Mothers' mental state language in conversation with their preschool children, and children's preschool attachment security were examined for their effects on children's mental state language and expressions of emotional understanding in their conversation. Children discussed an emotionally salient event with their mothers and then relayed the…

Knowledge-based computer security advisor

International Nuclear Information System (INIS)

Hunteman, W.J.; Squire, M.B.

1991-01-01

The rapid expansion of computer security information and technology has included little support to help the security officer identify the safeguards needed to comply with a policy and to secure a computing system. This paper reports that Los Alamos is developing a knowledge-based computer security system to provide expert knowledge to the security officer. This system includes a model for expressing the complex requirements in computer security policy statements. The model is part of an expert system that allows a security officer to describe a computer system and then determine compliance with the policy. The model contains a generic representation that contains network relationships among the policy concepts to support inferencing based on information represented in the generic policy description

Prototype system of secure VOD

Science.gov (United States)

Minemura, Harumi; Yamaguchi, Tomohisa

1997-12-01

Secure digital contents delivery systems are to realize copyright protection and charging mechanism, and aim at secure delivery service of digital contents. Encrypted contents delivery and history (log) management are means to accomplish this purpose. Our final target is to realize a video-on-demand (VOD) system that can prevent illegal usage of video data and manage user history data to achieve a secure video delivery system on the Internet or Intranet. By now, mainly targeting client-server systems connected with enterprise LAN, we have implemented and evaluated a prototype system based on the investigation into the delivery method of encrypted video contents.

Negative Gauge Pressure Moisture Management and Secure Adherence Device for Prosthetic Limbs

Science.gov (United States)

2013-03-01

prosthesis feels like it is sliding up and down or falling off when I am active. D. I have been more active than normal as a result of this prosthesis ...temperature. 3. My prosthesis feels like it is sliding up and down or falling off when I am active. 4. I have been more active than normal as a result of...objective of this research was to develop and test a novel prosthesis incorporating a negative gauge pressure moisture management and secure

Security System Software

Science.gov (United States)

1993-01-01

C Language Integration Production System (CLIPS), a NASA-developed expert systems program, has enabled a security systems manufacturer to design a new generation of hardware. C.CURESystem 1 Plus, manufactured by Software House, is a software based system that is used with a variety of access control hardware at installations around the world. Users can manage large amounts of information, solve unique security problems and control entry and time scheduling. CLIPS acts as an information management tool when accessed by C.CURESystem 1 Plus. It asks questions about the hardware and when given the answer, recommends possible quick solutions by non-expert persons.

Multiplying a Force for Good? the Impact of Security Sector Management Postgraduate Education in Ethiopia

Science.gov (United States)

Macphee, Paula-Louise; Fitz-Gerald, Ann

2014-01-01

This paper argues for the importance, benefits and wider impact of a donor-funded, locally supported postgraduate programme in security sector management (SSM) for government officials in Ethiopia. With the exception of specialised education and training programmes within the field of peace and conflict studies, the role of education in…

A Layered Trust Information Security Architecture

Science.gov (United States)

de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

2014-01-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

A layered trust information security architecture.

Science.gov (United States)

de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

2014-12-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

A Layered Trust Information Security Architecture

Directory of Open Access Journals (Sweden)

Robson de Oliveira Albuquerque

2014-12-01

Full Text Available Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

Cloud Computing Security

OpenAIRE

Ngongang, Guy

2011-01-01

This project aimed to show how possible it is to use a network intrusion detection system in the cloud. The security in the cloud is a concern nowadays and security professionals are still finding means to make cloud computing more secure. First of all the installation of the ESX4.0, vCenter Server and vCenter lab manager in server hardware was successful in building the platform. This allowed the creation and deployment of many virtual servers. Those servers have operating systems and a...

Health Information Security in Hospitals: the Application of Security Safeguards.

Science.gov (United States)

Mehraeen, Esmaeil; Ayatollahi, Haleh; Ahmadi, Maryam

2016-02-01

A hospital information system has potentials to improve the accessibility of clinical information and the quality of health care. However, the use of this system has resulted in new challenges, such as concerns over health information security. This paper aims to assess the status of information security in terms of administrative, technical and physical safeguards in the university hospitals. This was a survey study in which the participants were information technology (IT) managers (n=36) who worked in the hospitals affiliated to the top ranked medical universities (university A and university B). Data were collected using a questionnaire. The content validity of the questionnaire was examined by the experts and the reliability of the questionnaire was determined using Cronbach's coefficient alpha (α=0.75). The results showed that the administrative safeguards were arranged at a medium level. In terms of the technical safeguards and the physical safeguards, the IT managers rated them at a strong level. According to the results, among three types of security safeguards, the administrative safeguards were assessed at the medium level. To improve it, developing security policies, implementing access control models and training users are recommended.

Materials and Security Consolidation Complex Facilities Radioactive Waste Management Basis and DOE Manual 435.1-1 Compliance Tables

International Nuclear Information System (INIS)

2011-01-01

Department of Energy Order 435.1, 'Radioactive Waste Management,' along with its associated manual and guidance, requires development and maintenance of a radioactive waste management basis for each radioactive waste management facility, operation, and activity. This document presents a radioactive waste management basis for Idaho National Laboratory's Materials and Security Consolidation Center facilities that manage radioactive waste. The radioactive waste management basis for a facility comprises existing laboratory-wide and facility-specific documents. Department of Energy Manual 435.1-1, 'Radioactive Waste Management Manual,' facility compliance tables also are presented for the facilities. The tables serve as a tool for developing the radioactive waste management basis.

Security management internship program: a great recruiting tool for your company.

Science.gov (United States)

Yaross, Dan; Morris, Ronald J

2013-01-01

A well thought out and managed internship program is easily a "win-win" situation, according to the authors, who established such a program for the security department of their hospital. The program benefits not only the students with gaining practical experience of the business environment, but also the colleges/universities in coordinating internship opportunities for its students and business organizations in a number of ways including the possible identification of potential young career candidates to augment their current workforces. The article is based on the authors' presentation at the ASIS International Annual Seminar in September 2012.

DIRAC Security

CERN Document Server

Casajús Ramo, A

2006-01-01

DIRAC is the LHCb Workload and Data Management System. Based on a service-oriented architecture, it enables generic distributed computing with lightweight Agents and Clients for job execution and data transfers. DIRAC implements a client-server architecture exposing server methods through XML Remote Procedure Call (XML-RPC) protocol. DIRAC is mostly coded in python. DIRAC security infrastructure has been designed to be a completely generic XML-RPC transport over a SSL tunnel. This new security layer is able to handle standard X509 certificates as well as grid-proxies to authenticate both sides of the connection. Serve and client authentication relies over OpenSSL and py-Open SSL, but to be able to handle grid proxies some modifications have been added to those libraries. DIRAC security infrastructure handles authorization and authorization as well as provides extended capabilities like secure connection tunneling and file transfer. Using this new security infrastructure all LHCb users can safely make use o...

An Analysis of Information Technology Managers' and Executives' Security Concerns on Willingness to Adopt Cloud Computing Solutions

Science.gov (United States)

Tanque, Marcus M.

2012-01-01

The research conducted in this study inquires about Information Technology (IT) managers' and executives' attitudes, beliefs, and knowledge on Cloud Computing (CC) security. The study evaluated how these factors affect IT managers' and executives' willingness to adopt CC solutions in their organizations. Confidentiality,…

An adaptive algorithm for performance assessment of construction project management with respect to resilience engineering and job security

Directory of Open Access Journals (Sweden)

P. Hashemi

2018-01-01

Full Text Available Construction sites are accident-prone locations and therefore safety management plays an im-portant role in these workplaces. This study presents an adaptive algorithm for performance as-sessment of project management with respect to resilience engineering and job security in a large construction site. The required data are collected using questionnaires in a large construction site. The presented algorithm is composed of radial basis function (RBF, artificial neural networks multi-layer perceptron (ANN-MLP, and statistical tests. The results indicate that preparedness, fault-tolerance, and flexibility are the most effective factors on overall efficiency. Moreover, job security and resilience engineering have similar statistical impacts on overall system efficiency. The results are verified and validated by the proposed algorithm.

Seamless and secure communications over heterogeneous wireless networks

CERN Document Server

Cao, Jiannong

2014-01-01

This brief provides an overview of the requirements, challenges, design issues and major techniques for seamless and secure communications over heterogeneous wireless networks. It summarizes and provides detailed insights into the latest research on handoff management, mobility management, fast authentication and security management to support seamless and secure roaming for mobile clients. The reader will also learn about the challenges in developing relevant technologies and providing ubiquitous Internet access over heterogeneous wireless networks. The authors have extensive experience in im

78 FR 66949 - Homeland Security Science and Technology Advisory Committee (HSSTAC)

Science.gov (United States)

2013-11-07

... Technology, such as new developments in systems engineering, cyber-security, knowledge management and how... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2013-0071] Homeland Security Science and... Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The Homeland Security Science and...

Social Influence for Security

Directory of Open Access Journals (Sweden)

Florin Iftode

2014-08-01

Full Text Available The main aim of this work marks the reveling of scientific premises intended to structure the issue of social influence for security. The approach has as aim the identification of those elements that define and characterize the social influence in order to manage conflict, from the perspective of public communication. The proposed approach establishes some synthetic, clear boundaries through the method of research and analysis of the concept of security, social influence, revealing the specifics of public communication in conflict management.

Methods of Organizational Information Security

Science.gov (United States)

Martins, José; Dos Santos, Henrique

The principle objective of this article is to present a literature review for the methods used in the security of information at the level of organizations. Some of the principle problems are identified and a first group of relevant dimensions is presented for an efficient management of information security. The study is based on the literature review made, using some of the more relevant certified articles of this theme, in international reports and in the principle norms of management of information security. From the readings that were done, we identified some of the methods oriented for risk management, norms of certification and good practice of security of information. Some of the norms are oriented for the certification of the product or system and others oriented to the processes of the business. There are also studies with the proposal of Frameworks that suggest the integration of different approaches with the foundation of norms focused on technologies, in processes and taking into consideration the organizational and human environment of the organizations. In our perspective, the biggest contribute to the security of information is the development of a method of security of information for an organization in a conflicting environment. This should make available the security of information, against the possible dimensions of attack that the threats could exploit, through the vulnerability of the organizational actives. This method should support the new concepts of "Network centric warfare", "Information superiority" and "Information warfare" especially developed in this last decade, where information is seen simultaneously as a weapon and as a target.

Compatibility of safety and security

International Nuclear Information System (INIS)

Jalouneix, J.

2013-01-01

Nuclear safety means the achievement of proper operating conditions, prevention of accidents or mitigation of accident consequences, resulting in protection of workers, the public and the environment from undue radiation hazards while nuclear security means the prevention and detection of, and response to, theft, sabotage, unauthorized access, illegal transfer or other malicious acts involving nuclear material. Nuclear safety and nuclear security present large similarities in their aim as in their methods and are mutually complementary in the field of protection with regard to the risk of sabotage. However they show specific attributes in certain areas which leads to differences in their implementation. For instance security culture must integrate deterrence and confidentiality while safety culture implies transparency and open dialogue. Two important design principles apply identically for safety and security: the graded approach and the defense in depth. There are also strong similarities in operating provisions: -) a same need to check the availability of the equipment, -) a same need to treat the experience feedback, or -) a same need to update the basic rules. There are also strong similarities in emergency management, for instance the elaboration of emergency plans and the performance of periodic exercises. Activities related to safety of security of an installation must be managed by a quality management system. For all types of nuclear activities and facilities, a well shared safety culture and security culture is the guarantee of a safe and secure operation. The slides of the presentation have been added at the end of the paper

Data Security in Smart Cities: Challenges and Solutions

Directory of Open Access Journals (Sweden)

Daniela POPESCUL

2016-01-01

Full Text Available The purpose of this paper is to provide an extensive overview of security-related problems in the context of smart cities, seen as huge data consumers and producers. Trends as hyper connectivity, messy complexity, loss of boundary and industrialized hacking transform smart cities in complex environments in which the already-existing security analysis are not useful anymore. Specific data-security requirements and solutions are approached in a four-layer framework, with elements considered to be critical to the operation of a smart city: smart things, smart spaces, smart systems and smart citizens. As urban management should pay close attention to security and privacy protection, network protocols, identity management, standardization, trusted architecture etc., the paper will serve them as a start point for better decisions in security design and management.

Energy systems security

CERN Document Server

Voeller, John G

2014-01-01

Energy Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to electricity transmission grids and their protection, risk assessment of energy systems, analysis of interdependent energy networks. Methods to manage electricity transmission disturbances so as to avoid blackouts are discussed, and self-healing energy system and a nano-enabled power source are presented.

Blockchain-based Public Key Infrastructure for Inter-Domain Secure Routing

OpenAIRE

de la Rocha Gómez-Arevalillo , Alfonso; Papadimitratos , Panos

2017-01-01

International audience; A gamut of secure inter-domain routing protocols has been proposed in the literature. They use traditional PGP-like and centralized Public Key Infrastructures for trust management. In this paper, we propose our alternative approach for managing security associations, Secure Blockchain Trust Management (SBTM), a trust management system that instantiates a blockchain-based PKI for the operation of securerouting protocols. A main motivation for SBTM is to facilitate gradu...

Security and management

International Nuclear Information System (INIS)

Moreau, A.

1992-01-01

All the studies performed about accident causes have emphasized the influence of Human Factors in the field of Safety and Radiological Protection. Human actions cannot be understood but also improved without exploring the enormous field of mental representations and emotions, therefore, all the sources of comportments. Among a working group, safety can be the field of all the comportments relative to this group: relationship with work and between persons. This leads to management questions. There is no specific management for the safety. It must be included in the general management policy. Pedagogy must consider this fact for the training of workers. (author)

Security Technologies for Open Networking Environments (STONE)

Energy Technology Data Exchange (ETDEWEB)

Muftic, Sead

2005-03-31

-domain scenarios is supported by a set of security engines that represent the core of the Federated Identities Management Server, which is also an extension of the Domain Security Server. The Federated Identity Management server allows users to federate their identities or terminate the federation between the service provider and the identity provider. At the service provider web site, the users are offered a list of identity providers to which they can choose to federate their identities. After users federate their identity, they can perform Single Sign-On protocol in an environment of federated domains. The group security system consists of a number of security technologies under a unified architecture, which supports creation of secure groups and execution of secure group transactions and applications in an open networking environment. The system is based on extensions of the GSAKMP standard for group key distribution and management. The Top layer is the Security Infrastructure with the Security Management and Administration System components and protocols that provide security functions common to all secure network applications The Middle layer is the Secure Group Protocols and Applications layer, consisting of the Policy and Group Key Distribution Server and Web-based (thin) Client. The Bottom layer is the supporting Middleware Security Platform, the cryptographic platform already described above. The group security system is designed to perform the functions necessary to create secure groups and enable secure group applications. Specifically, the system can manage group roles, create and disseminate a group security policy, perform authentication and authorization of users using PKI certificates and Web services security, generate group keys, and recover from compromises. In accordance with the GSAKMP standard, the group security system must perform all the required group life-cycle functions: group definition, group establishment, group maintenance, and group removal. The

Advanced API security securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE

CERN Document Server

Siriwardena, Prabath

2014-01-01

Advanced API Security is a complete reference to the next wave of challenges in enterprise security--securing public and private APIs. API adoption in both consumer and enterprises has gone beyond predictions. It has become the 'coolest' way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed. Security is not an afterthought, but API security has evolved a lot in last five years. The growth of standards, out there, has been exponential. That's where AdvancedAPI Security comes in--to wade through the weeds

78 FR 69858 - Privacy Act of 1974; Department of Homeland Security/Federal Emergency Management Agency-001...