WorldWideScience

Sample records for internet securely protecting

  1. Connecting to the Internet Securely; Protecting Home Networks CIAC-2324

    Energy Technology Data Exchange (ETDEWEB)

    Orvis, W J; Krystosek, P; Smith, J

    2002-11-27

    With more and more people working at home and connecting to company networks via the Internet, the risk to company networks to intrusion and theft of sensitive information is growing. Working from home has many positive advantages for both the home worker and the company they work for. However, as companies encourage people to work from home, they need to start considering the interaction of the employee's home network and the company network he connects to. This paper discusses problems and solutions related to protection of home computers from attacks on those computers via the network connection. It does not consider protection of those systems from people who have physical access to the computers nor does it consider company laptops taken on-the-road. Home networks are often targeted by intruders because they are plentiful and they are usually not well secured. While companies have departments of professionals to maintain and secure their networks, home networks are maintained by the employee who may be less knowledgeable about network security matters. The biggest problems with home networks are that: Home networks are not designed to be secure and may use technologies (wireless) that are not secure; The operating systems are not secured when they are installed; The operating systems and applications are not maintained (for security considerations) after they are installed; and The networks are often used for other activities that put them at risk for being compromised. Home networks that are going to be connected to company networks need to be cooperatively secured by the employee and the company so they do not open up the company network to intruders. Securing home networks involves many of the same operations as securing a company network: Patch and maintain systems; Securely configure systems; Eliminate unneeded services; Protect remote logins; Use good passwords; Use current antivirus software; and Moderate your Internet usage habits. Most of these

  2. Security in Internet

    Directory of Open Access Journals (Sweden)

    Felician ALECU

    2006-01-01

    Full Text Available A very good method that can be used to protect a private network is the implementation of a firewall between Internet and Intranet. This firewall will filter the packets that transit the network according with the security policy defined at the system level. The SSL protocol allows verifying the identity of a WEB server based on a digital certificate issued by a certification authority. Secure data transport over the Internet is done by using encryption methods.

  3. Information Security and the Internet.

    Science.gov (United States)

    Doddrell, Gregory R.

    1996-01-01

    As business relies less on "fortress" style central computers and more on distributed systems, the risk of disruption increases because of inadequate physical security, support services, and site monitoring. This article discusses information security and why protection is required on the Internet, presents a best practice firewall, and…

  4. Internet security technologies

    CERN Multimedia

    CERN. Geneva

    2003-01-01

    The three pillars of Internet Security are Infrastructure, Applications and People. In this series of lectures we will examine those three pillars and how vital it is for individuals to understand the vulnerabilities of this technology so they can made informed decisions about risks and how they can reduce those risks for themselves and their colleagues.First we will focus on the infrastructure: network; servers; operating systems and all those things that are mostly invisible. Moving up a level, into the visible realm, we discuss the application and see things like buffer overflows, viruses and how as application developers and users we can protect ourselves. Finally, it's all about people. The strongest security technology in the world is easily defeated if people don't understand their role in the whole system.

  5. Cyber Security: Rule of Use Internet Safely?

    OpenAIRE

    -, Maskun

    2013-01-01

    International Journal Cyber security plays on important role to guarantee and protect people who use internet in their daily life. Some cases take place around the world that people get inconvenience condition when they access and use internet. Misuse of internet becomes a current issue which some cases take place including a university. Advantages of using internet in the university of course assist the student to get some information in internet. However, they have to be protected in ord...

  6. Security in the internet

    International Nuclear Information System (INIS)

    Seibel, R.M.M.; Kocher, K.; Landsberg, P.

    2000-01-01

    Aim of the study: Is it possible to use the Internet as a secure media for transport of telemedicine? Which risks exist for routine use? In this article state of the art methods of security were analysed. Telemedicine in the Internet has severe risks, because patient data and hospital data of a secure Intranet can be manipulated by connecting it to the Web. Conclusions: Establishing of a firewall and the introduction of HPC (Health Professional Card) are minimizing the risk of un-authorized access to the hospital server. HPC allows good safety with digital signature and authentication of host and client of medical data. For secure e-mail PGP (Pretty Good Privacy) is easy to use as a standard protocol. Planning all activities exactly as well as following legal regulations are important requisites for reduction of safety risks in Internet. (orig.) [de

  7. Commercial Security on the Internet.

    Science.gov (United States)

    Liddy, Carrie

    1996-01-01

    Discusses commercial security on the Internet and explains public key technology as successfully melding the conflicting requirements of openness for practical business applications and isolation and confidentiality for protection of data. Examples of public key value-added products are described, including encryption, digital signature and…

  8. Internet Banking Security Strategy: Securing Customer Trust

    OpenAIRE

    Frimpong Twum; Kwaku Ahenkora

    2012-01-01

    Internet banking strategies should enhance customers¡¯ online experiences which are affected by trust and security issues. This study provides perspectives of users and nonusers on internet banking security with a view to understanding trust and security factors in relation to adoption and continuous usage. Perception of internet banking security influenced usage intentions. Nonusers viewed internet banking to be insecure but users perceived it to be secure with perceived ease of use influenc...

  9. European Trends in Privacy: How can we increase internet security and protect individual privacy?

    Directory of Open Access Journals (Sweden)

    Soren Duus Ostergaard

    2004-04-01

    Full Text Available In the aftermath of September 11 2001 security has been at the top of any Government or Enterprise agenda. Scrutinizing flight passenger lists, conference participants' background, customers' profile and securing access to public and private databases through gateways has become a standard way of doing things. Legislation has been put in place which in many countries give the authorities increased right to analyze personal data ? In some cases overriding existing privacy legislation. >In a networked world everybody leaves traces that are personally individually identifiable (PII. When we use our mobile phone, the cell network provider knows the location you are in and the time of the call. When you browse a bookstore on the internet, an applet will tell the web-site owner of your buying habits - and the moment you make a purchase on the net, you leave behind a sign of your reading habits and intellectual preferences. When you use your credit card on the net to buy flowers, the address of the receiver is recorded and related to your ID. If you are under medical treatment and receive medicine, the prescription will inform about your deceases. Under which circumstances do you want this information to be revealed? Most countries as well as the European Union and its member countries have since long been aware of the potential threat against personal integrity in case a malevolent organization got hold of all this information. And now Governments in most countries are becoming increasingly interested in accessing personal information to prevent terrorism and establish an electronic surveillance of dubious elements in the society. This paper intends to describe how IT solutions with a special focus on the public sector could be developed and deployed that will help organizations as well as individuals to protect their personally identifiable information, set up policies that will be translated to watch dogs that will ensure that these policies are

  10. [The Internet and its security].

    Science.gov (United States)

    Masić, Izet; Ahmetović, Ademir; Jakupović, Safet; Masić, Zlatan; Zunić, Lejla

    2002-01-01

    Internet, is the greatest world net by by means of which nowadays the planet communicates, rapidly goes forward. The last years of the university in USA the commonly develop the more progressive concept of the net (Internet 2), thanks to the constant growing technologies, with the goal to answer the needs of the scientific and the educational institutions, but also the commercial institutions and the organizations. Almost the there is no more significant institution in the world which has not developed their web pages and data bases with the most actual contents available to the wider circle of the users. In this paper we have given the section of the most actual web pages. However, Internet is not immune to those users who are not benevolent and who have developed the different tools in the goal of the destroying or unabling of the normal use of all the Internet conveniences. The authors is considering the protection problem and the data security which get distributed by Internet.

  11. Security in the internet; Sicherheitsaspekte im Internet

    Energy Technology Data Exchange (ETDEWEB)

    Seibel, R.M.M.; Kocher, K.; Landsberg, P. [Witten-Herdecke Univ., Witten (Germany). Inst. fuer Diagnostische und Interventionelle Radiologie

    2000-04-01

    Aim of the study: Is it possible to use the Internet as a secure media for transport of telemedicine? Which risks exist for routine use? In this article state of the art methods of security were analysed. Telemedicine in the Internet has severe risks, because patient data and hospital data of a secure Intranet can be manipulated by connecting it to the Web. Conclusions: Establishing of a firewall and the introduction of HPC (Health Professional Card) are minimizing the risk of un-authorized access to the hospital server. HPC allows good safety with digital signature and authentication of host and client of medical data. For secure e-mail PGP (Pretty Good Privacy) is easy to use as a standard protocol. Planning all activities exactly as well as following legal regulations are important requisites for reduction of safety risks in Internet. (orig.) [German] Ziele der Studie und Analyse: Es sollten die Fragen beantwortet werden, ob es moeglich ist, das Internet als sicheres Uebermittlungsmedium fuer Telemedizin zu nutzen und welche Sicherheitsrisiken bestehen. Dazu wurden die gaengigen Sicherheitsmethoden analysiert. Telemedizin im Internet ist mit Sicherheitsrisiken behaftet, die durch die Oeffnung eines Intranets mit der Moeglichkeit zur unberechtigten Manipulation von aussen bedingt sind. Schlussfolgerung: Diese Sicherheitsrisiken koennen durch eine Firewall weitgehend unterbunden werden. Chipkarten wie die Health professional card ermoeglichen eine hohe Sicherheit bei digitaler Signatur und sicherer Authentifikation der Sender und Empfaenger von Daten im Internet. Auch Standards wie Pretty good privacy sind inzwischen fuer sichere e-mails einfach einzusetzen. Wichtige Voraussetzung fuer die Reduktion von Sicherheitsrisiken ist unter Beruecksichtigung der gesetzlichen Vorgaben die exakte Planung aller Aktivitaeten im Internet, bei denen medizinische Patientendaten versandt werden sollen, in einem Team aus Aerzten und Informatikern. (orig.)

  12. Security in Internet of Things

    DEFF Research Database (Denmark)

    Kidmose, Egon; Pedersen, Jens Myrup

    2017-01-01

    2016 was a year when the discussions about Internet of Things and security gained significant grounds. Not only was it yet another year where the challenges of cybercrime became visible to the general public, maybe the presumable Russian hacking of Hillary Clinton's emails as the most prominent...... example, but at the end of the year the Mirai Botnet used Internet of Things devices to perform successful attacks on several Internet infrastructure points....

  13. Wireless mobile Internet security

    CERN Document Server

    Rhee, Man Young

    2013-01-01

      The mobile industry for wireless cellular services has grown at a rapid pace over the past decade. Similarly, Internet service technology has also made dramatic growth through the World Wide Web with a wire line infrastructure. Realization for complete wired/wireless mobile Internet technologies will become the future objectives for convergence of these technologies thr

  14. [Security aspects on the Internet].

    Science.gov (United States)

    Seibel, R M; Kocher, K; Landsberg, P

    2000-04-01

    Is it possible to use the Internet as a secure media for transport of telemedicine? Which risks exist for routine use? In this article state of the art methods of security were analysed. Telemedicine in the Internet has severe risks, because patient data and hospital data of a secure Intranet can be manipulated by connecting it to the Web. Establishing of a firewall and the introduction of HPC (Health Professional Card) are minimizing the risk of un-authorized access to the hospital server. HPC allows good safety with digital signature and authentication of host and client of medical data. For secure e-mail PGP (Pretty Good Privacy) is easy to use as a standard protocol. Planning all activities exactly as well as following legal regulations are important requisites for reduction of safety risks in Internet.

  15. Security in Internet of Things

    OpenAIRE

    Mohar, Matej

    2017-01-01

    The Internet of Things (IoT) is emerging the Internet and other networks with wireless technologies to make physical objects interact online. The IoT has developed to become a promising technology and receives significant research attention in recent years because of the development of wireless communications and micro-electronics.  Like other immature technological inventions, although IoT will promise their users a better life in the near future, it is a security risk, especially today the ...

  16. Practical Unix and Internet Security

    CERN Document Server

    Garfinkel, Simson; Spafford, Gene

    2003-01-01

    When Practical Unix Security was first published more than a decade ago, it became an instant classic. Crammed with information about host security, it saved many a Unix system administrator from disaster. The second edition added much-needed Internet security coverage and doubled the size of the original volume. The third edition is a comprehensive update of this very popular book - a companion for the Unix/Linux system administrator who needs to secure his or her organization's system, networks, and web presence in an increasingly hostile world. Focusing on the four most popular Unix varia

  17. Security, privacy, and confidentiality issues on the Internet

    OpenAIRE

    Kelly, Grant; McKenzie, Bruce

    2002-01-01

    We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standa...

  18. Internet security information system implement method

    International Nuclear Information System (INIS)

    Liu Baoxu; Mei Jie; Xu Rongsheng; An Dehai; Yu Mingjian; Chen Xiangyang; Zheng Peng

    1999-01-01

    On the basis of analysis of the key elements that will affect the Internet Security Information System, the author takes UNIX Operating System as an example, and provides the important stages that must be considered when implementing the Internet Security Information System. An implemental model of the Internet Security Information System is given

  19. Internet Safety and Security Surveys - A Review

    DEFF Research Database (Denmark)

    Sharp, Robin

    This report gives a review of investigations into Internet safety and security over the last 10 years. The review covers a number of surveys of Internet usage, of Internet security in general, and of Internet users' awareness of issues related to safety and security. The focus and approach...... of the various surveys is considered, and is related to more general proposals for investigating the issues involved. A variety of proposals for how to improve levels of Internet safety and security are also described, and they are reviewed in the light of studies of motivational factors which affect the degree...

  20. Survey of methods for secure connection to the internet

    Science.gov (United States)

    Matsui, Shouichi

    1994-04-01

    This paper describes a study of a security method of protecting inside network computers against outside miscreants and unwelcome visitors and a control method when these computers are connected with the Internet. In the present Internet, a method to encipher all data cannot be used, so that it is necessary to utilize PEM (Privacy Enhanced Mail) capable of the encipherment and conversion of secret information. For preventing miscreant access by eavesdropping password, one-time password is effective. The most cost-effective method is a firewall system. This system lies between the outside and inside network. By limiting computers that directly communicate with the Internet, control is centralized and inside network security is protected. If the security of firewall systems is strictly controlled under correct setting, security within the network can be secured even in open networks such as the Internet.

  1. Internetting tactical security sensor systems

    Science.gov (United States)

    Gage, Douglas W.; Bryan, W. D.; Nguyen, Hoa G.

    1998-08-01

    The Multipurpose Surveillance and Security Mission Platform (MSSMP) is a distributed network of remote sensing packages and control stations, designed to provide a rapidly deployable, extended-range surveillance capability for a wide variety of military security operations and other tactical missions. The baseline MSSMP sensor suite consists of a pan/tilt unit with video and FLIR cameras and laser rangefinder. With an additional radio transceiver, MSSMP can also function as a gateway between existing security/surveillance sensor systems such as TASS, TRSS, and IREMBASS, and IP-based networks, to support the timely distribution of both threat detection and threat assessment information. The MSSMP system makes maximum use of Commercial Off The Shelf (COTS) components for sensing, processing, and communications, and of both established and emerging standard communications networking protocols and system integration techniques. Its use of IP-based protocols allows it to freely interoperate with the Internet -- providing geographic transparency, facilitating development, and allowing fully distributed demonstration capability -- and prepares it for integration with the IP-based tactical radio networks that will evolve in the next decade. Unfortunately, the Internet's standard Transport layer protocol, TCP, is poorly matched to the requirements of security sensors and other quasi- autonomous systems in being oriented to conveying a continuous data stream, rather than discrete messages. Also, its canonical 'socket' interface both conceals short losses of communications connectivity and simply gives up and forces the Application layer software to deal with longer losses. For MSSMP, a software applique is being developed that will run on top of User Datagram Protocol (UDP) to provide a reliable message-based Transport service. In addition, a Session layer protocol is being developed to support the effective transfer of control of multiple platforms among multiple control

  2. Customer perceptions on Internet banking information protection

    Directory of Open Access Journals (Sweden)

    André Redlinghuis

    2010-12-01

    Objectives: This article has reported on the results of a survey (a close-ended questionnaire that was conducted by alumni of the University of Johannesburg (UJ. The research problem for this study has been formulated as ‘what are Internet banking customers’ perception on information protection when using Internet banking services and products?’ Method: The methodology for this study falls on quantitative research. The research study consisted of a detailed literature review, followed by an empirical component which consisted of a quantitative questionnaire. The questionnaire used in this study consisted of eight sections covering biographical information, financial institution and Internet banking, Internet banking service quality and delivery, Internet banking functionality, Internet banking costs, Internet banking convenience and relationships, Internet banking trust and Internet banking security and information technology (IT. Results: It was established that the findings of this research could assist financial institutions with fostering and building greater value adding relationships with their customers. These value-adding endeavours will ensure that customers experience and perceive their Internet banking experience to be enriching. Education and awareness campaigns are key focus areas financial institutions should continuously invest in. Information should be easily retrievable and communicated in a manner that makes sense to the diverse customer base, especially within South Africa with its diverse cultures and languages. Conclusion: The final conclusion that could be reached is that Internet banking products and services will continue to grow across various divides and platforms as the Internet costs decrease in future, the growth of Internet related products and services such as Internet banking will increase.

  3. Survey o methods for secure connection to the internet; Internet tono anzenna setsuzoku hoshiki no genjo

    Energy Technology Data Exchange (ETDEWEB)

    Matsui, S

    1994-04-01

    This paper describes a study of a security method of protecting inside network computers against outside miscreants and unwelcome visitors and a control method when these computers are connected with the Internet. In the present Internet, a method to encipher all data cannot be used, so that it is necessary to utilize PEM (Privacy Enhanced Mail) capable of the encipherment and conversion of secret information. For preventing miscreant access by eavesdropping password, one-time password is effective. The most cost-effective method is a firewall system. This system lies between the outside and inside network. By limiting computers that directly communicate with the Internet, control is centralized and inside network Security is protected. If the security of firewall systems is strictly controlled under correct setting, security within the network can be secured even in open networks such as the Internet. 35 refs., 3 figs.

  4. Model-based security engineering for the internet of things

    OpenAIRE

    NEISSE RICARDO; STERI GARY; NAI FOVINO Igor; BALDINI Gianmarco; VAN HOESEL Lodewijk

    2015-01-01

    We propose in this chapter a Model-based Security Toolkit (SecKit) and methodology to address the control and protection of user data in the deployment of the Internet of Things (IoT). This toolkit takes a more general approach for security engineering including risk analysis, establishment of aspect-specific trust relationships, and enforceable security policies. We describe the integrated metamodels used in the toolkit and the accompanying security engineering methodology for IoT systems...

  5. Security Challenges of the Internet of Things

    OpenAIRE

    Goeke, Lisa

    2017-01-01

    The ‘Internet of Things’ is the buzz phrase that describes a new era of computation. Briefly, the Internet of Things can be defined as the interaction of smart objects that are connected to the Internet. These objects can sense, share and process information, upload them in the cloud, and make them available to the user via a large amount of different applications. Despite all of these promising innovations, the Internet of Things, as every other technology, faces multiple security...

  6. Problem of Information Security Traffic on Internet

    Directory of Open Access Journals (Sweden)

    Slavko Šarić

    2012-10-01

    Full Text Available Internet information traffic becomes greater and moreimportant. With increasing growth of information importancerequirement for its security becomes indispensable. Theinformation security problem especially affect large and smallcompanies whose prosperity is depending on Internet presence.This affecting the three areas of Internet commerce: credit cardtransactions, virtual private networks and digital certification.To ensure information traffic it is necessary to find a solution,in a proper way, for three major problems: frontier problem,market problem and government problem. While the eventualemergence of security standards for Internet transactions isexpected, it will not automatically result in secure Internettransactions. In future, there is a wealth of security issues thatwill continue to require attention: internal security, continuedhacking, social engineering, malicious code, reliability andperformance, skills shortages and denial of se1vice attacks.

  7. Security Issues in Networks with Internet Access

    National Research Council Canada - National Science Library

    Landwehr, Carl E; Goldschlag, David M

    1997-01-01

    .... The principles are illustrated by describing the security issues a hypothetical company faces as the networks that support its operations evolve from strictly private, through a mix of Internet...

  8. Teaching Internet Security, Safety in Our Classrooms

    Science.gov (United States)

    DeFranco, Joanna F.

    2011-01-01

    Internet security is an important topic for educators due to curriculums now incorporating tools such as the Internet, Google docs, e-portfolios, and course management systems. Those tools require students to spend more time online, where they are susceptible to manipulation or intimidation if they do not stay on task. Kids of all ages lack…

  9. Internet Governance and National Security

    Science.gov (United States)

    2012-01-01

    by the International Orga­ nization of Standards for the Open Systems Interconnection ( OSI ) model as the basis of Internet networking. A brief...or “ride on top” of the Internet. A corporate LAN , such as “.company–name” for internal company use, is an example of the first. When a group wishes

  10. Issues in protection of human subjects in internet research.

    Science.gov (United States)

    Im, Eun-Ok; Chee, Wonshik

    2002-01-01

    Despite the increasing use of the Internet among nurses, the use of the Internet in nursing research has been rarely discussed and critiqued in terms of issues in protection of human subjects. In this article, issues in protection of human subjects in Internet research are explored by analyzing an Internet study to propose directions for human protection in Internet research. Issues raised through the study include those related to (a) anonymity and confidentiality, (b) security, (c) self-determination and authenticity, (d) full disclosure, and (e) fair treatment. Based on discussion of the five issues, development of standardized guidelines, investigator triangulation, and information sharing are proposed as directions for protection of human subjects in Internet research.

  11. The Internet of Things Security

    OpenAIRE

    Đekić Milica D.

    2017-01-01

    The Internet of Things (IoT) is a quite new concept covering on digital systems being correlated with each other. The first role of the Internet was to connect people, while this new paradigm serves in terms of connecting devices. Those solutions could get connected to each other using a standard web signal or applying another sort of communication channels. It's estimated that the IoT has included around 4.9 billion devices by the end of 2015, while it's expected that there would be 25 billi...

  12. Securing the Internet Control Plane

    Science.gov (United States)

    Benton, Kevin

    2017-01-01

    The Internet carries traffic between billions of devices every day and modern societies depend on the resiliency of the routing technology behind it to work around the frequent link outages caused by natural disasters, equipment failures, destruction of cables, and even wars. However, the routing technology behind all of this, the Border Gateway…

  13. Engineering secure Internet of Things systems

    CERN Document Server

    Aziz, Benjamin; Crispo, Bruno

    2016-01-01

    This book examines important security considerations for the Internet of Things (IoT). IoT is collecting a growing amount of private and sensitive data about our lives, and requires increasing degrees of reliability and trustworthiness in terms of the levels of assurance provided with respect to confidentiality, integrity and availability.

  14. Analytical Characterization of Internet Security Attacks

    Science.gov (United States)

    Sellke, Sarah H.

    2010-01-01

    Internet security attacks have drawn significant attention due to their enormously adverse impact. These attacks includes Malware (Viruses, Worms, Trojan Horse), Denial of Service, Packet Sniffer, and Password Attacks. There is an increasing need to provide adequate defense mechanisms against these attacks. My thesis proposal deals with analytical…

  15. Trust Management and Accountability for Internet Security

    Science.gov (United States)

    Liu, Wayne W.

    2011-01-01

    Adversarial yet interacting interdependent relationships in information sharing and service provisioning have been a pressing issue of the Internet. Such relationships exist among autonomous software agents, in networking system peers, as well as between "service users and providers." Traditional "ad hoc" security approaches effective in…

  16. Security, privacy, and confidentiality issues on the Internet

    Science.gov (United States)

    Kelly, Grant; McKenzie, Bruce

    2002-01-01

    We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standard for encrypting Web-based information interchanges is Secure Sockets Layer (SSL), more recently known as Transport Layer Security or TLS. There is a public key infrastructure process to `sign' a message whereby the private key of an individual can be used to `hash' the message. This can then be verified against the sender's public key. This ensures the data's authenticity and origin without conferring privacy, and is called a `digital signature'. The best protection against viruses is not opening e-mails from unknown sources or those containing unusual message headers. PMID:12554559

  17. Security, privacy, and confidentiality issues on the Internet.

    Science.gov (United States)

    Kelly, Grant; McKenzie, Bruce

    2002-01-01

    We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standard for encrypting Web-based information interchanges is Secure Sockets Layer (SSL), more recently known as Transport Layer Security or TLS. There is a public key infrastructure process to 'sign' a message whereby the private key of an individual can be used to 'hash' the message. This can then be verified against the sender's public key. This ensures the data's authenticity and origin without conferring privacy, and is called a 'digital signature'. The best protection against viruses is not opening e-mails from unknown sources or those containing unusual message headers.

  18. Research on Lightweight Information Security System of the Internet of Things

    OpenAIRE

    Ying Li; Li Ping Du; JianWei Guo; Xin Zhao

    2013-01-01

    In order to improve the security of information transmitted in the internet of things, this study designs an information security system architecture of internet of things based on a lightweight cryptography. In this security system, an authentication protocol, encryption/decryption protocol and signature verification protocol are proposed and implemented. All these security protocol are used to verify the legality of access device and to protect the confidentiality and integrity of transform...

  19. Home security system using internet of things

    Science.gov (United States)

    Anitha, A.

    2017-11-01

    IoT refers to the infrastructure of connected physical devices which is growing at a rapid rate as huge number of devices and objects are getting associated to the Internet. Home security is a very useful application of IoT and we are using it to create an inexpensive security system for homes as well as industrial use. The system will inform the owner about any unauthorized entry or whenever the door is opened by sending a notification to the user. After the user gets the notification, he can take the necessary actions. The security system will use a microcontroller known as Arduino Uno to interface between the components, a magnetic Reed sensor to monitor the status, a buzzer for sounding the alarm, and a WiFi module, ESP8266 to connect and communicate using the Internet. The main advantages of such a system includes the ease of setting up, lower costs and low maintenance.

  20. Sweet Dreams and Nightmares: Security in the Internet of Things

    OpenAIRE

    Kasper , Timo; Oswald , David; Paar , Christof

    2014-01-01

    Part 1: Invited Paper; International audience; Wireless embedded devices are predominant in the Internet of Things: Objects tagged with Radio Frequency IDentification and Near Field Communication technology, smartphones, and other embedded tokens interact from device to device and thereby often process information that is security or privacy relevant for humans. For protecting sensitive data and preventing attacks, many embedded devices employ cryptographic algorithms and authentication schem...

  1. Security and Privacy Analyses of Internet of Things Toys

    OpenAIRE

    Chu, Gordon; Apthorpe, Noah; Feamster, Nick

    2018-01-01

    This paper investigates the security and privacy of Internet-connected children's smart toys through case studies of three commercially-available products. We conduct network and application vulnerability analyses of each toy using static and dynamic analysis techniques, including application binary decompilation and network monitoring. We discover several publicly undisclosed vulnerabilities that violate the Children's Online Privacy Protection Rule (COPPA) as well as the toys' individual pr...

  2. Vehicular Internet: Security & Privacy Challenges and Opportunities

    Directory of Open Access Journals (Sweden)

    Kamran Zaidi

    2015-07-01

    Full Text Available The vehicular internet will drive the future of vehicular technology and intelligent transportation systems (ITS. Whether it is road safety, infotainment, or driver-less cars, the vehicular internet will lay the foundation for the future of road travel. Governments and companies are pursuing driver-less vehicles as they are considered to be more reliable than humans and, therefore, safer. The vehicles today are not just a means of transportation but are also equipped with a wide range of sensors that provide valuable data. If vehicles are enabled to share data that they collect with other vehicles or authorities for decision-making and safer driving, they thereby form a vehicular network. However, there is a lot at stake in vehicular networks if they are compromised. With the stakes so high, it is imperative that the vehicular networks are secured and made resilient to any attack or attempt that may have serious consequences. The vehicular internet can also be the target of a cyber attack, which can be devastating. In this paper, the opportunities that the vehicular internet offers are presented and then various security and privacy aspects are discussed and some solutions are presented.

  3. Consumer protection and internet shopping

    OpenAIRE

    Blažková, Lenka

    2010-01-01

    The diploma thesis is devoted to the issue of online shopping. Its aim is to analyze internet shopping and see the rights and obligations of consumers and sellers, which are based on current legislation. The thesis is divided into two parts. The theoretical part deals with purchase over the internet and its regulations. There are explained the concepts internet, e-business and e-commerce and indicate the types of e-business and is mentioned certification of online stores. The practical part i...

  4. Personal computer security: part 1. Firewalls, antivirus software, and Internet security suites.

    Science.gov (United States)

    Caruso, Ronald D

    2003-01-01

    Personal computer (PC) security in the era of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) involves two interrelated elements: safeguarding the basic computer system itself and protecting the information it contains and transmits, including personal files. HIPAA regulations have toughened the requirements for securing patient information, requiring every radiologist with such data to take further precautions. Security starts with physically securing the computer. Account passwords and a password-protected screen saver should also be set up. A modern antivirus program can easily be installed and configured. File scanning and updating of virus definitions are simple processes that can largely be automated and should be performed at least weekly. A software firewall is also essential for protection from outside intrusion, and an inexpensive hardware firewall can provide yet another layer of protection. An Internet security suite yields additional safety. Regular updating of the security features of installed programs is important. Obtaining a moderate degree of PC safety and security is somewhat inconvenient but is necessary and well worth the effort. Copyright RSNA, 2003

  5. Physician office readiness for managing Internet security threats.

    Science.gov (United States)

    Keshavjee, K; Pairaudeau, N; Bhanji, A

    2006-01-01

    Internet security threats are evolving toward more targeted and focused attacks.Increasingly, organized crime is involved and they are interested in identity theft. Physicians who use Internet in their practice are at risk for being invaded. We studied 16 physician practices in Southern Ontario for their readiness to manage internet security threats. Overall, physicians have an over-inflated sense of preparedness. Security practices such as maintaining a firewall and conducting regular virus checks were not consistently done.

  6. The use of crypto-analysis techniques for securing internet ...

    African Journals Online (AJOL)

    ... recommended to be combined with other techniques, such as client-side software, data transaction protocols, web server software, and the network server operating system involved in handling e-commerce, for securing internet transaction. This recommendation will invariable ensure that internet transaction is secured.

  7. Security incidents on the Internet, 1989--1995

    Energy Technology Data Exchange (ETDEWEB)

    Howard, J.D.

    1995-12-31

    This paper presents an analysis of trends in Internet security based on an investigation of 4,299 Internet security-related incidents reported to the CERT{reg_sign} Coordination Center (CERT{reg_sign}/CC) from 1989 through 1995. Prior to this research, knowledge of actual Internet security incidents was limited and primarily anecdotal. This research: (1) developed a taxonomy to classify Internet attacks and incidents, (2) organized, classified, and analyzed CERT{reg_sign}/CC incident records, (3) summarized the relative frequency of the use of tools and vulnerabilities, success in achieving access, and results of attacks, (4) estimated total Internet incident activity, (5) developed recommendations for Internet users and suppliers, and (6) developed recommendations for future research. With the exception of denial-of-service attacks, security incidents were found to be increasing at a rate less than Internet growth. Estimates showed that most, if not all, severe incidents were reported to the CERT{reg_sign}/CC, and that more than one out of three above average incidents (in terms of duration and number of sites) were reported. Estimates also indicated that a typical Internet site was involved in, at most, around one incident (of any kind) per year, and a typical Internet host in, at most, around one incident in 45 years. The probability of unauthorized privileged access was around an order of magnitude less likely. As a result, simple and reasonable security precautions should be sufficient for most Internet users.

  8. Data Transmission and Access Protection of Community Medical Internet of Things

    OpenAIRE

    Wang, Xunbao; Chen, Fulong; Ye, Heping; Yang, Jie; Zhu, Junru; Zhang, Ziyang; Huang, Yakun

    2017-01-01

    On the basis of Internet of Things (IoT) technologies, Community Medical Internet of Things (CMIoT) is a new medical information system and generates massive multiple types of medical data which contain all kinds of user identity data, various types of medical data, and other sensitive information. To effectively protect users’ privacy, we propose a secure privacy data protection scheme including transmission protection and access control. For the uplink transmission data protection, bidirect...

  9. Survey of Security and Privacy Issues of Internet of Things

    OpenAIRE

    Borgohain, Tuhin; Kumar, Uday; Sanyal, Sugata

    2015-01-01

    This paper is a general survey of all the security issues existing in the Internet of Things (IoT) along with an analysis of the privacy issues that an end-user may face as a consequence of the spread of IoT. The majority of the survey is focused on the security loopholes arising out of the information exchange technologies used in Internet of Things. No countermeasure to the security drawbacks has been analyzed in the paper.

  10. 78 FR 66318 - Securities Investor Protection Corporation

    Science.gov (United States)

    2013-11-05

    ...] Securities Investor Protection Corporation AGENCY: Securities and Exchange Commission. ACTION: Proposed rule. SUMMARY: The Securities Investor Protection Corporation (``SIPC'') filed a proposed rule change with the... satisfaction of customer claims for standardized options under the Securities Investor Protection Act of 1970...

  11. Development of an Internet Security Policy for health care establishments.

    Science.gov (United States)

    Ilioudis, C; Pangalos, G

    2000-01-01

    The Internet provides unprecedented opportunities for interaction and data sharing among health care providers, patients and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality and integrity of information. This paper defines the basic security requirements that must be addressed in order to use the Internet to safely transmit patient and/or other sensitive Health Care information. It describes a suitable Internet Security Policy for Health Care Establishments and provides the set of technical measures that are needed for its implementation. The proposed security policy and technical approaches have been based on an extensive study of the related recommendations from the security and standard groups both in EU amid USA and our related work and experience. The results have been utilized in the framework of the Intranet Health Clinic project, where the use of the Internet for the transmission of sensitive Health Care information is of vital importance.

  12. Security Techniques for Sensor Systems and the Internet of Things

    Science.gov (United States)

    Midi, Daniele

    2016-01-01

    Sensor systems are becoming pervasive in many domains, and are recently being generalized by the Internet of Things (IoT). This wide deployment, however, presents significant security issues. We develop security techniques for sensor systems and IoT, addressing all security management phases. Prior to deployment, the nodes need to be hardened. We…

  13. Security Threat Assessment of an Internet Security System Using Attack Tree and Vague Sets

    OpenAIRE

    Kuei-Hu Chang

    2014-01-01

    Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system’s elementary event are incomplete—the traditional approach for ca...

  14. Crisis-management and the Security in the Internet

    Science.gov (United States)

    Harada, Izumi

    This paper discusses about the crisis-management and the security in the Internet. The crime that not is so far occurs during widespread to the society of the Internet, and a big social trouble. Moreover, the problem of a new security such as a cyber war and cyber terrorism appeared, too. It is necessary to recognize such a situation, and to do both correspondences corresponding to the environmental transformation by government and the people.

  15. PROBLEMS OF INFORMAT ION SECURITY: INTERNET OF THINGS

    OpenAIRE

    Stanislav A. Shikov

    2017-01-01

    Introduction: The article deals with the threats to information security in the internetworking of physical devices, also known as Internet of Things (IoT), and the security challenge in terms of home automation systems, ZigBee protocol, Tesla electric cars and Apple Pay mobile payment. Section provides the term definition and history of the Internet of Things. The IEEE 1888 IoT-related standard developed in 2011 as integrated solution based on energy-saving technologies for the Internet of T...

  16. Smart Security System For Home Appliances Control Based On Internet Of Things

    Directory of Open Access Journals (Sweden)

    Su Zin Zin Win

    2015-08-01

    Full Text Available Technology is always evolves. Home security is essential for occupants convenience and protection. Security systems are being preferred over manual system. With the rapid increase in the number of users of internet over the past decade has made Internet a part and parcel of life and IoTs is the latest and emerging internet technology. Home Appliances Control of Smart Security System using IoTs uses computers or mobile devices to control basic home functions and features through internet from anywhere around the world. This security system differs from other system by allowing the user to operate the system from anywhere around the world through internet connection. With the implementation of Arduino Mega microcontroller as an Embedded device security system design was constructed with many sensors and web server database. The Arduino Ethernet shield is used to eliminate the use of a personal computer PC. The motion sensing circuit temperature and humidity sensing circuit smoke or gas sensing circuit door lock sensing circuit light onoff circuit were designed to be connected with Arduino Mega microcontroller and Ethernet shield. This system can monitor the temperature and humidity values and the state of some sensors for intruder detection. It can also control the electric appliances like lights and door at home. Real time result was displayed on web server page via the internet.

  17. Can Cyberloafing and Internet Addiction Affect Organizational Information Security?

    Science.gov (United States)

    Hadlington, Lee; Parsons, Kathryn

    2017-09-01

    Researchers have noted potential links between Internet addiction, the use of work computers for nonwork purposes and an increased risk of threat to the organization from breaches in cybersecurity. However, much of this research appears conjectural in nature and lacks clear empirical evidence to support such claims. To fill this knowledge gap, a questionnaire-based study explored the link between cyberloafing, Internet addiction, and information security awareness (ISA). A total of 338 participants completed an online questionnaire, which comprised of the Online Cognition Scale, Cyberloafing Scale, and the Human Aspects of Information Security Questionnaire. Participants who reported higher Internet addiction and cyberloafing tendencies had lower ISA, and Internet addiction and cyberloafing predicted a significant 45 percent of the variance in ISA. Serious cyberloafing, such as the propensity to visit adult websites and online gambling, was shown to be the significant predictor for poorer ISA. Implications for organizations and recommendations to reduce or manage inappropriate Internet use are discussed.

  18. PROBLEMS OF INFORMAT ION SECURITY: INTERNET OF THINGS

    Directory of Open Access Journals (Sweden)

    Stanislav A. Shikov

    2017-03-01

    Full Text Available Introduction: The article deals with the threats to information security in the internetworking of physical devices, also known as Internet of Things (IoT, and the security challenge in terms of home automation systems, ZigBee protocol, Tesla electric cars and Apple Pay mobile payment. Section provides the term definition and history of the Internet of Things. The IEEE 1888 IoT-related standard developed in 2011 as integrated solution based on energy-saving technologies for the Internet of Things. The author considers security challenges for the “smart home” system. Next section reviews the experiments of the author involved in testing of the Internet of Things devices. Materials and Methods: The subjects of study are the Apple Pay, the ZigBee wireless standard, Tesla Model S electric cars. The main methods for identification of security threats are analysis and comparison. Results: The companies of electronic devices simplify and reduce the price of manufacturing process. The customers and users are rarely interested in levels of electronic devices security policies. This is the weakest link of electronic products in terms of security and safety. The tests demonstrated that modern electronic-based technologies do not reach the 100-percentage security level. Apple Pay mobile payment system demonstrated the highest security rating. Discussion and Conclusions: Modern electronic devices for Internet of Things does not meet all safety requirements, from the point of view of the author. The article recommends analyzing the potential threats and developing new security standards. In addition, the logistics of electronic devices for Internet of Things need to be under control from the manufacturer to equipment installation time.

  19. Security threat assessment of an Internet security system using attack tree and vague sets.

    Science.gov (United States)

    Chang, Kuei-Hu

    2014-01-01

    Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system's elementary event are incomplete--the traditional approach for calculating reliability--is no longer applicable. Moreover, it does not consider the failure probability of the bottom events suffered in the attack, which may bias conclusions. In order to effectively solve the problem above, this paper proposes a novel technique, integrating attack tree and vague sets for security threat assessment. For verification of the proposed approach, a numerical example of an Internet security system security threat assessment is adopted in this paper. The result of the proposed method is compared with the listing approaches of security threat assessment methods.

  20. Competitive Cyber-Insurance and Internet Security

    Science.gov (United States)

    Shetty, Nikhil; Schwartz, Galina; Felegyhazi, Mark; Walrand, Jean

    This paper investigates how competitive cyber-insurers affect network security and welfare of the networked society. In our model, a user's probability to incur damage (from being attacked) depends on both his security and the network security, with the latter taken by individual users as given. First, we consider cyberinsurers who cannot observe (and thus, affect) individual user security. This asymmetric information causes moral hazard. Then, for most parameters, no equilibrium exists: the insurance market is missing. Even if an equilibrium exists, the insurance contract covers only a minor fraction of the damage; network security worsens relative to the no-insurance equilibrium. Second, we consider insurers with perfect information about their users' security. Here, user security is perfectly enforceable (zero cost); each insurance contract stipulates the required user security. The unique equilibrium contract covers the entire user damage. Still, for most parameters, network security worsens relative to the no-insurance equilibrium. Although cyber-insurance improves user welfare, in general, competitive cyber-insurers fail to improve network security.

  1. Protective force legal issues: the security perspective

    International Nuclear Information System (INIS)

    Rich, B.L.

    1984-01-01

    There has been much discussion and some controversy on the legal issues faced by the Department of Energy's (DOE) protective forces in the performance of their security duties. These include the observance of legal proprieties in the arrest of non-violent demonstrators, the use of lethal weapons, and the extent of protective forces' authority to carry weapons and protect DOE's security interests offsite. In brief, the need to protect DOE's security interests may be in nominal conflict with other requirements. When faced with a potential conflict in requirements, we in the DOE security community must place first attention to the security mission -- to deter and prevent hostile acts

  2. Capacitation in radiological protection by internet

    International Nuclear Information System (INIS)

    Pena, Juan J.; Vega, Jose Maria; Rossell, Maria Angeles; Calvo, Jose L.; Galvez, Manuel

    2001-01-01

    This paper makes a proposal to use the Web for training Radiation Protection in Spanish/Portuguese languages. The Iberoamerican Group of Scientific Societies of Radioprotection (GRIAPRA) should take the lead of this educational project, to get in two years the following objectives: to prepare educational resources about Radioprotection in Spanish/Portuguese languages with the support of two Internet servers, one of them will be in Latin-American and the other in Spain; to talk over the methods for exchanging information between the teachers, tutors and students interested in participating in this project, to have a thorough knowledge of the activities and courses supported by the two internet servers; to set up agreements with Universities and professional Institutions related with Radioprotection in order that students, who get pass all the evaluations, exams and practical presential training organized in reference Centers previously selected, could obtain an academic accreditation. (author)

  3. 78 FR 5116 - NASA Information Security Protection

    Science.gov (United States)

    2013-01-24

    ... 2700-AD61 NASA Information Security Protection AGENCY: National Aeronautics and Space Administration..., projects, plans, or protection services relating to the national security; or (h) The development... implement the provisions of Executive Order (E.O.) 13526, Classified National Security Information, and...

  4. Securing internet by eliminating DDOS attacks

    Science.gov (United States)

    Niranchana, R.; Gayathri Devi, N.; Santhi, H.; Gayathri, P.

    2017-11-01

    The major threat caused to the authorised usage of Internet is Distributed Denial of Service attack. The mechanisms used to prevent the DDoS attacks are said to overcome the attack’s ability in spoofing the IP packets source addresses. By utilising Internet Protocol spoofing, the attackers cause a consequential load over the networks destination for policing attack packets. To overcome the IP Spoofing level on the Internet, We propose an Inter domain Packet Filter (IPF) architecture. The proposed scheme is not based on global routing information. The packets with reliable source addresses are not rejected, the IPF frame work works in such a manner. The spoofing capability of attackers is confined by IPF, and also the filter identifies the source of an attack packet by minimal number of candidate network.

  5. On Secure Workflow Decentralisation on the Internet

    Directory of Open Access Journals (Sweden)

    Petteri Kaskenpalo

    2010-06-01

    Full Text Available Decentralised workflow management systems are a new research area, where most work to-date has focused on the system's overall architecture. As little attention has been given to the security aspects in such systems, we follow a security driven approach, and consider, from the perspective of available security building blocks, how security can be implemented and what new opportunities are presented when empowering the decentralised environment with modern distributed security protocols. Our research is motivated by a more general question of how to combine the positive enablers that email exchange enjoys, with the general benefits of workflow systems, and more specifically with the benefits that can be introduced in a decentralised environment. This aims to equip email users with a set of tools to manage the semantics of a message exchange, contents, participants and their roles in the exchange in an environment that provides inherent assurances of security and privacy. This work is based on a survey of contemporary distributed security protocols, and considers how these protocols could be used in implementing a distributed workflow management system with decentralised control . We review a set of these protocols, focusing on the required message sequences in reviewing the protocols, and discuss how these security protocols provide the foundations for implementing core control-flow, data, and resource patterns in a distributed workflow environment.

  6. Security for Multimedia Space Data Distribution over the Internet

    Science.gov (United States)

    Stone, Thom; Picinich, Lou; Givens, John J. (Technical Monitor)

    1995-01-01

    Distribution of interactive multimedia to remote investigators will be required for high quality science on the International Space Station (ISS). The Internet with the World Wide Web (WWW) and the JAVA environment are a good match for distribution of data, video and voice to remote science centers. Utilizing the "open" Internet in a secure manner is the major hurdle in making use of this cost effective, off-the-shelf, universal resource. This paper examines the major security threats to an Internet distribution system for payload data and the mitigation of these threats. A proposed security environment for the Space Station Biological Research Facility (SSBRP) is presented with a short description of the tools that have been implemented or planned. Formulating and implementing a security policy, firewalls, host hardware and software security are also discussed in this paper. Security is a vast topic and this paper can only give an overview of important issues. This paper postulates that a structured approach is required and stresses that security must be built into a network from the start. Ignoring security issues or putting them off until late in the development cycle can be disastrous.

  7. Towards secure name resolution on the internet

    NARCIS (Netherlands)

    Grothoff, C.; Wachs, M.; Ermert, M.; Appelbaum, J.

    2018-01-01

    The Domain Name System (DNS) provides crucial name resolution functions for most Internet services. As a result, DNS traffic provides an important attack vector for spy agencies, as demonstrated by the QUANTUMDNS and MORECOWBELL programs of the NSA. This article reviews how DNS works, and explains

  8. Internet of Cloud: Security and Privacy issues

    OpenAIRE

    Cook, Allan; Robinson, Michael; Ferrag, Mohamed Amine; Maglaras, Leandros A.; He, Ying; Jones, Kevin; Janicke, Helge

    2017-01-01

    The synergy between the cloud and the IoT has emerged largely due to the cloud having attributes which directly benefit the IoT and enable its continued growth. IoT adopting Cloud services has brought new security challenges. In this book chapter, we pursue two main goals: 1) to analyse the different components of Cloud computing and the IoT and 2) to present security and privacy problems that these systems face. We thoroughly investigate current security and privacy preservation solutions th...

  9. A roadmap for security challenges in the Internet of Things

    Directory of Open Access Journals (Sweden)

    Arbia Riahi Sfar

    2018-04-01

    Full Text Available Unquestionably, communicating entities (object, or things in the Internet of Things (IoT context are playing an active role in human activities, systems and processes. The high connectivity of intelligent objects and their severe constraints lead to many security challenges, which are not included in the classical formulation of security problems and solutions. The Security Shield for IoT has been identified by DARPA (Defense Advanced Research Projects Agency as one of the four projects with a potential impact broader than the Internet itself. To help interested researchers contribute to this research area, an overview of the IoT security roadmap overview is presented in this paper based on a novel cognitive and systemic approach. The role of each component of the approach is explained, we also study its interactions with the other main components, and their impact on the overall. A case study is presented to highlight the components and interactions of the systemic and cognitive approach. Then, security questions about privacy, trust, identification, and access control are discussed. According to the novel taxonomy of the IoT framework, different research challenges are highlighted, important solutions and research activities are revealed, and interesting research directions are proposed. In addition, current standardization activities are surveyed and discussed to the ensure the security of IoT components and applications. Keywords: Internet of Things, Systemic and cognitive approach, Security, Privacy, Trust, Identification, Access control

  10. Security issues in Internet of Things

    OpenAIRE

    Solà Campillo, Oriol

    2017-01-01

    The main idea behind the concept of the Internet of Things (IoT) is to connect all kinds of everyday objects, thus enabling them to communicate to each other and enabling people to communicate to them. IoT is an extensive concept that encompasses a wide range of technologies and applications. This document gives an introduction to what the IoT is, its fundamental characteristics and the enabling technologies that are currently being used. However, the technologies for the IoT are still evolvi...

  11. Security Framework and Jamming Detection for Internet of Things

    DEFF Research Database (Denmark)

    Babar, Sachin D.

    The Internet of Things (IoT) consists of billions of people, things and services having the potential to interact with each other and their environment. This highly interconnected global network structure presents new types of challenges from a security, trust and privacy perspective. Hence...

  12. A survey of secure middleware for the Internet of Things

    Directory of Open Access Journals (Sweden)

    Paul Fremantle

    2017-05-01

    Full Text Available The rapid growth of small Internet connected devices, known as the Internet of Things (IoT, is creating a new set of challenges to create secure, private infrastructures. This paper reviews the current literature on the challenges and approaches to security and privacy in the Internet of Things, with a strong focus on how these aspects are handled in IoT middleware. We focus on IoT middleware because many systems are built from existing middleware and these inherit the underlying security properties of the middleware framework. The paper is composed of three main sections. Firstly, we propose a matrix of security and privacy threats for IoT. This matrix is used as the basis of a widespread literature review aimed at identifying requirements on IoT platforms and middleware. Secondly, we present a structured literature review of the available middleware and how security is handled in these middleware approaches. We utilise the requirements from the first phase to evaluate. Finally, we draw a set of conclusions and identify further work in this area.

  13. Hospital security: "protecting the business".

    Science.gov (United States)

    Maas, Jos

    2013-01-01

    Implementing management science into security isn't hard and is more necessary than ever according to the author who presents and illustrates a five point plan that he says will get the security job done easier and with more commitment from the Board.

  14. Predictors and protective factors for adolescent Internet victimization

    DEFF Research Database (Denmark)

    Helweg-Larsen, Karin; Schütt, Nina; Larsen, Helmer Bøving

    2012-01-01

    To examine the rate of Internet victimization in a nationally representative sample of adolescents aged 14-17 and to analyze predictors and protective factors for victimization.......To examine the rate of Internet victimization in a nationally representative sample of adolescents aged 14-17 and to analyze predictors and protective factors for victimization....

  15. The summarize of the technique about proactive network security protection

    International Nuclear Information System (INIS)

    Liu Baoxu; Li Xueying; Cao Aijuan; Yu Chuansong; Xu Rongsheng

    2003-01-01

    The proactive protection measures and the traditional passive security protection tools are complementarities each other. It also can supply the conventional network security protection system and enhance its capability of the security protection. Based upon sorts of existing network security technologies, this article analyses and summarizes the technologies, functions and the development directions of some key proactive network security protection tools. (authors)

  16. Implementation of the Internet of Things on Public Security

    Science.gov (United States)

    Lu, Kesheng; Li, Xichun

    The development of the Internet of Things will occur within a new ecosystem that will be driven by a number of key players. The public security as one of the key players is going to make real-time communications will be possible not only by humans but also by things at anytime and from anywhere. This research will present the advent of the Internet of Things to create a plethora of innovative applications and services, which will enhance quality of life and reduce inequalities.

  17. Ethical considerations in internet use of electronic protected health information.

    Science.gov (United States)

    Polito, Jacquelyn M

    2012-03-01

    Caregivers, patients, and their family members are increasingly reliant on social network websites for storing, communicating, and referencing medical information. The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule seeks balance by protecting the privacy of patients' health information and assuring that this information is available to those who need it to provide health care. Though federal and state governments have created laws and policies to safeguard patient privacy and confidentiality, the laws are inadequate against the rapid and innovative use of electronic health websites. As Internet use broadens access to information, health professionals must be aware that this information is not always secure. We must identify and reflect on medical ethics issues and be accountable for maintaining privacy for the patient.

  18. Information security protecting the global enterprise

    CERN Document Server

    Pipkin, Donald L

    2000-01-01

    In this book, IT security expert Donald Pipkin addresses every aspect of information security: the business issues, the technical process issues, and the legal issues. Pipkin starts by reviewing the key business issues: estimating the value of information assets, evaluating the cost to the organization if they are lost or disclosed, and determining the appropriate levels of protection and response to security incidents. Next, he walks through the technical processes required to build a consistent, reasonable information security system, with appropriate intrusion detection and reporting features. Finally, Pipkin reviews the legal issues associated with information security, including corporate officers' personal liability for taking care that information is protected. The book's coverage is applicable to businesses of any size, from 50 employees to 50,000 or more, and ideal for everyone who needs at least a basic understanding of information security: network/system administrators, managers, planners, archite...

  19. A Comparison of Internet Protocol (IPv6 Security Guidelines

    Directory of Open Access Journals (Sweden)

    Steffen Hermann

    2014-01-01

    Full Text Available The next generation of the Internet Protocol (IPv6 is currently about to be introduced in many organizations. However, its security features are still a very novel area of expertise for many practitioners. This study evaluates guidelines for secure deployment of IPv6, published by the U.S. NIST and the German federal agency BSI, for topicality, completeness and depth. The later two are scores defined in this paper and are based on the Requests for Comments relevant for IPv6 that were categorized, weighted and ranked for importance using an expert survey. Both guides turn out to be of practical value, but have a specific focus and are directed towards different audiences. Moreover, recommendations for possible improvements are presented. Our results could also support strategic management decisions on security priorities as well as for the choice of security guidelines for IPv6 roll-outs.

  20. The security concern on internet banking adoption among Malaysian banking customers.

    Science.gov (United States)

    Sudha, Raju; Thiagarajan, A S; Seetharaman, A

    2007-01-01

    The existing literatures highlights that the security is the primary factor which determines the adoption of Internet banking technology. The secondary information on Internet banking development in Malaysia shows a very slow growth rate. Hence, this study aims to study the banking customers perception towards security concern and Internet banking adoption through the information collected from 150 sample respondents. The data analysis reveals that the customers have much concern about security and privacy issue in adoption of Internet banking, whether the customers are adopted Internet banking or not. Hence, it infers that to popularize Internet banking system there is a need for improvement in security and privacy issue among the banking customers.

  1. A Survey of Security Challenges in Internet of Things

    Directory of Open Access Journals (Sweden)

    Anass Sedrati

    2018-01-01

    Full Text Available Internet of things (IoT is an innovative technology subject to all kind of imaginary and science fictional solutions. Dreams and speculations are still possible about it. A technology combining real life objects and virtual life (Internet is indeed a fertile pitch of fantasy and original ideas. However, IoT has in practice to face several challenges to ensure its function and operability in a near future. This paper defines first some technical challenges of IoT today, before focusing on security-related ones via a layered architecture of IoT that we suggest. Finally, a number of actions and required future work is presented to enhance IoT security (Privacy, Lightweight crypto, etc..

  2. Infectious disease protection for healthcare security officers.

    Science.gov (United States)

    D'Angelo, Michael S; Arias, Jean

    2015-01-01

    Healthcare Security should be considered an active component in an infectious disease event, the authors maintain, and security officers must be included in an Employee Health screening and N95 fit testing initiative to safely welcome the incoming infected patients. In this article, they spell out the different levels of precautions officers should become familiar with in order to protect themselves.

  3. Twenty security considerations for cloud-supported Internet of Things

    OpenAIRE

    Singh, Jatinder; Pasquier, Thomas; Bacon, Jean Margaret; Ko, Hajoon; Eyers, David

    2015-01-01

    To realise the broad vision of pervasive computing, underpinned by the “Internet of Things” (IoT), it is essential to break down application and technology-based silos and support broad connectivity and data sharing; the cloud being a natural enabler. Work in IoT tends towards the subsystem, often focusing on particular technical concerns or application domains, before offloading data to the cloud. As such, there has been little regard given to the security, privacy and p...

  4. Quality of protection evaluation of security mechanisms.

    Science.gov (United States)

    Ksiezopolski, Bogdan; Zurek, Tomasz; Mokkas, Michail

    2014-01-01

    Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol.

  5. Quality of Protection Evaluation of Security Mechanisms

    Science.gov (United States)

    Ksiezopolski, Bogdan; Zurek, Tomasz; Mokkas, Michail

    2014-01-01

    Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol. PMID:25136683

  6. Privacy protection on the internet: The European model

    Directory of Open Access Journals (Sweden)

    Baltezarević Vesna

    2017-01-01

    Full Text Available The Internet has a huge impact on all areas of social activity. Everyday life, social interaction and economics are directed to new information and communication technologies. A positive aspect of the new technology is reflected in the fact that it has created a virtual space that has led to the elimination of the various barriers, which has enabled interaction and information exchange across the world. Inclusion in the virtual social network provides connectivity for communicators who are looking for space that allows them freedom of expression and connect them with new ' friends'. Because of the feeling of complete freedom and the absence of censorship on the network communicators leave many personal details and photos, without thinking about the possible abuses of privacy. Recording of the different incidents on the network has resulted in the need to take precaution measures, in order to protect the users and the rule of law, given that freedom on the network is only possible with the existence of an adequate system of safety and security. In this paper we deal with the problem of the protection of personal data of users of virtual social networks against malicious activity and abuse, with special reference to the activities of the European Union in an effort to regulate this area. The European Commission has concentrated on finding the best solutions to protect the user's virtual space for more than two decades, starting from 1995 until a directive on security of networks and information systems, which was adopted in the first half of 2016.

  7. Data Transmission and Access Protection of Community Medical Internet of Things

    Directory of Open Access Journals (Sweden)

    Xunbao Wang

    2017-01-01

    Full Text Available On the basis of Internet of Things (IoT technologies, Community Medical Internet of Things (CMIoT is a new medical information system and generates massive multiple types of medical data which contain all kinds of user identity data, various types of medical data, and other sensitive information. To effectively protect users’ privacy, we propose a secure privacy data protection scheme including transmission protection and access control. For the uplink transmission data protection, bidirectional identity authentication and fragmented multipath data transmission are used, and for the downlink data protection, fine grained access control and dynamic authorization are used. Through theoretical analysis and experiment evaluation, it is proved that the community medical data can be effectively protected in the transmission and access process without high performance loss.

  8. Security Considerations around End-to-End Security in the IP-based Internet of Things

    NARCIS (Netherlands)

    Brachmann, M.; Garcia-Mochon, O.; Keoh, S.L.; Kumar, S.S.

    2012-01-01

    The IP-based Internet of Things refers to the interconnection of smart objects in a Low-power and Lossy Network (LLN) with the Internetby means of protocols such as 6LoWPAN or CoAP. The provisioning of an end-to-end security connection is the key to ensure basic functionalities such as software

  9. Secure and privacy-preserving data communication in Internet of Things

    CERN Document Server

    Zhu, Liehuang; Xu, Chang

    2017-01-01

    This book mainly concentrates on protecting data security and privacy when participants communicate with each other in the Internet of Things (IoT). Technically, this book categorizes and introduces a collection of secure and privacy-preserving data communication schemes/protocols in three traditional scenarios of IoT: wireless sensor networks, smart grid and vehicular ad-hoc networks recently. This book presents three advantages which will appeal to readers. Firstly, it broadens reader’s horizon in IoT by touching on three interesting and complementary topics: data aggregation, privacy protection, and key agreement and management. Secondly, various cryptographic schemes/protocols used to protect data confidentiality and integrity is presented. Finally, this book will illustrate how to design practical systems to implement the algorithms in the context of IoT communication. In summary, readers can simply learn and directly apply the new technologies to communicate data in IoT after reading this book.

  10. Lightweight S-Box Architecture for Secure Internet of Things

    Directory of Open Access Journals (Sweden)

    A. Prathiba

    2018-01-01

    Full Text Available Lightweight cryptographic solutions are required to guarantee the security of Internet of Things (IoT pervasiveness. Cryptographic primitives mandate a non-linear operation. The design of a lightweight, secure, non-linear 4 × 4 substitution box (S-box suited to Internet of Things (IoT applications is proposed in this work. The structure of the 4 × 4 S-box is devised in the finite fields GF (24 and GF ((222. The finite field S-box is realized by multiplicative inversion followed by an affine transformation. The multiplicative inverse architecture employs Euclidean algorithm for inversion in the composite field GF ((222. The affine transformation is carried out in the field GF (24. The isomorphic mapping between the fields GF (24 and GF ((222 is based on the primitive element in the higher order field GF (24. The recommended finite field S-box architecture is combinational and enables sub-pipelining. The linear and differential cryptanalysis validates that the proposed S-box is within the maximal security bound. It is observed that there is 86.5% lesser gate count for the realization of sub field operations in the composite field GF ((222 compared to the GF (24 field. In the PRESENT lightweight cipher structure with the basic loop architecture, the proposed S-box demonstrates 5% reduction in the gate equivalent area over the look-up-table-based S-box with TSMC 180 nm technology.

  11. [Security specifications for electronic medical records on the Internet].

    Science.gov (United States)

    Mocanu, Mihai; Mocanu, Carmen

    2007-01-01

    The extension for the Web applications of the Electronic Medical Record seems both interesting and promising. Correlated with the expansion of Internet in our country, it allows the interconnection of physicians of different specialties and their collaboration for better treatment of patients. In this respect, the ophthalmologic medical applications consider the increased possibilities for monitoring chronic ocular diseases and for the identification of some elements for early diagnosis and risk factors supervision. We emphasize in this survey some possible solutions to the problems of interconnecting medical information systems to the Internet: the achievement of interoperability within medical organizations through the use of open standards, the automated input and processing for ocular imaging, the use of data reduction techniques in order to increase the speed of image retrieval in large databases, and, last but not least, the resolution of security and confidentiality problems in medical databases.

  12. Security and Privacy Grand Challenges for the Internet of Things

    Energy Technology Data Exchange (ETDEWEB)

    Fink, Glenn A.; Zarzhitsky, Dimitri V.; Carroll, Thomas E.; Farquhar, Ethan D.

    2015-08-20

    Abstract— The growth of the Internet of Things (IoT) is driven by market pressures, and while security is being considered, the relationship between the unintended consequences of billions of such devices connecting to the Internet cannot be described with existing mathematical methods. The possibilities for illicit surveillance through lifestyle analysis, unauthorized access to information, and new attack vectors will continue to increase by 2020, when up-to 50 billion devices may be connected. This paper discusses various kinds of vulnerabilities that can be expected to arise, and presents a research agenda for mitigating the worst of the impacts. We hope to draw research attention to the potential dangers of IoT so that many of these problems can be avoided.

  13. INTERNET SECURITY – TECHNOLOGY AND SOCIAL AWARENESS OF THE DANGERS

    Directory of Open Access Journals (Sweden)

    Laskowski Piotr Paweł

    2017-06-01

    Full Text Available The article describes selected issues related to user safety on the Internet. This safety consists of a number of factors such as the technology that we use to communicate and to browse the Internet, and habits and behaviors that we have acquired and through which we can identify at least some typical hazards encountered on the Web. Knowledge of software and the ability to use it and to configure it properly as well as checking regularly for security updates reduces the risk of data loss or identity theft. Public awareness of threats continues to grow, but there are also new, previously unknown threats; that is why it is so important to inform of the dangers by all available channels of communication.

  14. Design and Security Analysis of a Fragment of Internet of Things Telecommunication System

    Directory of Open Access Journals (Sweden)

    V. A. Alexandrov

    2016-01-01

    Full Text Available This paper comprises the development and implementation of systems using the concept of Internet of Things. In terms of active development of industries, use the concept of the Internet of Things, the information security problem is urgent. To create a protected module of information-telecommunication system which implements the Internet of Things concept, it is important to take into account all its aspects. To determine relevant threats, it is necessary to use the detailed risk analysis according to existing GOST standards when choosing protection measures, one must rely on identified relevant threats. Actual threats and necessary protective actions are determined in this paper for implementation of Smart House computer appliance module, in order to develop a protected part of Smart House, which is necessary for realization of room access control. We solved the following tasks in the work, namely, a description of the system Smart Home, a description of steps and evaluation system security Smart Home; implementation of hardware assembly and writing a code for the selected fragment of the system; safety evaluation of the selected fragment Smart House and identification of actual threats; make recommendations to counter current threats; software implementation of one of the most urgent threats and software implementation of protective measures for a selected threat. A feature of the work is an integrated approach to the design with the use of the intruder models, analysis of the system’s assets and evaluation of their security.

  15. To the Question of Information Security and Providing State and Municipal Services by Means of the Internet

    Directory of Open Access Journals (Sweden)

    Alexander A. Galushkin

    2015-09-01

    Full Text Available In the present article author investigates interconnected questions of information security and providing state and municipal services by means of the global information Internet. Author analyzes opinions of the number of leading Russian and foreign experts and scientists. In the summary author draws a conclusion that implementation of rules of law answering to modern realities and also fruitful work of law enforcement and supervisory authorities regarding law application practice improvement is necessary for information security and human rights protection.

  16. Teleradiology mobile internet system with a new information security solution

    Science.gov (United States)

    Satoh, Hitoshi; Niki, Noboru; Eguchi, Kenji; Ohmatsu, Hironobu; Kusumoto, Masahiko; Kaneko, Masahiro; Moriyama, Noriyuki

    2014-03-01

    We have developed an external storage system by using secret sharing scheme and tokenization for regional medical cooperation, PHR service and information preservation. The use of mobile devices such as smart phones and tablets will be accelerated for a PHR service, and the confidential medical information is exposed to the risk of damage and intercept. We verified the transfer rate of the sending and receiving of data to and from the external storage system that connected it with PACS by the Internet this time. External storage systems are the data centers that exist in Okinawa, in Osaka, in Sapporo and in Tokyo by using secret sharing scheme. PACS continuously transmitted 382 CT images to the external data centers. Total capacity of the CT images is about 200MB. The total time that had been required to transmit was about 250 seconds. Because the preservation method to use secret sharing scheme is applied, security is strong. But, it also takes the information transfer time of this system too much. Therefore, DICOM data is masked to the header information part because it is made to anonymity in our method. The DICOM data made anonymous is preserved in the data base in the hospital. Header information including individual information is divided into two or more tallies by secret sharing scheme, and preserved at two or more external data centers. The token to relate the DICOM data anonymity made to header information preserved outside is strictly preserved in the token server. The capacity of header information that contains patient's individual information is only about 2% of the entire DICOM data. This total time that had been required to transmit was about 5 seconds. Other, common solutions that can protect computer communication networks from attacks are classified as cryptographic techniques or authentication techniques. Individual number IC card is connected with electronic certification authority of web medical image conference system. Individual number IC

  17. Current evaluation of the information about Radiological Protection in Internet

    International Nuclear Information System (INIS)

    Ruiz-Cruces, R.; Marco, M.; Villanueva, I.

    2003-01-01

    To analyze the current situation about the pedagogic information on radiological protection training which could be found in Internet. More than 756 web-pages have been visited in Internet about Radiological Protection in the nuclear and medical fields, providing information mainly focusing on information to the members of the public. In this search were used internet Searching Appliance (as Copernicus, Google and Scirus), using key words related with this subject (as Radiological Protection and Health Safety), getting the internet address of organizations, societies and investigation groups. Only a low percentage (less than 5 per cent) of these addresses content information on Radiological Protection for the members of the public, including information about the regulator Organizations, and which are the objectives for protection of the members of the public against ionization radiation (from the point of view of the use of the ionization radiation in the medical and nuclear field). This work attempts to propose the use of internet as a tool for informing the members of the public in matter of radiological protection, as first link in the chain of the training and education. (Author)

  18. Information Security Problem on Internet%因特网上的信息安全问题

    Institute of Scientific and Technical Information of China (English)

    郭晓苗

    2000-01-01

    With the wide use of Internet,the information security problem on Internet becomes more and more serious.The article gives an overall description of the information security problem on Internet,the cause of the problem and some threats to the information security on Internet.

  19. Privacy Information Security Classification for Internet of Things Based on Internet Data

    OpenAIRE

    Lu, Xiaofeng; Qu, Zhaowei; Li, Qi; Hui, Pan

    2015-01-01

    A lot of privacy protection technologies have been proposed, but most of them are independent and aim at protecting some specific privacy. There is hardly enough deep study into the attributes of privacy. To minimize the damage and influence of the privacy disclosure, the important and sensitive privacy should be a priori preserved if all privacy pieces cannot be preserved. This paper focuses on studying the attributes of the privacy and proposes privacy information security classification (P...

  20. Data Protection for the Internet of Things

    OpenAIRE

    Suppan, Santiago Reinhard

    2018-01-01

    The Internet of Things (abbreviated: “IoT”) is acknowledged as one of the most important disruptive technologies with more than 16 billion devices forecasted to interact autonomously by 2020. The idea is simple, devices will help to measure the status of physical objects. The devices, containing sensors and actuators, are so small that they can be integrated or attached to any object in order to measure that object and possibly change its status accordingly. A process or work flow is then able...

  1. Critical Infrastructure Protection: Maintenance is National Security

    Directory of Open Access Journals (Sweden)

    Kris Hemme

    2015-10-01

    Full Text Available U.S. critical infrastructure protection (CIP necessitates both the provision of security from internal and external threats and the repair of physically damaged critical infrastructure which may disrupt services. For years, the U.S. infrastructure has been deteriorating, triggering enough damage and loss of life to give cause for major concern. CIP is typically only addressed after a major disaster or catastrophe due to the extreme scrutiny that follows these events. In fact, CIP has been addressed repeatedly since Presidential Decision Directive Sixty-Three (PDD Sixty-Three signed by President Bill Clinton on May Twenty-Second, 1998.[1] This directive highlighted critical infrastructure as “a growing potential vulnerability” and recognized that the United States has to view the U.S. national infrastructure from a security perspective due to its importance to national and economic security. CIP must be addressed in a preventive, rather than reactive, manner.[2] As such, there are sixteen critical infrastructure sectors, each with its own protection plan and unique natural and man-made threats, deteriorations, and risks. A disaster or attack on any one of these critical infrastructures could cause serious damage to national security and possibly lead to the collapse of the entire infrastructure. [1] The White House, Presidential Decision Directive/NSC–63 (Washington D.C.: The White House, May 22, 1998: 1–18, available at: http://www.epa.gov/watersecurity/tools/trainingcd/Guidance/pdd-63.pdf. [2] Ibid, 1.

  2. The information systems security officer's guide establishing and managing an information protection program

    CERN Document Server

    Kovacich, Gerald L

    2003-01-01

    Information systems security continues to grow and change based on new technology and Internet usage trends. In order to protect your organization's confidential information, you need information on the latest trends and practical advice from an authority you can trust. The new ISSO Guide is just what you need. Information Systems Security Officer's Guide, Second Edition, from Gerald Kovacich has been updated with the latest information and guidance for information security officers. It includes more information on global changes and threats, managing an international information secur

  3. Trademarks, consumer protection and domain names on the Internet

    Directory of Open Access Journals (Sweden)

    Hana Kelblová

    2007-01-01

    Full Text Available The article deals with current problems of the conflict of domain names on the Internet with trade marks in relation to the consumer protection. The aim of the article is to refer to ways and means of protection against of the speculative registration of a domain name. In the Czech legal order these means represent legal regulation of the unfair competition in Commercial Code, regulation of liability for damage together with the Trademarks Act.

  4. Kaleidoscope on the Internet of Toys: Safety, security, privacy and societal insights

    OpenAIRE

    CHAUDRON STEPHANE; DI GIOIA Rosanna; GEMO Monica; HOLLOWAY Donell; MARSH Jackie; MASCHERONI Giovanna; PETER Jochen; YAMADA-RICE Dylan

    2016-01-01

    This paper gives an insight on safety, security, privacy and scocietal questions emerging from the rise of the Internet of Toys, meaning Internet Connected Toys that participate along with the wave of other domestic connected objects, the Internet of Things in increasing the ubiquity of the ICT within our everyday, closer to ourselves and our children more than ever. What changes and challenges 24/7 Internet connected devices, and Connected Toys particularly, will bring in our Society? What p...

  5. Personal health record systems and their security protection.

    Science.gov (United States)

    Win, Khin Than; Susilo, Willy; Mu, Yi

    2006-08-01

    The objective of this study is to analyze the security protection of personal health record systems. To achieve this we have investigated different personal health record systems, their security functions, and security issues. We have noted that current security mechanisms are not adequate and we have proposed some security mechanisms to tackle these problems.

  6. Secure Bootstrapping and Rebootstrapping for Resource-Constrained Thing in Internet of Things

    OpenAIRE

    Jung, Seung Wook; Jung, Souhwan

    2015-01-01

    In Internet of Things, secure key establishment and building trust relationship between the thing and the home gateway (or the controller) in home network or Body Area Network are extremely important. Without the guarantee of establishment of key and trust relationship, the traffic over the Internet of Things network cannot be presumed secure. Also, when the home gateway, which knows the shared secret key, is out of order and the new gateway should be installed, the secure key establishment a...

  7. Physical protection educational program - information security aspects

    International Nuclear Information System (INIS)

    Tolstoy, A.

    2002-01-01

    Full text: Conceptual approaches for designing an expert training program on object physical protection taking into account information security aspects are examined. A special educational course does not only address the immediate needs for an educational support but also ensures that new professionals include new concepts and knowledge in their practice and encourages current practitioners towards such practice. Features of the modern physical protection systems (PPS) and classification of information circulating at them are pointed out. The requirements to the PPS information protection subsystem are discussed. During the PPS expert training on information security (IS) aspects they should receive certain knowledge, on the basis of which they could competently define and carry out the PPS IS policy for a certain object. Thus, it is important to consider minimally necessary volume of knowledge taught to the PPS experts for independent and competent implementation of the above listed tasks. For the graduate PPS IS expert training it is also necessary to examine the normative and legal acts devoted to IS as a whole and the PPS IS in particular. It is caused by necessity of conformity of methods and information protection tools implemented on a certain object to the federal and departmental IS requirements. The departmental normative IS requirements define an orientation of the PPS expert training. By curriculum development it is necessary to precisely determine for whom the PPS experts are taught. The curriculum should reflect common features of the PPS functioning of the certain object type, i.e. it should be adapted to a certain customer of the experts. The specified features were taken into account by development of an educational course 'Information security of the nuclear facility physical protection systems', taught at the Moscow Engineering Physics Institute (State University) according to the Russian-American educational program 'Master in Physical

  8. Security Clearances and the Protection of National Security Information: Law and Procedures

    National Research Council Canada - National Science Library

    Cohen, Sheldon

    2000-01-01

    ... designed to protect National Security information. The report provides an authoritative compendium for lawyers, security officers and for managers of corporations who must deal with the legal and procedural aspects of security clearances...

  9. Protecting whistle-blowers: Anonymity on the internet

    International Nuclear Information System (INIS)

    Guinnessy, P.

    1997-01-01

    Even though strict legislation exists in many countries, it appears that the next few years should be a golden opportunity for groups to successfully monitor and publish the activity of the nuclear states, and human right violations through use of the Internet. The reasons for this are: 1. The Internet is becoming widespread even in repressive regimes; 2. Software is available to either hide messages from others or hide the mailers account; 3. Information from sites in other countries can be easily obtained to be read inside repressive regimes from the Internet. In this regard It is suggested the Pugwash or a similar organization should set up either an anonymous account to receive information or maybe use a more heavily protected cyperpunk remailer. Such an ability would hopefully prompt more people to notify treaty violations

  10. Nevada National Security Site Radiation Protection Program

    Energy Technology Data Exchange (ETDEWEB)

    none,

    2013-04-30

    Title 10 Code of Federal Regulations (CFR) Part 835, “Occupational Radiation Protection,” establishes radiation protection standards, limits, and program requirements for protecting individuals from ionizing radiation resulting from the conduct of U.S. Department of Energy (DOE) activities. 10 CFR 835.101(a) mandates that DOE activities be conducted in compliance with a documented Radiation Protection Program (RPP) as approved by DOE. This document promulgates the RPP for the Nevada National Security Site (NNSS), related (on-site or off-site) U.S. Department of Energy, National Nuclear Security Administration Nevada Field Office (NNSA/NFO) operations, and environmental restoration off-site projects. This RPP section consists of general statements that are applicable to the NNSS as a whole. The RPP also includes a series of appendices which provide supporting detail for the associated NNSS Tennant Organizations (TOs). Appendix H, “Compliance Demonstration Table,” contains a cross-walk for the implementation of 10 CFR 835 requirements. This RPP does not contain any exemptions from the established 10 CFR 835 requirements. The RSPC and TOs are fully compliant with 10 CFR 835 and no additional funding is required in order to meet RPP commitments. No new programs or activities are needed to meet 10 CFR 835 requirements and there are no anticipated impacts to programs or activities that are not included in the RPP. There are no known constraints to implementing the RPP. No guides or technical standards are adopted in this RPP as a means to meet the requirements of 10 CFR 835.

  11. Ultrabroadband photonic Internet: data mining approach to security aspects

    Science.gov (United States)

    Kalicki, Arkadiusz

    2009-06-01

    Web applications became most popular medium in the Internet. Popularity, easiness of web application frameworks together with careless development results in high number of vulnerabilities and attacks. There are several types of attacks possible because of improper input validation. SQL injection is ability to execute arbitrary SQL queries in a database through an existing application. Cross-site scripting is the vulnerability which allows malicious web users to inject code into the web pages viewed by other users. Cross-Site Request Forgery (CSRF) is an attack that tricks the victim into loading a page that contains malicious request. Web spam in blogs. In order to secure web applications intrusion detection (IDS) and intrusion prevention systems (IPS) are being used. Intrusion detection systems are divided in two groups: misuse detection (traditional IDS) and anomaly detection. Misuse detection systems are signature based, have high accuracy in detecting many kinds of known attacks but cannot detect unknown and emerging attacks. This can be complemented with anomaly based intrusion detection and prevention systems. This paper presents anomaly driven proxy as an IPS and data mining based algorithm which was used to detecting anomalies. The principle of this method is the comparison of the incoming HTTP traffic with a previously built profile that contains a representation of the "normal" or expected web application usage sequence patterns. The frequent sequence patterns are found with GSP algorithm. Some basic tests show that the software catches malicious requests.

  12. Protecting and securing the energy infrastructure

    Energy Technology Data Exchange (ETDEWEB)

    Gillham, B. [Conoco Canada Ltd., Calgary, AB (Canada)

    2002-07-01

    Critical Infrastructure Protection (CIP) includes protection against physical and cyber attacks as well as potential interruptions and vulnerabilities such as natural disasters and human error. CIP makes it possible to deal with the consequences of infrastructure failures that can have regional, national and international impacts. The energy sector is challenged because there has been an irreversible move to automated control systems and electronic transactions. In addition, due to mergers and joint ventures, the line between traditional oil, natural gas companies and power companies is not perfectly clear. Energy industries can no longer be seen in isolation of each other because they depend on other critical infrastructures. Industry should lead CIP programs through risk management assessments, develop and implement global information technology standards, and enhance response and recovery planning. The National Petroleum Council (NPC) will continue to develop the capabilities of the newly formed Information Sharing and Assessment Centre (ISAC). The sector will also continue to develop common vulnerability assessment goals. It was noted that response and recovery plans must include the cyber dimension, because there has been an increasing number of scans and probes from the Internet since the events of September 11, 2001. It was noted that physical incidents can often turn into cyber incidents and vice versa.

  13. Internet of people, things and services - the convergence of security, trust and privacy

    CSIR Research Space (South Africa)

    Eloff, JHP

    2009-12-01

    Full Text Available The Future Internet will consist of billions of people, things and services having the potential to interact with each other and their environment. This highly interconnected global network structure presents new types of challenges from a security...

  14. What we talk about when we talk about cybersecurity: security in internet governance debates

    Directory of Open Access Journals (Sweden)

    Josephine Wolff

    2016-09-01

    Full Text Available At meetings of internet governance organisations, participants generally agree that improving security is an important goal, but these conversations rarely yield consensus around how to achieve this outcome. One reason security plays this paradoxical role—as both a universal point of agreement and a continued source of contention—in these debates is that it has significantly different meanings to different stakeholders involved in these governance forums. In this paper, we discuss how different stakeholders define and frame internet security issues in the context of governance debates and analyse how these conflicting notions of security continue to shape emerging controversies.

  15. The Internet of Things: Perspectives on Security from RFID and WSN

    OpenAIRE

    Shah, Ayush; Pal, Ambar; Acharya, H. B.

    2016-01-01

    A massive current research effort focuses on combining pre-existing 'Intranets' of Things into one Internet of Things. However, this unification is not a panacea; it will expose new attack surfaces and vectors, just as it enables new applications. We therefore urgently need a model of security in the Internet of Things. In this regard, we note that IoT descends directly from pre-existing research (in embedded Internet and pervasive intelligence), so there exist several bodies of related work:...

  16. Protecting livelihoods, boosting food security in Kenya | IDRC ...

    International Development Research Centre (IDRC) Digital Library (Canada)

    2015-05-21

    May 21, 2015 ... Protecting livelihoods, boosting food security in Kenya ... America, and the Caribbean with funds from the Government of Canada's fast-start financing. ... Water management and food security in vulnerable regions of China.

  17. Protecting the Privacy and Security of Your Health Information

    Science.gov (United States)

    ... can be used and shared with others. The Security Rule sets rules for how your health information must be kept secure with administrative, technical, and physical safeguards. You may have additional protections and health information rights under your State's laws. ...

  18. Protecting livelihoods, boosting food security in Kenya | IDRC ...

    International Development Research Centre (IDRC) Digital Library (Canada)

    2015-05-21

    May 21, 2015 ... Protecting livelihoods, boosting food security in Kenya ... livestock fodder, with important outcomes for household food security. ... and all counties have since committed funding toward scaling up successful technologies.

  19. CNSS: Interagency Partnering to Protect Our National Security Systems

    National Research Council Canada - National Science Library

    Grimes, John G

    2008-01-01

    .... The CNSS performs the vital function of mobilizing the full, interagency National Security Community for the protection of telecommunications and information systems that support U.S. national security...

  20. Computer Security: Virus Highlights Need for Improved Internet Management

    Science.gov (United States)

    1989-06-01

    Kingdom. Page 47 GAO/IMTEC-89-57 Internet Computer Virus Appendix III Major Contributors to This Report Information Management and Technology ...resources; disrupts the intended use of the Internet ; or wastes resources, destroys the integrity of computer -based information , or compromises users...and information from the other party in order to assist in preparation for trial. Page 32 GAO/IMTEC-89-57 Internet Computer Virus Chapter 3 Factors

  1. Application to an Internet site in radiation protection

    International Nuclear Information System (INIS)

    Gambini, D.J.; Baum, T.P.; Spector, M.; Elgard, M.C.; Mechaly, Y.; Grainer, R.; Barritault, L.

    1997-01-01

    Training specialists in medical radiation protection is ensured by the Continuous Training Center of University Rene Descartes since 1990. The necessity of updating knowledge has urged us to develop an Internet site (http://www.citi2.fr/RADIO). Besides the mandatory functions of the educational management (secretariat, information on the stages, registrations, etc.) this site provides: 1. Practical information (addresses of administrative and technical organisms, presentation of radiation protection programs); 2. Scientific information (bibliographic bulletin of the EDF service of radiation protection, updated every two months, description of recent radiation protection works); 3. Institutional documentation (analysis of recent basic texts, ICRP publications, European directives). The interrogation of general interest asked via e-mail and forum allowing communication between experts, graduated students and the education faculty will be available on the site. The communication will be augmented by tele-formation modules for continuous distant training

  2. A socio-organizational approach to information systems security management in the context of internet banking

    OpenAIRE

    Koskosas, loannis Vasileios

    2004-01-01

    This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University. This thesis takes a social and organizational point of view for studying information systems security in the context of internet banking. While the internet provides opportunities for businesses to extend their public network infrastructure, reduce transaction costs, and sell a wide range of products and services worldwide, security threats impede the business. Although, a number ...

  3. Presentation of various types of electronic business available on the Internet, Advantages, Disadvantages, Key Requirements and Security, Implementation Model of an Electronic Business

    OpenAIRE

    Andreea A.S. Ionescu; Raul Serban

    2012-01-01

    This paper speaks about the advantages, disadvantages, key requirements necessary of an electronic business, the infrastructure of the Internet, the existing main networks on the Internet, standards used to develop electronic business and the security of an e-business environment. As we know in an organization the information is an asset that has value and should be protected and diversified. We also propose an implementation model of an electronic business that interconnects two concepts: ER...

  4. Valuing Equal Protection in Aviation Security Screening.

    Science.gov (United States)

    Nguyen, Kenneth D; Rosoff, Heather; John, Richard S

    2017-12-01

    The growing number of anti-terrorism policies has elevated public concerns about discrimination. Within the context of airport security screening, the current study examines how American travelers value the principle of equal protection by quantifying the "equity premium" that they are willing to sacrifice to avoid screening procedures that result in differential treatments. In addition, we applied the notion of procedural justice to explore the effect of alternative selective screening procedures on the value of equal protection. Two-hundred and twenty-two respondents were randomly assigned to one of three selective screening procedures: (1) randomly, (2) using behavioral indicators, or (3) based on demographic characteristics. They were asked to choose between airlines using either an equal or a discriminatory screening procedure. While the former requires all passengers to be screened in the same manner, the latter mandates all passengers undergo a quick primary screening and, in addition, some passengers are selected for a secondary screening based on a predetermined selection criterion. Equity premiums were quantified in terms of monetary cost, wait time, convenience, and safety compromise. Results show that equity premiums varied greatly across respondents, with many indicating little willingness to sacrifice to avoid inequitable screening, and a smaller minority willing to sacrifice anything to avoid the discriminatory screening. The selective screening manipulation was effective in that equity premiums were greater under selection by demographic characteristics compared to the other two procedures. © 2017 Society for Risk Analysis.

  5. Social Security Number Replacement Card Applications filed via the Internet

    Data.gov (United States)

    Social Security Administration — The Social Security Administration (SSA) provides a variety of ways to conduct business with the agency. SSA offers members of the public the opportunity to request...

  6. Science and Technology Resources on the Internet: Computer Security.

    Science.gov (United States)

    Kinkus, Jane F.

    2002-01-01

    Discusses issues related to computer security, including confidentiality, integrity, and authentication or availability; and presents a selected list of Web sites that cover the basic issues of computer security under subject headings that include ethics, privacy, kids, antivirus, policies, cryptography, operating system security, and biometrics.…

  7. Internet of Things (IoT Based Design of a Secure and Lightweight Body Area Network (BAN Healthcare System

    Directory of Open Access Journals (Sweden)

    Yong-Yuan Deng

    2017-12-01

    Full Text Available As sensor networks and cloud computation technologies have rapidly developed over recent years, many services and applications integrating these technologies into daily life have come together as an Internet of Things (IoT. At the same time, aging populations have increased the need for expanded and more efficient elderly care services. Fortunately, elderly people can now wear sensing devices which relay data to a personal wireless device, forming a body area network (BAN. These personal wireless devices collect and integrate patients’ personal physiological data, and then transmit the data to the backend of the network for related diagnostics. However, a great deal of the information transmitted by such systems is sensitive data, and must therefore be subject to stringent security protocols. Protecting this data from unauthorized access is thus an important issue in IoT-related research. In regard to a cloud healthcare environment, scholars have proposed a secure mechanism to protect sensitive patient information. Their schemes provide a general architecture; however, these previous schemes still have some vulnerability, and thus cannot guarantee complete security. This paper proposes a secure and lightweight body-sensor network based on the Internet of Things for cloud healthcare environments, in order to address the vulnerabilities discovered in previous schemes. The proposed authentication mechanism is applied to a medical reader to provide a more comprehensive architecture while also providing mutual authentication, and guaranteeing data integrity, user untraceability, and forward and backward secrecy, in addition to being resistant to replay attack.

  8. Internet of Things (IoT) Based Design of a Secure and Lightweight Body Area Network (BAN) Healthcare System.

    Science.gov (United States)

    Deng, Yong-Yuan; Chen, Chin-Ling; Tsaur, Woei-Jiunn; Tang, Yung-Wen; Chen, Jung-Hsuan

    2017-12-15

    As sensor networks and cloud computation technologies have rapidly developed over recent years, many services and applications integrating these technologies into daily life have come together as an Internet of Things (IoT). At the same time, aging populations have increased the need for expanded and more efficient elderly care services. Fortunately, elderly people can now wear sensing devices which relay data to a personal wireless device, forming a body area network (BAN). These personal wireless devices collect and integrate patients' personal physiological data, and then transmit the data to the backend of the network for related diagnostics. However, a great deal of the information transmitted by such systems is sensitive data, and must therefore be subject to stringent security protocols. Protecting this data from unauthorized access is thus an important issue in IoT-related research. In regard to a cloud healthcare environment, scholars have proposed a secure mechanism to protect sensitive patient information. Their schemes provide a general architecture; however, these previous schemes still have some vulnerability, and thus cannot guarantee complete security. This paper proposes a secure and lightweight body-sensor network based on the Internet of Things for cloud healthcare environments, in order to address the vulnerabilities discovered in previous schemes. The proposed authentication mechanism is applied to a medical reader to provide a more comprehensive architecture while also providing mutual authentication, and guaranteeing data integrity, user untraceability, and forward and backward secrecy, in addition to being resistant to replay attack.

  9. Zephyr: A secure Internet process to streamline engineering

    Energy Technology Data Exchange (ETDEWEB)

    Jordan, C.W.; Niven, W.A.; Cavitt, R.E. [and others

    1998-05-12

    Lawrence Livermore National Laboratory (LLNL) is implementing an Internet-based process pilot called `Zephyr` to streamline engineering and commerce using the Internet. Major benefits have accrued by using Zephyr in facilitating industrial collaboration, speeding the engineering development cycle, reducing procurement time, and lowering overall costs. Programs at LLNL are potentializing the efficiencies introduced since implementing Zephyr. Zephyr`s pilot functionality is undergoing full integration with Business Systems, Finance, and Vendors to support major programs at the Laboratory.

  10. Security in the Cache and Forward Architecture for the Next Generation Internet

    Science.gov (United States)

    Hadjichristofi, G. C.; Hadjicostis, C. N.; Raychaudhuri, D.

    The future Internet architecture will be comprised predominately of wireless devices. It is evident at this stage that the TCP/IP protocol that was developed decades ago will not properly support the required network functionalities since contemporary communication profiles tend to be data-driven rather than host-based. To address this paradigm shift in data propagation, a next generation architecture has been proposed, the Cache and Forward (CNF) architecture. This research investigates security aspects of this new Internet architecture. More specifically, we discuss content privacy, secure routing, key management and trust management. We identify security weaknesses of this architecture that need to be addressed and we derive security requirements that should guide future research directions. Aspects of the research can be adopted as a step-stone as we build the future Internet.

  11. Security Management Strategies for Protecting Your Library's Network.

    Science.gov (United States)

    Ives, David J.

    1996-01-01

    Presents security procedures for protecting a library's computer system from potential threats by patrons or personnel, and describes how security can be breached. A sidebar identifies four areas of concern in security management: the hardware, the operating system, the network, and the user interface. A selected bibliography of sources on…

  12. Development of measures of online privacy concern and protection for use on the Internet

    OpenAIRE

    Buchanan, T; Paine, C; Joinson, A; Reips, U D

    2007-01-01

    As the Internet grows in importance, concerns about online privacy have arisen. We describe the development and validation of three short Internet-administered scales measuring privacy related attitudes ('Privacy Concern') and behaviors ('General Caution' and 'Technical Protection').

  13. EDAS: An Evaluation Prototype for Autonomic Event-Driven Adaptive Security in the Internet of Things

    Directory of Open Access Journals (Sweden)

    Waqas Aman

    2015-07-01

    Full Text Available In Internet of Things (IoT, the main driving technologies are considered to be tiny sensory objects. These objects cannot host traditional preventive and detective technologies to provide protection against the increasing threat sophistication. Furthermore, these solutions are limited to analyzing particular contextual information, for instance network information or files, and do not provide holistic context for risk analysis and response. Analyzing a part of a situation may lead to false alarms and later to unnecessary and incorrect configurations. To overcome these concerns, we proposed an event-driven adaptive security (EDAS model for IoT. EDAS aims to observe security events (changes generated by various things in the monitored IoT environment, investigates any intentional or unintentional risks associated with the events and adapts to it autonomously. It correlates different events in time and space to reduce any false alarms and provides a mechanism to predict attacks before they are realized. Risks are responded to autonomically by utilizing a runtime adaptation ontology. The mitigation action is chosen after assessing essential information, such as the risk faced, user preferences, device capabilities and service requirements. Thus, it selects an optimal mitigation action in a particular adverse situation. The objective of this paper is to investigate EDAS feasibility and its aptitude as a real-world prototype in a remote patient monitoring context. It details how EDAS can be a practical choice for IoT-eHealth in terms of the security, design and implementation features it offers as compared to traditional security controls. We have explained the prototype’s major components and have highlighted the key technical challenges.

  14. 76 FR 36863 - Special Conditions: Gulfstream Model GVI Airplane; Electronic Systems Security Protection From...

    Science.gov (United States)

    2011-06-23

    ... Security Protection From Unauthorized External Access AGENCY: Federal Aviation Administration (FAA), DOT... for Gulfstream GVI airplanes. 1. The applicant must ensure electronic system security protection for... that effective electronic system security protection strategies are implemented to protect the airplane...

  15. An Analysis of Security Incidents on the Internet 1989-1995

    Science.gov (United States)

    1997-04-07

    intervene. 14.4.2. Government Information Policies and the Computer Security Market - During the history of the Internet , the government has maintained a...the government is already taking to improve the operation of the Internet market by supplying information . The following analysis determined whether the... Information Assurance Technology Analysis Center (IATAC) 3190 Fairview Park Drive Falls Church VA 22042 Performing Organization Number(s) Sponsoring

  16. Security leader insights for information protection lessons and strategies from leading security professionals

    CERN Document Server

    Fahy, Bob

    2014-01-01

    How do you, as a busy security executive or manager, stay current with evolving issues, familiarize yourself with the successful practices of your peers, and transfer this information to build a knowledgeable, skilled workforce the times now demand? With Security Leader Insights for Information Protection, a collection of timeless leadership best practices featuring insights from some of the nation's most successful security practitioners, you can. This book can be used as a quick and effective resource to bring your security staff up to speed on security's role in information protection. I

  17. Securing Wireless Communications of the Internet of Things from the Physical Layer, An Overview

    Science.gov (United States)

    Zhang, Junqing; Duong, Trung; Woods, Roger; Marshall, Alan

    2017-08-01

    The security of the Internet of Things (IoT) is receiving considerable interest as the low power constraints and complexity features of many IoT devices are limiting the use of conventional cryptographic techniques. This article provides an overview of recent research efforts on alternative approaches for securing IoT wireless communications at the physical layer, specifically the key topics of key generation and physical layer encryption. These schemes can be implemented and are lightweight, and thus offer practical solutions for providing effective IoT wireless security. Future research to make IoT-based physical layer security more robust and pervasive is also covered.

  18. Establishing an Information Security System related to Physical Protection

    International Nuclear Information System (INIS)

    Jang, Sung Soon; Yoo, Ho Sik

    2009-01-01

    A physical protection system (PPS) integrates people, procedures and equipment for the protection of assets or facilities against theft, sabotage or other malevolent attacks. In the physical protection field, it is important the maintain confidentiality of PPS related information, such as the alarm system layout, detailed maps of buildings, and guard schedules. In this abstract, we suggest establishing a methodology for an information security system. The first step in this methodology is to determine the information to protect and possible adversaries. Next, system designers should draw all possible paths to the information and arrange appropriate protection elements. Finally he/she should analyze and upgrade their information security system

  19. Internet of Things Security: Layered classification of attacks and possible Countermeasures

    Directory of Open Access Journals (Sweden)

    Otmane El Mouaatamid

    2016-12-01

    Full Text Available Nowadays, the internet of things (IoT presents a strong focus of research with various initiatives working on the application, and usage of Internet standards in the IoT. But the big challenge of the internet of things is security. In this paper a layered classification and a goal based comparison of attacks in the IoT are presented so that a better understanding of IoT attacks can be achieved and subsequently more efficient and effective techniques and procedures to combat these attacks may be developed

  20. Cracking ShadowCrypt: Exploring the Limitations of Secure I/O Systems in Internet Browsers

    OpenAIRE

    Freyberger Michael; He Warren; Akhawe Devdatta; Mazurek Michelle L.; Mittal Prateek

    2018-01-01

    An important line of privacy research is investigating the design of systems for secure input and output (I/O) within Internet browsers. These systems would allow for users’ information to be encrypted and decrypted by the browser, and the specific web applications will only have access to the users’ information in encrypted form. The state-of-the-art approach for a secure I/O system within Internet browsers is a system called ShadowCrypt created by UC Berkeley researchers [23]. This paper wi...

  1. Internet of Things in Marketing: Opportunities and Security Issues

    Science.gov (United States)

    Abashidze, Irakli; Dąbrowski, Marcin

    2016-12-01

    Internet of Things (IoT) affects different areas of human activities: everyday life of ordinary citizens, work style of marketing teams, factories and even entire cities. Large companies try to implement the technology in their marketing strategy that reshapes not only communication style and product promotion but consumers' expectations, perceptions and requirements towards companies. IoT is expected to become a huge network that will encompass not only smart devices but significantly influence humans' behavior, in this particular case - decision making style in different phases of purchase process. Therefore, the need for comprehensive scientific research is necessary. The issue needs to be reviewed from various points of view, such as opportunities, advantages, disadvantages, legal and technical considerations. The paper is an attempt to review different aspects of using Internet of Things for marketing purposes, identify some of the major problems and present possible ways of solution.

  2. INTERNET OF THINGS IN MARKETING: OPPORTUNITIES AND SECURITY ISSUES

    Directory of Open Access Journals (Sweden)

    Irakli ABASHIDZE

    2016-10-01

    Full Text Available Internet of Things (IoT affects different areas of human activities: everyday life of ordinary citizens, work style of mar-keting teams, factories and even entire cities. Large companies try to implement the technology in their marketing strat-egy that reshapes not only communication style and product promotion but consumers’ expectations, perceptions and requirements towards companies. IoT is expected to become a huge network that will encompass not only smart devic-es but significantly influence humans’ behavior, in this particular case – decision making style in different phases of pur-chase process. Therefore, the need for comprehensive scientific research is necessary. The issue needs to be reviewed from various points of view, such as opportunities, advantages, disadvantages, legal and technical considerations. The paper is an attempt to review different aspects of using Internet of Things for marketing purposes, identify some of the major problems and present possible ways of solution.

  3. The Internet of Things: New Interoperability, Management and Security Challenges

    OpenAIRE

    Elkhodr, Mahmoud; Shahrestani, Seyed; Cheung, Hon

    2016-01-01

    The Internet of Things (IoT) brings connectivity to about every objects found in the physical space. It extends connectivity to everyday objects. From connected fridges, cars and cities, the IoT creates opportunities in numerous domains. However, this increase in connectivity creates many prominent challenges. This paper provides a survey of some of the major issues challenging the widespread adoption of the IoT. Particularly, it focuses on the interoperability, management, securi...

  4. Breaching the security of the Kaiser Permanente Internet patient portal: the organizational foundations of information security.

    Science.gov (United States)

    Collmann, Jeff; Cooper, Ted

    2007-01-01

    This case study describes and analyzes a breach of the confidentiality and integrity of personally identified health information (e.g. appointment details, answers to patients' questions, medical advice) for over 800 Kaiser Permanente (KP) members through KP Online, a web-enabled health care portal. The authors obtained and analyzed multiple types of qualitative data about this incident including interviews with KP staff, incident reports, root cause analyses, and media reports. Reasons at multiple levels account for the breach, including the architecture of the information system, the motivations of individual staff members, and differences among the subcultures of individual groups within as well as technical and social relations across the Kaiser IT program. None of these reasons could be classified, strictly speaking, as "security violations." This case study, thus, suggests that, to protect sensitive patient information, health care organizations should build safe organizational contexts for complex health information systems in addition to complying with good information security practice and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

  5. Security Measures to Protect Mobile Agents

    Science.gov (United States)

    Dadhich, Piyanka; Govil, M. C.; Dutta, Kamlesh

    2010-11-01

    The security issues of mobile agent systems have embarrassed its widespread implementation. Mobile agents that move around the network are not safe because the remote hosts that accommodate the agents initiates all kinds of attacks. These hosts try to analyze the agent's decision logic and their accumulated data. So, mobile agent security is the most challenging unsolved problems. The paper analyzes various security measures deeply. Security especially the attacks performed by hosts to the visiting mobile agent (the malicious hosts problem) is a major obstacle that prevents mobile agent technology from being widely adopted. Being the running environment for mobile agent, the host has full control over them and could easily perform many kinds of attacks against them.

  6. Lightweight certificateless and provably-secure signcryptosystem for the internet of things

    OpenAIRE

    Nguyen , Kim Thuat; Oualha , Nouha; Laurent , Maryline

    2015-01-01

    International audience; In this paper, we propose an elliptic curve-based signcryption scheme derived from the standardized signature KCDSA (Korean Certificate-based Digital Signature Algorithm) in the context of the Internet of Things. Our solution has several advantages. First, the scheme is provably secure in the random oracle model. Second, it provides the following security properties: outsider/insider confidentiality and unforgeability; non-repudiation and public verifiability, while be...

  7. Towards Formal Validation of Trust and Security of the Internet of Services

    DEFF Research Database (Denmark)

    Carbone, Roberto; Minea, Marius; Mödersheim, Sebastian Alexander

    2011-01-01

    Service designers and developers, while striving to meet the requirements posed by application scenarios, have a hard time to assess the trust and security impact of an option, a minor change, a combination of functionalities, etc., due to the subtle and unforeseeable situations and behaviors...... techniques to efficiently tackle industrial-size problems. The formal verification of trust and security of the Internet of Services will significantly boost its development and public acceptance....

  8. DICOM image secure communications with Internet protocols IPv6 and IPv4.

    Science.gov (United States)

    Zhang, Jianguo; Yu, Fenghai; Sun, Jianyong; Yang, Yuanyuan; Liang, Chenwen

    2007-01-01

    Image-data transmission from one site to another through public network is usually characterized in term of privacy, authenticity, and integrity. In this paper, we first describe a general scenario about how image is delivered from one site to another through a wide-area network (WAN) with security features of data privacy, integrity, and authenticity. Second, we give the common implementation method of the digital imaging and communication in medicine (DICOM) image communication software library with IPv6/IPv4 for high-speed broadband Internet by using open-source software. Third, we discuss two major security-transmission methods, the IP security (IPSec) and the secure-socket layer (SSL) or transport-layer security (TLS), being used currently in medical-image-data communication with privacy support. Fourth, we describe a test schema of multiple-modality DICOM-image communications through TCP/IPv4 and TCP/IPv6 with different security methods, different security algorithms, and operating systems, and evaluate the test results. We found that there are tradeoff factors between choosing the IPsec and the SSL/TLS-based security implementation of IPv6/IPv4 protocols. If the WAN networks only use IPv6 such as in high-speed broadband Internet, the choice is IPsec-based security. If the networks are IPv4 or the combination of IPv6 and IPv4, it is better to use SSL/TLS security. The Linux platform has more security algorithms implemented than the Windows (XP) platform, and can achieve better performance in most experiments of IPv6 and IPv4-based DICOM-image communications. In teleradiology or enterprise-PACS applications, the Linux operating system may be the better choice as peer security gateways for both the IPsec and the SSL/TLS-based secure DICOM communications cross public networks.

  9. Security Considerations of Doing Business via the Internet: Cautions To Be Considered.

    Science.gov (United States)

    Aldridge, Alicia; White, Michele; Forcht, Karen

    1997-01-01

    Lack of security is perceived as a major roadblock to doing business online. This article examines system, user, and commercial transaction privacy on the World Wide Web and discusses methods of protection: operating systems security, file and data protection, user education, access restrictions, data authentication, perimeter and transaction…

  10. Culture: protection, safety and security connections toward good practices

    International Nuclear Information System (INIS)

    Rozental, Jose Julio

    2005-01-01

    This paper discusses concepts and connections on Protection, Safety and Security, considering many IAEA recent documents and international congress on the subject and basic regulation recommendation to developing countries toward the establishment of adequate capacity to deal with

  11. 76 FR 10529 - Special Conditions: Gulfstream Model GVI Airplane; Electronic Systems Security Protection From...

    Science.gov (United States)

    2011-02-25

    ... Security Protection From Unauthorized External Access AGENCY: Federal Aviation Administration (FAA), DOT... electronic system security protection for the aircraft control domain and airline information domain from... identified and assessed, and that effective electronic system security protection strategies are implemented...

  12. 75 FR 68370 - Agency Information Collection Activities: Office of Infrastructure Protection; Chemical Security...

    Science.gov (United States)

    2010-11-05

    ... DEPARTMENT OF HOMELAND SECURITY National Protection and Programs Directorate [Docket No. DHS-2010-0071] Agency Information Collection Activities: Office of Infrastructure Protection; Chemical Security...: The Department of Homeland Security (DHS), National Protection and Programs Directorate (NPPD), Office...

  13. 78 FR 6807 - Critical Infrastructure Protection and Cyber Security Trade Mission to Saudi Arabia and Kuwait...

    Science.gov (United States)

    2013-01-31

    ... coordinating and sponsoring an executive-led Critical Infrastructure Protection and Cyber Security mission to... on the cyber security, critical infrastructure protection, and emergency management, ports of entry... security, including border protection, civil defense capabilities, and coast guard and maritime...

  14. Comparative study of Internet of Things infrastructure and security

    DEFF Research Database (Denmark)

    Singh, Bhupjit; Kaur, Bipjeet

    With increasing use of IoTs in diverse fields has increased the demands of different parameters for high level of security, trust and applications. Several companies have invested millions of dollar to fulfill the needs of the market which has given rise variant infrastructures of IoTs. In this p...

  15. 78 FR 5122 - NASA Security and Protective Services Enforcement

    Science.gov (United States)

    2013-01-24

    ... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION 14 CFR Parts 1203a, 1203b, and 1204 [Docket No NASA-2012-0007] RIN 2700-AD89 NASA Security and Protective Services Enforcement AGENCY: National Aeronautics... nonsubstantive changes to NASA regulations to clarify the procedures for establishing controlled/ secure areas...

  16. How to Protect Children from Internet Predators: A Phenomenological Study

    Science.gov (United States)

    Alexander, Rodney T.

    2012-01-01

    Teenage Internet users are the fastest growing segment in the Internet user population. These teenagers are at risk of sexual assault from Internet predators. This phenomenological study explored teacher and counselors' perceptions of how to prevent this sexual assault. Twenty-five teacher and counselor participants were interviewed. A…

  17. Security Analysis and Improvements of Authentication and Access Control in the Internet of Things

    Science.gov (United States)

    Ndibanje, Bruce; Lee, Hoon-Jae; Lee, Sang-Gon

    2014-01-01

    Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18–21 June 2012, pp. 588–592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost. PMID:25123464

  18. Cracking ShadowCrypt: Exploring the Limitations of Secure I/O Systems in Internet Browsers

    Directory of Open Access Journals (Sweden)

    Freyberger Michael

    2018-04-01

    Full Text Available An important line of privacy research is investigating the design of systems for secure input and output (I/O within Internet browsers. These systems would allow for users’ information to be encrypted and decrypted by the browser, and the specific web applications will only have access to the users’ information in encrypted form. The state-of-the-art approach for a secure I/O system within Internet browsers is a system called ShadowCrypt created by UC Berkeley researchers [23]. This paper will explore the limitations of ShadowCrypt in order to provide a foundation for the general principles that must be followed when designing a secure I/O system within Internet browsers. First, we developed a comprehensive UI attack that cannot be mitigated with popular UI defenses, and tested the efficacy of the attack through a user study administered on Amazon Mechanical Turk. Only 1 of the 59 participants who were under attack successfully noticed the UI attack, which validates the stealthiness of the attack. Second, we present multiple attack vectors against Shadow-Crypt that do not rely upon UI deception. These attack vectors expose the privacy weaknesses of Shadow DOM—the key browser primitive leveraged by ShadowCrypt. Finally, we present a sketch of potential countermeasures that can enable the design of future secure I/O systems within Internet browsers.

  19. Security analysis and improvements of authentication and access control in the Internet of Things.

    Science.gov (United States)

    Ndibanje, Bruce; Lee, Hoon-Jae; Lee, Sang-Gon

    2014-08-13

    Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al. (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18-21 June 2012, pp. 588-592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost.

  20. OBSTACLES TO ONLINE SHOPPING: IMPACT OF GENDER AND INTERNET SECURITY ISSUES

    Directory of Open Access Journals (Sweden)

    AHU GENİS-GRUBER

    2013-06-01

    Full Text Available In the latest technology era, the widespread usage of internet enabled individuals to interact continuously and led to altered buying behavior patterns. Literature focuses on the critical effects in the field. Among many antecedents to online shopping, previous studies point out two important obstacles:  (i acceptance and tendency to use technology in accordance with gender perceptions and (ii internet security problems. This study analyzes the impact of these two prominent factors on e-commerce utilization by studying the effects of these factors through primary and secondary data; a survey designed specifically for this analysis and the cross-country data from Eurostat. The findings show that while internet security problems significantly impact online shopping behavior, the evidence is mixed for the impact of gender. The results of this paper provide insights for a successful e-commerce transaction and identify important obstacles to be avoided for an efficient e-commerce system.

  1. Nevada National Security Site Radiation Protection Program

    Energy Technology Data Exchange (ETDEWEB)

    Managers' Council, Radiological Control

    2018-03-12

    This is a shared document required by 10 CFR 835 for all contractors conducting radiological work at the Nevada National Security Site. Please record the Author as "Radiological Control Managers' Council" for consistency with previous RPPs and Rad Con Manuals.

  2. Differences in High School and College Students' Basic Knowledge and Perceived Education of Internet Safety: Do High School Students Really Benefit from the Children's Internet Protection Act?

    Science.gov (United States)

    Yan, Zheng

    2009-01-01

    The Children's Internet Protection Act (CIPA; 2000) requires an Internet filtering and public awareness strategy to protect children under 17 from harmful visual Internet depictions. This study compared high school students who went online with the CIPA restriction and college students who went online without the restriction in order to…

  3. A protect solution for data security in mobile cloud storage

    Science.gov (United States)

    Yu, Xiaojun; Wen, Qiaoyan

    2013-03-01

    It is popular to access the cloud storage by mobile devices. However, this application suffer data security risk, especial the data leakage and privacy violate problem. This risk exists not only in cloud storage system, but also in mobile client platform. To reduce the security risk, this paper proposed a new security solution. It makes full use of the searchable encryption and trusted computing technology. Given the performance limit of the mobile devices, it proposes the trusted proxy based protection architecture. The design basic idea, deploy model and key flows are detailed. The analysis from the security and performance shows the advantage.

  4. Simple & Secure: Attitude and behaviour towards security and usability in internet products and services at home

    NARCIS (Netherlands)

    Wolthuis, R.; Broenink, E.G.; Fransen, F.; Schultz, S.; Vries, A. de

    2010-01-01

    This paper is the result of research on the security perception of users in ICT services and equipment. We analyze the rationale of users to have an interest in security and to decide to change security parameters of equipment and services. We focus on the home environment, where more and more

  5. Secure Web-based Ground System User Interfaces over the Open Internet

    Science.gov (United States)

    Langston, James H.; Murray, Henry L.; Hunt, Gary R.

    1998-01-01

    A prototype has been developed which makes use of commercially available products in conjunction with the Java programming language to provide a secure user interface for command and control over the open Internet. This paper reports successful demonstration of: (1) Security over the Internet, including encryption and certification; (2) Integration of Java applets with a COTS command and control product; (3) Remote spacecraft commanding using the Internet. The Java-based Spacecraft Web Interface to Telemetry and Command Handling (Jswitch) ground system prototype provides these capabilities. This activity demonstrates the use and integration of current technologies to enable a spacecraft engineer or flight operator to monitor and control a spacecraft from a user interface communicating over the open Internet using standard World Wide Web (WWW) protocols and commercial off-the-shelf (COTS) products. The core command and control functions are provided by the COTS Epoch 2000 product. The standard WWW tools and browsers are used in conjunction with the Java programming technology. Security is provided with the current encryption and certification technology. This system prototype is a step in the direction of giving scientist and flight operators Web-based access to instrument, payload, and spacecraft data.

  6. Computer Security: transparent monitoring for your protection

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2016-01-01

    Computer security can be handled in one of two ways: in secrecy, behind a black curtain; or out in the open, subject to scrutiny and with full transparency. We believe that the latter is the only right way for CERN, and have always put that belief into practice. In keeping with this spirit, here is a reminder of how we monitor (your) CERN activities in order to guarantee timely responses to computer security incidents.   We monitor all network traffic coming into and going out of CERN. Automatic tools look for suspicious patterns like connections to known malicious IP addresses, web pages or domains. They check for malicious files being downloaded and make statistical analyses of connections in order to identify unusual behaviour. The automatic analysis of the logs from the CERN Domain Name Servers complements this and provides a redundant means of detection. We also constantly scan the CERN office network and keep an inventory of the individual network services running on each device: w...

  7. Radiation Protection, Nuclear Safety and Security

    International Nuclear Information System (INIS)

    Faye, Ndeye Arame Boye; Ndao, Ababacar Sadikhe; Tall, Moustapha Sadibou

    2014-01-01

    Senegal has put in place a regulatory framework which allows to frame legally the use of radioactive sources. A regulatory authority has been established to ensure its application. It is in the process of carrying out its regulatory functions. It cooperates with appropriate national or international institutions operating in fields related to radiation protection, safety and nuclear safety.

  8. Enforcing Security Mechanisms in the IP-Based Internet of Things: An Algorithmic Overview

    Directory of Open Access Journals (Sweden)

    Luca Veltri

    2013-04-01

    Full Text Available The Internet of Things (IoT refers to the Internet-like structure of billions of interconnected constrained devices, denoted as “smart objects”. Smart objects have limited capabilities, in terms of computational power and memory, and might be battery-powered devices, thus raising the need to adopt particularly energy efficient technologies. Among the most notable challenges that building interconnected smart objects brings about, there are standardization and interoperability. The use of IP has been foreseen as the standard for interoperability for smart objects. As billions of smart objects are expected to come to life and IPv4 addresses have eventually reached depletion, IPv6 has been identified as a candidate for smart-object communication. The deployment of the IoT raises many security issues coming from (i the very nature of smart objects, e.g., the adoption of lightweight cryptographic algorithms, in terms of processing and memory requirements; and (ii the use of standard protocols, e.g., the need to minimize the amount of data exchanged between nodes. This paper provides a detailed overview of the security challenges related to the deployment of smart objects. Security protocols at network, transport, and application layers are discussed, together with lightweight cryptographic algorithms proposed to be used instead of conventional and demanding ones, in terms of computational resources. Security aspects, such as key distribution and security bootstrapping, and application scenarios, such as secure data aggregation and service authorization, are also discussed.

  9. Radiological protection national system. Basic security rules

    International Nuclear Information System (INIS)

    1981-01-01

    This work has been prepared as the first one of a set of standards and regulations that will be enforced to provide the protection of men and the environment against the undesirable effects of ionizing radiations. It establishes, in the first place, the system of dose limits for the country and the principles of its utilization. It takes into account the CIPR's recommendations in this area and the mentioned frame of reference, it establishes further the necessary restrictions for the application of the limits to the professionally exposed workers, as well as to the isolated members of the public and the population in general. In addition it establishes the general conditions to be met for the implementation of radiological protection, among them, the classification of working areas and working conditions as well as the compulsory periodical medical surveillance. (H.D.N.)

  10. On the Security of Data Collection and Transmission from Wireless Sensor Networks in the Context of Internet of Things

    OpenAIRE

    Yu, Hong; He, Jingsha; Liu, Ruohong; Ji, Dajie

    2013-01-01

    In the context of Internet of Things (IoT), multiple cooperative nodes in wireless sensor networks (WSNs) can be used to monitor an event, jointly generate a report and then send it to one or more Internet nodes for further processing. A primary security requirement in such applications is that every event data report be authenticated to intended Internet users and effectively filtered on its way to the Internet users to realize the security of data collection and transmission from the WSN. H...

  11. Implementing Physical Protection Education for an Enhanced Nuclear Security Culture

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Jeong Ho; Kim, Hyun Chul; Shin, Ick Hyun; Lee, Hyung Kyung; Choe, Kwan Kyoo [KINAC, Daejeon (Korea, Republic of)

    2013-10-15

    In this paper, we are going to outline our efforts and experiences at implementing physical protection education. KINAC (as the only designated educational institute) places great effort in delivering an effective and a high-quality education program for physical protection. We have also provided a way for nuclear operators to share the lessons they have gained through their own experiences. We made physical protection education an important communication channel, not only among nuclear operators but also between operators and a regulatory body. There is growing attention given to education and training on the subject of physical protection in order to enhance the nuclear security culture. The IAEA recommends that all personnel in organizations directly involved with the nuclear industry receive regularly education in physical protection according to the recently revised INFCIRC/225/Rev.5. The Korea Institute of Nuclear Nonproliferation and Control (KINAC) and the Nuclear Safety and Security Commission (NSSC), which are mainly responsible for the national nuclear security regime, have already recognized the importance of education and training in physical protection. The NSSC enacted its decree on physical protection education and training in 2010. KINAC was designated as the first educational institute in 2011 and implemented physical protection education as mandatory from 2012.

  12. Implementing Physical Protection Education for an Enhanced Nuclear Security Culture

    International Nuclear Information System (INIS)

    Lee, Jeong Ho; Kim, Hyun Chul; Shin, Ick Hyun; Lee, Hyung Kyung; Choe, Kwan Kyoo

    2013-01-01

    In this paper, we are going to outline our efforts and experiences at implementing physical protection education. KINAC (as the only designated educational institute) places great effort in delivering an effective and a high-quality education program for physical protection. We have also provided a way for nuclear operators to share the lessons they have gained through their own experiences. We made physical protection education an important communication channel, not only among nuclear operators but also between operators and a regulatory body. There is growing attention given to education and training on the subject of physical protection in order to enhance the nuclear security culture. The IAEA recommends that all personnel in organizations directly involved with the nuclear industry receive regularly education in physical protection according to the recently revised INFCIRC/225/Rev.5. The Korea Institute of Nuclear Nonproliferation and Control (KINAC) and the Nuclear Safety and Security Commission (NSSC), which are mainly responsible for the national nuclear security regime, have already recognized the importance of education and training in physical protection. The NSSC enacted its decree on physical protection education and training in 2010. KINAC was designated as the first educational institute in 2011 and implemented physical protection education as mandatory from 2012

  13. Network Security Hacks Tips & Tools for Protecting Your Privacy

    CERN Document Server

    Lockhart, Andrew

    2009-01-01

    This second edition of Network Security Hacks offers 125 concise and practical hacks, including more information for Windows administrators, hacks for wireless networking (such as setting up a captive portal and securing against rogue hotspots), and techniques to ensure privacy and anonymity, including ways to evade network traffic analysis, encrypt email and files, and protect against phishing attacks. System administrators looking for reliable answers will also find concise examples of applied encryption, intrusion detection, logging, trending, and incident response.

  14. 75 FR 82037 - National Protection and Programs Directorate; President's National Security Telecommunications...

    Science.gov (United States)

    2010-12-29

    ... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2010-0050] National Protection and Programs Directorate; President's National Security Telecommunications Advisory Committee AGENCY: National Protection... Committee Meeting. SUMMARY: The President's National Security Telecommunications Advisory Committee (NSTAC...

  15. Annual training manual for security training: Protective force

    Energy Technology Data Exchange (ETDEWEB)

    1990-10-01

    Westinghouse is committed to high quality training relevant to the need of the Protective Forces at the Waste Isolation Pilot Plant (WIPP). The training programs at WIPP are designed to qualify Security personnel to perform WIPP security missions in a professional and responsible manner. The program consists of basic as well as sustainment training, as further described in this plan. This plan documents the WIPP Security training program for security personnel for calendar year 1990. The programs detailed in this plan are designed to adequately train persons to ensure the uninterrupted continuity of Department of Energy (DOE)/Westinghouse operations. The Security Training Program consists of four basic elements. These elements are (1) basic level training; (2) on-the-job training; (3) refresher training; and (4) in-service training.

  16. Security Culture in Physical Protection of Nuclear Material and Facility

    International Nuclear Information System (INIS)

    Susyanta-Widyatmaka; Koraag, Venuesiana-Dewi; Taswanda-Taryo

    2005-01-01

    In nuclear related field, there are three different cultures: safety, safeguards and security culture. Safety culture has established mostly in nuclear industries, meanwhile safeguards and security culture are relatively new and still developing. The latter is intended to improve the physical protection of material and nuclear facility. This paper describes concept, properties and factors affecting security culture and interactions among these cultures. The analysis indicates that anybody involving in nuclear material and facility should have strong commitment and awareness of such culture to establish it. It is concluded that the assessment of security culture outlined in this paper is still preliminary for developing and conduction rigorous security culture implemented in a much more complex facility such as nuclear power plant

  17. Ensuring Freedoms and Protecting Rights in the Governance of the Internet: A Comparative Analysis on Blocking Measures and Internet Providers’ Removal of Illegal Internet Content

    Directory of Open Access Journals (Sweden)

    Katalin Parti

    2013-02-01

    Full Text Available Removing illegal or harmful material from the internet has been pursued for more than two decades. The advent of Web 2.0, with the prominent increase and diffusion of user-generated content, amplifies the necessity for technical and legal frameworks enabling the removal of illegal material from the network. This study deals with different levels and methods of Internet ‘cleansing’ measures, comparing government regulated and Internet service provider based removals of illegal Internet content. The paper aims at putting the regulatory option of internet blocking measures into the broader perspective of the legal framework regulating the (exemption from liability of Intermediary Service Providers (ISPs for user-generated contents. In addition, the paper suggests proposals on which regulatory options can better ensure the respect of freedoms and the protection of rights. The paper introduces several significant cases of blocking online copyright infringing materials. Copyright related blocking techniques have been devised for business reasons – by copyright holders’ associations. It must be recalled, however, that these blocking actions cannot be enforced without the states’ intervention. These business-level actions become isolated if they are not supported by both the European Union and its Member States. Conversely, state-centred initiatives cannot work out without the private sector’s cooperation. Internet service providers play a crucial role in this cooperative framework because of their task of providing access to the Internet and hosting web contents.

  18. Equipment for radiography in Yugoslavia - security and radiation protection

    International Nuclear Information System (INIS)

    Dobrijevic, R.; Vucina, J.

    1998-01-01

    Nondestructive method of material control by using radioisotopes is developed in Yugoslavia. This method of quality control is professionally performed by 30 firms. This paper presents the overview of the equipment used in the industrial radiography by using radioisotopes. Special attention was devoted to the security during the work and to the radiation protection of the operator and other personnel around the working place. In general it could be concluded that the main drawback which influences the security is the fact that most cases old and whom out equipment is in use. Other factors influencing the security are also discussed. (author)

  19. Securing SQL Server Protecting Your Database from Attackers

    CERN Document Server

    Cherry, Denny

    2011-01-01

    There is a lot at stake for administrators taking care of servers, since they house sensitive data like credit cards, social security numbers, medical records, and much more. In Securing SQL Server you will learn about the potential attack vectors that can be used to break into your SQL Server database, and how to protect yourself from these attacks. Written by a Microsoft SQL Server MVP, you will learn how to properly secure your database, from both internal and external threats. Best practices and specific tricks employed by the author will also be revealed. Learn expert techniques to protec

  20. Securing SQL server protecting your database from attackers

    CERN Document Server

    Cherry, Denny

    2015-01-01

    SQL server is the most widely-used database platform in the world, and a large percentage of these databases are not properly secured, exposing sensitive customer and business data to attack. In Securing SQL Server, Third Edition, you will learn about the potential attack vectors that can be used to break into SQL server databases as well as how to protect databases from these attacks. In this book, Denny Cherry - a Microsoft SQL MVP and one of the biggest names in SQL server - will teach you how to properly secure an SQL server database from internal and external threats using best practic

  1. Safeguarding the User - Developing a Multimodal Design for Surveying and Raising Internet Safety and Security Awareness

    DEFF Research Database (Denmark)

    Gjedde, Lisa; Sharp, Robin; Andersen, Preben

    2009-01-01

    Internet safety and security for the user is an issue of great importance for the successful implementation of ICT, but since it is a complex field, with a specialist vocabulary that cannot immediately be understood by the common user, it is difficult to survey the field. The user may not underst......Internet safety and security for the user is an issue of great importance for the successful implementation of ICT, but since it is a complex field, with a specialist vocabulary that cannot immediately be understood by the common user, it is difficult to survey the field. The user may...... describes an ICT-based research method that combines a verbal mode of inquiry with a visual mode employing illustrations, animations and simulations to provide the user with a multimodal media experience. The rationale for this is that we are working in a complex technical field with a specialist vocabulary...

  2. Security Techniques for protecting data in Cloud Computing

    OpenAIRE

    Maddineni, Venkata Sravan Kumar; Ragi, Shivashanker

    2012-01-01

    Context: From the past few years, there has been a rapid progress in Cloud Computing. With the increasing number of companies resorting to use resources in the Cloud, there is a necessity for protecting the data of various users using centralized resources. Some major challenges that are being faced by Cloud Computing are to secure, protect and process the data which is the property of the user. Aims and Objectives: The main aim of this research is to understand the security threats and ident...

  3. Reputation-Based Internet Protocol Security: A Multilayer Security Framework for Mobile Ad Hoc Networks

    Science.gov (United States)

    2010-09-01

    motivated research in behavior grading systems [56]. Peer-to-peer eCommerce appli- cations such as eBay, Amazon, uBid, and Yahoo have performed research that...Security in Mobile Ad Hoc Networks”. IEEE Security & Privacy , 72–75, 2008. 15. Chakeres, ID and EM Belding-Royer. “AODV Routing Protocol Implementa...Detection System”. Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy , 240–250. 1992. 21. Devore, J.L. and N.R. Farnum

  4. In Law We Trust? Trusted Computing and Legal Responsibility for Internet Security

    Science.gov (United States)

    Danidou, Yianna; Schafer, Burkhard

    This paper analyses potential legal responses and consequences to the anticipated roll out of Trusted Computing (TC). It is argued that TC constitutes such a dramatic shift in power away from users to the software providers, that it is necessary for the legal system to respond. A possible response is to mirror the shift in power by a shift in legal responsibility, creating new legal liabilities and duties for software companies as the new guardians of internet security.

  5. Service-Oriented Security Framework for Remote Medical Services in the Internet of Things Environment.

    Science.gov (United States)

    Lee, Jae Dong; Yoon, Tae Sik; Chung, Seung Hyun; Cha, Hyo Soung

    2015-10-01

    Remote medical services have been expanding globally, and this is expansion is steadily increasing. It has had many positive effects, including medical access convenience, timeliness of service, and cost reduction. The speed of research and development in remote medical technology has been gradually accelerating. Therefore, it is expected to expand to enable various high-tech information and communications technology (ICT)-based remote medical services. However, the current state lacks an appropriate security framework that can resolve security issues centered on the Internet of things (IoT) environment that will be utilized significantly in telemedicine. This study developed a medical service-oriented frame work for secure remote medical services, possessing flexibility regarding new service and security elements through its service-oriented structure. First, the common architecture of remote medical services is defined. Next medical-oriented secu rity threats and requirements within the IoT environment are identified. Finally, we propose a "service-oriented security frame work for remote medical services" based on previous work and requirements for secure remote medical services in the IoT. The proposed framework is a secure framework based on service-oriented cases in the medical environment. A com parative analysis focusing on the security elements (confidentiality, integrity, availability, privacy) was conducted, and the analysis results demonstrate the security of the proposed framework for remote medical services with IoT. The proposed framework is service-oriented structure. It can support dynamic security elements in accordance with demands related to new remote medical services which will be diversely generated in the IoT environment. We anticipate that it will enable secure services to be provided that can guarantee confidentiality, integrity, and availability for all, including patients, non-patients, and medical staff.

  6. Service-Oriented Security Framework for Remote Medical Services in the Internet of Things Environment

    Science.gov (United States)

    Lee, Jae Dong; Yoon, Tae Sik; Chung, Seung Hyun

    2015-01-01

    Objectives Remote medical services have been expanding globally, and this is expansion is steadily increasing. It has had many positive effects, including medical access convenience, timeliness of service, and cost reduction. The speed of research and development in remote medical technology has been gradually accelerating. Therefore, it is expected to expand to enable various high-tech information and communications technology (ICT)-based remote medical services. However, the current state lacks an appropriate security framework that can resolve security issues centered on the Internet of things (IoT) environment that will be utilized significantly in telemedicine. Methods This study developed a medical service-oriented frame work for secure remote medical services, possessing flexibility regarding new service and security elements through its service-oriented structure. First, the common architecture of remote medical services is defined. Next medical-oriented secu rity threats and requirements within the IoT environment are identified. Finally, we propose a "service-oriented security frame work for remote medical services" based on previous work and requirements for secure remote medical services in the IoT. Results The proposed framework is a secure framework based on service-oriented cases in the medical environment. A com parative analysis focusing on the security elements (confidentiality, integrity, availability, privacy) was conducted, and the analysis results demonstrate the security of the proposed framework for remote medical services with IoT. Conclusions The proposed framework is service-oriented structure. It can support dynamic security elements in accordance with demands related to new remote medical services which will be diversely generated in the IoT environment. We anticipate that it will enable secure services to be provided that can guarantee confidentiality, integrity, and availability for all, including patients, non-patients, and medical

  7. ICRP Publication 125: Radiological Protection in Security Screening.

    Science.gov (United States)

    Cool, D A; Lazo, E; Tattersall, P; Simeonov, G; Niu, S

    2014-07-01

    The use of technologies to provide security screening for individuals and objects has been increasing rapidly, in keeping with the significant increase in security concerns worldwide. Within the spectrum of technologies, the use of ionizing radiation to provide backscatter and transmission screening capabilities has also increased. The Commission has previously made a number of statements related to the general topic of deliberate exposures of individuals in non-medical settings. This report provides advice on how the radiological protection principles recommended by the Commission should be applied within the context of security screening. More specifically, the principles of justification, optimisation of protection, and dose limitation for planned exposure situations are directly applicable to the use of ionising radiation in security screening. In addition, several specific topics are considered in this report, including the situation in which individuals may be exposed because they are concealed (‘stowaways’) in a cargo container or conveyance that may be subject to screening. The Commission continues to recommend that careful justification of screening should be considered before decisions are made to employ the technology. If a decision is made that its use is justified, the framework for protection as a planned exposure situation should be employed, including optimization of protection with the use of dose constraints and the appropriate provisions for authorisation and inspection.

  8. Security Risks and Protection in Online Learning: A Survey

    Science.gov (United States)

    Chen, Yong; He, Wu

    2013-01-01

    This paper describes a survey of online learning which attempts to determine online learning providers' awareness of potential security risks and the protection measures that will diminish them. The authors use a combination of two methods: blog mining and a traditional literature search. The findings indicate that, while scholars have…

  9. A Quantitative Study on Japanese Internet User's Awareness to Information Security: Necessity and Importance of Education and Policy

    OpenAIRE

    Toshihiko Takemura; Atsushi Umino

    2009-01-01

    In this paper, the authors examine whether or not there Institute for Information and Communications Policy shows are differences of Japanese Internet users awareness to information security based on individual attributes by using analysis of variance based on non-parametric method. As a result, generally speaking, it is found that Japanese Internet users' awareness to information security is different by individual attributes. Especially, the authors verify that the users who received the in...

  10. A framework for an institutional high level security policy for the processing of medical data and their transmission through the Internet.

    Science.gov (United States)

    Ilioudis, C; Pangalos, G

    2001-01-01

    The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy. To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information. We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet. We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information. The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a

  11. Energy security and climate change protection: Complementarity or tradeoff?

    International Nuclear Information System (INIS)

    Brown, Stephen P.A.; Huntington, Hillard G.

    2008-01-01

    Energy security and climate change protection have risen to the forefront of energy policy - linked in time and a perception that both goals can be achieved through the same or similar policies. Although such complementarity can exist for individual technologies, policymakers face a tradeoff between these two policy objectives. The tradeoff arises when policymakers choose the mix of individual technologies with which to reduce greenhouse gas emissions and enhance energy security. Optimal policy is achieved when the cost of the additional use of each technology equals the value of the additional energy security and reduction in greenhouse gas emission that it provides. Such an approach may draw more heavily on conventional technologies that provide benefits in only one dimension than on more costly technologies that both increase energy security and reduce greenhouse gas emissions. (author)

  12. Security protection of DICOM medical images using dual-layer reversible watermarking with tamper detection capability.

    Science.gov (United States)

    Tan, Chun Kiat; Ng, Jason Changwei; Xu, Xiaotian; Poh, Chueh Loo; Guan, Yong Liang; Sheah, Kenneth

    2011-06-01

    Teleradiology applications and universal availability of patient records using web-based technology are rapidly gaining importance. Consequently, digital medical image security has become an important issue when images and their pertinent patient information are transmitted across public networks, such as the Internet. Health mandates such as the Health Insurance Portability and Accountability Act require healthcare providers to adhere to security measures in order to protect sensitive patient information. This paper presents a fully reversible, dual-layer watermarking scheme with tamper detection capability for medical images. The scheme utilizes concepts of public-key cryptography and reversible data-hiding technique. The scheme was tested using medical images in DICOM format. The results show that the scheme is able to ensure image authenticity and integrity, and to locate tampered regions in the images.

  13. Education Organization Baseline Control Protection and Trusted Level Security

    Directory of Open Access Journals (Sweden)

    Wasim A. Al-Hamdani

    2007-12-01

    Full Text Available Many education organizations have adopted for security the enterprise best practices for implementation on their campuses, while others focus on ISO Standard (or/and the National Institution of Standards and Technology.All these adoptions are dependent on IT personal and their experiences or knowledge of the standard. On top of this is the size of the education organizations. The larger the population in an education organization, the more the problem of information and security become very clear. Thus, they have been obliged to comply with information security issues and adopt the national or international standard. The case is quite different when the population size of the education organization is smaller. In such education organizations, they use social security numbers as student ID, and issue administrative rights to faculty and lab managers – or they are not aware of the Family Educational Rights and Privacy Act (FERPA – and release some personal information.The problem of education organization security is widely open and depends on the IT staff and their information security knowledge in addition to the education culture (education, scholarships and services has very special characteristics other than an enterprise or comparative organizationThis paper is part of a research to develop an “Education Organization Baseline Control Protection and Trusted Level Security.” The research has three parts: Adopting (standards, Testing and Modifying (if needed.

  14. 75 FR 75711 - Securities Investor Protection Corporation; Notice of Filing of a Proposed Bylaw Change Relating...

    Science.gov (United States)

    2010-12-06

    ... Securities Investor Protection Corporation (``SIPC'') filed with the Securities and Exchange Commission... Members, Rel. No. SIPA-156, 56 FR 51952 (Oct. 16, 1991). \\6\\ Securities Investor Protection Corporation... SECURITIES AND EXCHANGE COMMISSION [Release No. SIPA-169; File No. SIPC-2010-01] Securities...

  15. Internet

    Indian Academy of Sciences (India)

    First page Back Continue Last page Overview Graphics. Internet. The latest communication revolution surrounds Internet. Some stats*:. 210 billion emails sent daily; 15 billion phone calls everyday; ~40 billion WWW links served everyday. * Source : The Radicati group.

  16. Ultra-Low-Power Design and Hardware Security Using Emerging Technologies for Internet of Things

    Directory of Open Access Journals (Sweden)

    Jiann-Shiun Yuan

    2017-09-01

    Full Text Available In this review article for Internet of Things (IoT applications, important low-power design techniques for digital and mixed-signal analog–digital converter (ADC circuits are presented. Emerging low voltage logic devices and non-volatile memories (NVMs beyond CMOS are illustrated. In addition, energy-constrained hardware security issues are reviewed. Specifically, light-weight encryption-based correlational power analysis, successive approximation register (SAR ADC security using tunnel field effect transistors (FETs, logic obfuscation using silicon nanowire FETs, and all-spin logic devices are highlighted. Furthermore, a novel ultra-low power design using bio-inspired neuromorphic computing and spiking neural network security are discussed.

  17. 47 CFR 54.520 - Children's Internet Protection Act certifications required from recipients of discounts under the...

    Science.gov (United States)

    2010-10-01

    ... “technology protection measure” as used in this section, are defined in the Children's Internet Protection Act... discounts for Internet access or internal connections must certify on FCC Form 486 that an Internet safety... entity for the consortium, the school must certify instead on FCC Form 479 (“Certification to Consortium...

  18. Analysis of Techniques for Protection Against Spam over Internet Telephony

    NARCIS (Netherlands)

    Quinten, Vincent M.; van de Meent, R.; Pras, A.; Pras, Aiko; van Sinderen, M.J.; van Sinderen, Marten J.

    2007-01-01

    Spam in Internet telephony (SPIT) networks is likely to become a large problem in the future, as more and more people and companies switch from traditional telephone networks to Voice over IP (VoIP) networks, and as it is easy to spam VoIP users. The goal of this survey paper is to identify

  19. Securing SQL Server Protecting Your Database from Attackers

    CERN Document Server

    Cherry, Denny

    2012-01-01

    Written by Denny Cherry, a Microsoft MVP for the SQL Server product, a Microsoft Certified Master for SQL Server 2008, and one of the biggest names in SQL Server today, Securing SQL Server, Second Edition explores the potential attack vectors someone can use to break into your SQL Server database as well as how to protect your database from these attacks. In this book, you will learn how to properly secure your database from both internal and external threats using best practices and specific tricks the author uses in his role as an independent consultant while working on some of the largest

  20. Security enhanced BioEncoding for protecting iris codes

    Science.gov (United States)

    Ouda, Osama; Tsumura, Norimichi; Nakaguchi, Toshiya

    2011-06-01

    Improving the security of biometric template protection techniques is a key prerequisite for the widespread deployment of biometric technologies. BioEncoding is a recently proposed template protection scheme, based on the concept of cancelable biometrics, for protecting biometric templates represented as binary strings such as iris codes. The main advantage of BioEncoding over other template protection schemes is that it does not require user-specific keys and/or tokens during verification. Besides, it satisfies all the requirements of the cancelable biometrics construct without deteriorating the matching accuracy. However, although it has been shown that BioEncoding is secure enough against simple brute-force search attacks, the security of BioEncoded templates against more smart attacks, such as record multiplicity attacks, has not been sufficiently investigated. In this paper, a rigorous security analysis of BioEncoding is presented. Firstly, resistance of BioEncoded templates against brute-force attacks is revisited thoroughly. Secondly, we show that although the cancelable transformation employed in BioEncoding might be non-invertible for a single protected template, the original iris code could be inverted by correlating several templates used in different applications but created from the same iris. Accordingly, we propose an important modification to the BioEncoding transformation process in order to hinder attackers from exploiting this type of attacks. The effectiveness of adopting the suggested modification is validated and its impact on the matching accuracy is investigated empirically using CASIA-IrisV3-Interval dataset. Experimental results confirm the efficacy of the proposed approach and show that it preserves the matching accuracy of the unprotected iris recognition system.

  1. A Malicious Pattern Detection Engine for Embedded Security Systems in the Internet of Things

    Directory of Open Access Journals (Sweden)

    Doohwan Oh

    2014-12-01

    Full Text Available With the emergence of the Internet of Things (IoT, a large number of physical objects in daily life have been aggressively connected to the Internet. As the number of objects connected to networks increases, the security systems face a critical challenge due to the global connectivity and accessibility of the IoT. However, it is difficult to adapt traditional security systems to the objects in the IoT, because of their limited computing power and memory size. In light of this, we present a lightweight security system that uses a novel malicious pattern-matching engine. We limit the memory usage of the proposed system in order to make it work on resource-constrained devices. To mitigate performance degradation due to limitations of computation power and memory, we propose two novel techniques, auxiliary shifting and early decision. Through both techniques, we can efficiently reduce the number of matching operations on resource-constrained systems. Experiments and performance analyses show that our proposed system achieves a maximum speedup of 2.14 with an IoT object and provides scalable performance for a large number of patterns.

  2. A malicious pattern detection engine for embedded security systems in the Internet of Things.

    Science.gov (United States)

    Oh, Doohwan; Kim, Deokho; Ro, Won Woo

    2014-12-16

    With the emergence of the Internet of Things (IoT), a large number of physical objects in daily life have been aggressively connected to the Internet. As the number of objects connected to networks increases, the security systems face a critical challenge due to the global connectivity and accessibility of the IoT. However, it is difficult to adapt traditional security systems to the objects in the IoT, because of their limited computing power and memory size. In light of this, we present a lightweight security system that uses a novel malicious pattern-matching engine. We limit the memory usage of the proposed system in order to make it work on resource-constrained devices. To mitigate performance degradation due to limitations of computation power and memory, we propose two novel techniques, auxiliary shifting and early decision. Through both techniques, we can efficiently reduce the number of matching operations on resource-constrained systems. Experiments and performance analyses show that our proposed system achieves a maximum speedup of 2.14 with an IoT object and provides scalable performance for a large number of patterns.

  3. A Malicious Pattern Detection Engine for Embedded Security Systems in the Internet of Things

    Science.gov (United States)

    Oh, Doohwan; Kim, Deokho; Ro, Won Woo

    2014-01-01

    With the emergence of the Internet of Things (IoT), a large number of physical objects in daily life have been aggressively connected to the Internet. As the number of objects connected to networks increases, the security systems face a critical challenge due to the global connectivity and accessibility of the IoT. However, it is difficult to adapt traditional security systems to the objects in the IoT, because of their limited computing power and memory size. In light of this, we present a lightweight security system that uses a novel malicious pattern-matching engine. We limit the memory usage of the proposed system in order to make it work on resource-constrained devices. To mitigate performance degradation due to limitations of computation power and memory, we propose two novel techniques, auxiliary shifting and early decision. Through both techniques, we can efficiently reduce the number of matching operations on resource-constrained systems. Experiments and performance analyses show that our proposed system achieves a maximum speedup of 2.14 with an IoT object and provides scalable performance for a large number of patterns. PMID:25521382

  4. A Survey of How to Use Blockchain to Secure Internet of Things and the Stalker Attack

    Directory of Open Access Journals (Sweden)

    Emanuel Ferreira Jesus

    2018-01-01

    Full Text Available The Internet of Things (IoT is increasingly a reality today. Nevertheless, some key challenges still need to be given particular attention so that IoT solutions further support the growing demand for connected devices and the services offered. Due to the potential relevance and sensitivity of services, IoT solutions should address the security and privacy concerns surrounding these devices and the data they collect, generate, and process. Recently, the Blockchain technology has gained much attention in IoT solutions. Its primary usage scenarios are in the financial domain, where Blockchain creates a promising applications world and can be leveraged to solve security and privacy issues. However, this emerging technology has a great potential in the most diverse technological areas and can significantly help achieve the Internet of Things view in different aspects, increasing the capacity of decentralization, facilitating interactions, enabling new transaction models, and allowing autonomous coordination of the devices. The paper goal is to provide the concepts about the structure and operation of Blockchain and, mainly, analyze how the use of this technology can be used to provide security and privacy in IoT. Finally, we present the stalker, which is a selfish miner variant that has the objective of preventing a node to publish its blocks on the main chain.

  5. The Internet and Security: Do We need a Man With A Red Flag To Walk In Front of Computers?

    OpenAIRE

    Edwards, Lilian

    2007-01-01

    This editorial focusses on the topic of internet security; its real, or perceived threats to individuals, and the regulatory framework in place to deal with cybercrime. Edwards suggests some obligations for computer owners as an attempt to ensure the security of their computer.

  6. WRR-Policy Brief 6 : Big data and security policies: serving security, protecting freedom

    NARCIS (Netherlands)

    Broeders, Dennis; Schrijvers, Erik; Hirsch Ballin, Ernst

    2017-01-01

    Big Data analytics in national security, law enforcement and the fight against fraud can reap great benefits for states, citizens and society but require extra safeguards to protect citizens’ fundamental rights. This requires new frameworks: a crucial shift is necessary from regulating the phase of

  7. The protective effects of parental monitoring and internet restriction on adolescents' risk of online harassment.

    Science.gov (United States)

    Khurana, Atika; Bleakley, Amy; Jordan, Amy B; Romer, Daniel

    2015-05-01

    With many adolescents using the internet to communicate with their peers, online harassment is on the rise among youth. The purpose of this study was to understand how parental monitoring and strategies parents use to regulate children's internet use (i.e., internet restriction) can help reduce online harassment among adolescents. Online survey data were collected from a nationally representative sample of parents and their 12-17 year old adolescents (n = 629; 49 % female). Structural equation modeling was used to test direct and indirect effects of parental monitoring and internet restriction on being a victim of online harassment. Potential mediators included adolescents' frequency of use of social networking websites, time spent on computers outside of school, and internet access in the adolescent's bedroom. Age and gender differences were also explored. Adolescents' reports of parental monitoring and efforts to regulate specific forms of internet use were associated with reduced rates of online harassment. Specifically, the effect of parental monitoring was largely direct and 26 times greater than parental internet restriction. The latter was associated with lower rates of harassment only indirectly by limiting internet access in the adolescent's bedroom. These effects operated similarly for younger and older adolescents and for males and females. Adolescents' perceptions of parental monitoring and awareness can be protective against online harassment. Specific restriction strategies such as regulating internet time and content can also help reduce the risk of online harassment.

  8. Copyright on the internet: achieving security through electronic devices an artificial intelligence approach

    OpenAIRE

    Niebla Zatarain, Jesus Manuel

    2018-01-01

    This thesis aims to provide a novel approach to ensure copyright compliance online, appropriate for the Internet of Things and the robotic revolution. To achieve this, three different aims are pursued: - A novel application of “by design” solutions to copyright protection is introduced and its advantages and disadvantages discussed from a jurisprudential and doctrinal perspective. - On the basis of this, a new theoretical framework for legal AI is developed that draws on ...

  9. Performance evaluation of secured DICOM image communication with next generation internet protocol IPv6

    Science.gov (United States)

    Yu, Fenghai; Zhang, Jianguo; Chen, Xiaomeng; Huang, H. K.

    2005-04-01

    Next Generation Internet (NGI) technology with new communication protocol IPv6 emerges as a potential solution for low-cost and high-speed networks for image data transmission. IPv6 is designed to solve many of the problems of the current version of IP (known as IPv4) with regard to address depletion, security, autoconfiguration, extensibility, and more. We choose CTN (Central Test Node) DICOM software developed by The Mallinckrodt Institute of Radiology to implement IPv6/IPv4 enabled DICOM communication software on different operating systems (Windows/Linux), and used this DICOM software to evaluate the performance of the IPv6/IPv4 enabled DICOM image communication with different security setting and environments. We compared the security communications of IPsec with SSL/TLS on different TCP/IP protocols (IPv6/IPv4), and find that there are some trade-offs to choose security solution between IPsec and SSL/TLS in the security implementation of IPv6/IPv4 communication networks.

  10. Security Enhancement for Multicast over Internet of Things by Dynamically Constructed Fountain Codes

    Directory of Open Access Journals (Sweden)

    Qinghe Du

    2018-01-01

    Full Text Available The Internet of Things (IoT is expected to accommodate every object which exists in this world or likely to exist in the near future. The enormous scale of the objects is challenged by big security concerns, especially for common information dissemination via multicast services, where the reliability assurance for multiple multicast users at the cost of increasing redundancy and/or retransmissions also benefits eavesdroppers in successfully decoding the overheard signals. The objective of this work is to address the security challenge present in IoT multicast applications. Specifically, with the presence of the eavesdropper, an adaptive fountain code design is proposed in this paper to enhance the security for multicast in IoT. The main novel features of the proposed scheme include two folds: (i dynamical encoding scheme which can effectively decrease intercept probability at the eavesdropper; (ii increasing the transmission efficiency compared with the conventional nondynamical design. The analysis and simulation results show that the proposed scheme can effectively enhance information security while achieving higher transmission efficiency with a little accredited complexity, thus facilitating the secured wireless multicast transmissions over IoT.

  11. Effectively protecting cyber infrastructure and assessing security needs

    Energy Technology Data Exchange (ETDEWEB)

    Robbins, J.; Starman, R. [EWA Canada Ltd., Edmonton, AB (Canada)

    2002-07-01

    This presentation addressed some of the requirements for effectively protecting cyber infrastructure and assessing security needs. The paper discussed the hype regarding cyber attacks, and presented the Canadian reality (as viewed by CanCERT). An assessment of security concerns was also presented. Recent cyber attacks on computer networks have raised fears of unsafe energy networks. Some experts claim the attacks are linked to terrorism, others blame industrial spying and mischief. Others dismiss the notion that somebody could bring down a power grid with a laptop as being far-fetched. It was noted that the cyber security threat is real, and that attacks are becoming more sophisticated as we live in a target rich environment. The issue of assessing vulnerabilities was discussed along with the selection of safeguards such as improving SCADA systems and the latest encryption methods to prevent hackers from bringing down computer networks. 3 tabs., 23 figs.

  12. Network Security Issues in The Internet of Things (IoT)

    OpenAIRE

    Millar, Stuart

    2016-01-01

    This paper surveys a broad range of other research works in order to discuss network security issues in the Internet of Things (IoT). We begin with setting the scene generally with an outline of IoT, followed by a discussion of IoT layer models and topologies. After this, IoT standardization efforts and protocols are analysed, before we discuss in depth vulnerabilities, attacks and mitigations with regard IoT. It is concluded that ample research and narrative exists for protocols and vulnerab...

  13. Using innovation from block chain technology to address privacy and security problems of Internet of Things

    OpenAIRE

    Manocha, Jitendra

    2017-01-01

    Internet of things (IoT) is growing at a phenomenal speed and outpacing all the technological revolutions that occurred in the past. Together with window of opportunity it also poses quite a few challenges. One of the most important and unresolved challenge is vulnerability in security and privacy in IoT. This is mainly due to lack of a global decentralized standard even though characteristically IoT is based on distributed systems. Due to lack of standard IoT has interoperability issue betwe...

  14. Classification of Device Behaviour in Internet of Things Infrastructures: Towards Distinguishing the Abnormal From Security Threats

    OpenAIRE

    Ferrando, Roman; Stacey, Paul

    2017-01-01

    Increasingly, Internet of Things (IoT) devices are being woven into the fabric of our physical world. With this rapidly expanding pervasive deployment of IoT devices, and supporting infrastructure, we are fast approaching the point where the problem of IoT based cyber-security attacks is a serious threat to industrial operations, business activity and social interactions that leverage IoT technologies. The number of threats and successful attacks against connected systems using IoT devices an...

  15. Protecting Commercial Space Systems: A Critical National Security Issue

    Science.gov (United States)

    1999-04-01

    systems. Part two will describe, at the operational level , this author’s theory for space protection and recommend a course of action to work...minimal loss of life. These factors force us to conclude this is a critical national security issue just as many in high- level government positions...Command and Staff College Operational Forces Coursebook (Academic Year 1999), 35. 3 The USCG is not a Title 10 Service, thus Posse Comitatus is not a

  16. A Novel Security Scheme Based on Instant Encrypted Transmission for Internet of Things

    Directory of Open Access Journals (Sweden)

    Chen Wang

    2018-01-01

    Full Text Available Internet of Things (IoT is a research field that has been continuously developed and innovated in recent years and is also an important driving force for the improvement of people’s life in the future. There are lots of scenarios in IoT where we need to collaborate through devices to complete tasks; that is, a device sends data to other devices, and other devices operate on the aid of the data. These transmitted data are often users’ privacy data, such as medical data and grid data. We propose an instant encrypted transmission based security scheme for such scenarios in IoT. The analysis in this paper indicates that our scheme can guarantee the security of users’ data while ensuring rapid transmission and acquisition of instant IoT data.

  17. Improving the Security of Internet Banking Applications by Using Multimodal Biometrics

    Directory of Open Access Journals (Sweden)

    Cătălin Lupu

    2015-03-01

    Full Text Available Online banking applications are used by more and more people all over the world. Most of the banks are providing these services to their customers. The authentication methods varies from the basic user and password to username and a onetime password (OTP generated by a virtual or a physical digipass. The common thing among authentication methods is that the login wepage is provided through a secure channel. Some banks have introduced (especially for testing purposes the authentication using common biometric characteristics, like fingerprint, voice or keystroke recognition. This paper will present some of the most common online banking authentication methods, together with basic biometric characteristics that could be used in these applications. The security in internet banking applications can be improved by using biometrics for the authentication process. Also, the authors have developed an application for authentication of users using fingerprint as the main characteristic, which will be presented at the end of this paper.

  18. Comparison of risk and protective factors associated with smartphone addiction and Internet addiction

    OpenAIRE

    Choi, Sam-Wook; Kim, Dai-Jin; Choi, Jung-Seok; Ahn, Heejune; Choi, Eun-Jeung; Song, Won-Young; Kim, Seohee; Youn, Hyunchul

    2015-01-01

    Background and Aims Smartphone addiction is a recent concern that has resulted from the dramatic increase in worldwide smartphone use. This study assessed the risk and protective factors associated with smartphone addiction in college students and compared these factors to those linked to Internet addiction. Methods College students (N?=?448) in South Korea completed the Smartphone Addiction Scale, the Young?s Internet Addiction Test, the Alcohol Use Disorders Identification Test, the Beck De...

  19. 76 FR 2728 - Securities Investor Protection Corporation; Order Approving a Proposed Bylaw Change Relating to...

    Science.gov (United States)

    2011-01-14

    ... on SIPC Members January 10, 2011. On October 8, 2010, the Securities Investor Protection Corporation... pursuant to Section 3(e)(1) of the Securities Investor Protection Act of 1970 (``SIPA''), 15 U.S.C. 78ccc(e... SECURITIES AND EXCHANGE COMMISSION [Release No. SIPA-170; File No. SIPC-2010-01] Securities...

  20. 17 CFR 403.4 - Customer protection-reserves and custody of securities.

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Customer protection-reserves... TREASURY REGULATIONS UNDER SECTION 15C OF THE SECURITIES EXCHANGE ACT OF 1934 PROTECTION OF CUSTOMER SECURITIES AND BALANCES § 403.4 Customer protection—reserves and custody of securities. Every registered...

  1. 76 FR 75781 - Treasury Inflation-Protected Securities Issued at a Premium

    Science.gov (United States)

    2011-12-05

    ... Inflation-Protected Securities Issued at a Premium AGENCY: Internal Revenue Service (IRS), Treasury. ACTION... tax treatment of Treasury Inflation-Protected Securities issued with more than a de minimis amount of... a toll-free number). SUPPLEMENTARY INFORMATION: Background Treasury Inflation-Protected Securities...

  2. 78 FR 31955 - Privacy Act of 1974; Department of Homeland Security National Protection and Programs Directorate...

    Science.gov (United States)

    2013-05-28

    ... 1974; Department of Homeland Security National Protection and Programs Directorate--001 Arrival and... of records titled Department of Homeland Security/National Protection and Programs Directorate--001... of 1974, 5 U.S.C. 552a, the Department of Homeland Security (DHS) National Protection and Programs...

  3. 49 CFR 387.303 - Security for the protection of the public: Minimum limits.

    Science.gov (United States)

    2010-10-01

    ... 49 Transportation 5 2010-10-01 2010-10-01 false Security for the protection of the public: Minimum... Insurance for Motor Carriers and Property Brokers § 387.303 Security for the protection of the public... convenience of the user, the revised text is set forth as follows: § 387.303 Security for the protection of...

  4. Computer Security: Protect your plant: a "serious game" about control system cyber-security

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    Control system cyber-security is attracting increasing attention: from cybercriminals, from the media and from security researchers.   After the legendary “Stuxnet” attacks of 2010 against an Iranian uranium enrichment plant, the infiltration of Saudi Aramco in 2012, and most recently the hacking of German blast furnaces, we should be prepared. Just imagine what would happen if hackers turned off the lights in Geneva and the Pays-de-Gex for a month? (“Hacking control systems, switching lights off!"). Or if attackers infiltrated CERN’s accelerator or experiment control systems and stopped us from pursuing our core business: delivering beams and recording particle collisions (“Hacking control systems, switching... accelerators off?"). Now you can test your ability to protect an industrial plant against cyber-threats! The Computer Security Team, in collaboration with Kaspersky Lab, is organising a so-...

  5. Security for whom? Stabilisation and civilian protection in Colombia.

    Science.gov (United States)

    Elhawary, Samir

    2010-10-01

    This paper focuses on three periods of stabilisation in Colombia: the Alliance for Progress (1961-73) that sought to stem the threat of communist revolution in Latin America; Plan Colombia and President Alvaro Uribe's 'democratic security' policy (2000-07) aimed at defeating the guerrillas and negotiating a settlement with the paramilitaries; and the current 'integrated approach', adopted from 2007, to consolidate more effectively the state's control of its territory.(1) The paper assesses the extent to which these stabilisation efforts have enhanced the protection of civilians and ultimately finds that in all three periods there has been a disconnect between the discourse and the practice of stabilisation. While they have all sought to enhance security, in actual fact, they have privileged the security of the state and its allies at the expense of the effective protection of the civilian population. This has not only led to widespread human rights abuses but also has undermined the long-term stability being pursued. © 2010 The Author(s). Journal compilation © Overseas Development Institute, 2010.

  6. Cyber Security and Habeas Data: The Latin American response to information security and data protection

    Directory of Open Access Journals (Sweden)

    Luisa Parraguez Kobek

    2016-11-01

    Full Text Available Habeas Data is not a commonly known concept, yet it is widely acknowledged in certain circles that deal with information security and data protection. Though it has been around for decades, it has recently gained momentum in Latin America. It is the legal notion that protects any and all information pertaining to the individual, from personal to financial, giving them the power to decide how and where such data can be used. At the same time, most Latin American countries have created laws that protect individuals if their  information is misused. This article examines the concept of Habeas Data from its inception to its current applications, and explains the different approaches and legislations passed in Latin American countries on data protection due to the rise of global cybercrime.

  7. Dissecting the Security and Protection Issues in Pervasive Computing

    Directory of Open Access Journals (Sweden)

    Qaisar Javaid

    2018-04-01

    Full Text Available Human beings reflect nomadic behaviour as they keep on travelling place to place whole day for personal or organizational purposes. The inception of modern networking technologies and the advent of wide range of applications in terms of services and resources have facilitated the users in many ways. The advancements in numerous areas such as embedded systems, WN (Wireless Networks, mobile and context-aware computing, anticipated pervasive computing dominated the human communication at large. Pervasive computing refers to the environment where information is accessible anywhere and anytime while existing system is invisible to the user. On the other hand, the invisibility of pervasive computing is also a problem in its adoption as users are unaware when and what devices collect their personal data and how it is being used. It has caused new security chaos as the more information about user is collected the more privacy and security concerns it raises, thus, the pervasive computing applications became key concern for user. This paper is aimed at analyzing the security and protection issues that arise while traveling from place to place connected with wireless mobile networks. The paper reviews many existing systems that offer possible security to pervasive users. An easy, precise and relative analysis and evaluation of surveyed pervasive systems are presented and some future directions are highlighted.

  8. Comparison of risk and protective factors associated with smartphone addiction and Internet addiction.

    Science.gov (United States)

    Choi, Sam-Wook; Kim, Dai-Jin; Choi, Jung-Seok; Ahn, Heejune; Choi, Eun-Jeung; Song, Won-Young; Kim, Seohee; Youn, Hyunchul

    2015-12-01

    Smartphone addiction is a recent concern that has resulted from the dramatic increase in worldwide smartphone use. This study assessed the risk and protective factors associated with smartphone addiction in college students and compared these factors to those linked to Internet addiction. College students (N = 448) in South Korea completed the Smartphone Addiction Scale, the Young's Internet Addiction Test, the Alcohol Use Disorders Identification Test, the Beck Depression Inventory I, the State-Trait Anxiety Inventory (Trait Version), the Character Strengths Test, and the Connor-Davidson Resilience Scale. The data were analyzed using multiple linear regression analyses. The risk factors for smartphone addiction were female gender, Internet use, alcohol use, and anxiety, while the protective factors were depression and temperance. In contrast, the risk factors for Internet addiction were male gender, smartphone use, anxiety, and wisdom/knowledge, while the protective factor was courage. Discussion These differences may result from unique features of smartphones, such as high availability and primary use as a tool for interpersonal relationships. Our findings will aid clinicians in distinguishing between predictive factors for smartphone and Internet addiction and can consequently be utilized in the prevention and treatment of smartphone addiction.

  9. Energy policy seesaw between security and protecting the environment

    International Nuclear Information System (INIS)

    Finon, D.

    1994-01-01

    It is just the price of oil that causes the energy policies of importing countries to vacillate. Changing perceptions of energy supply factors has had as much to do with transfiguring government action modes since 1973 as has the idea of the legitimacy of that action. The present paper thus draws a parallel between the goal of energy security twenty years ago and that of global environmental protection today, which explains the critical reversion to a view of minimum government action in the energy field - a view that marked the eighties. (author). 20 refs

  10. Model Based Cyber Security Analysis for Research Reactor Protection System

    International Nuclear Information System (INIS)

    Sho, Jinsoo; Rahman, Khalil Ur; Heo, Gyunyoung; Son, Hanseong

    2013-01-01

    The study on the qualitative risk due to cyber-attacks into research reactors was performed using bayesian Network (BN). This was motivated to solve the issues of cyber security raised due to digitalization of instrumentation and control (I and C) system. As a demonstrative example, we chose the reactor protection system (RPS) of research reactors. Two scenarios of cyber-attacks on RPS were analyzed to develop mitigation measures against vulnerabilities. The one is the 'insertion of reactor trip' and the other is the 'scram halt'. The six mitigation measures are developed for five vulnerability for these scenarios by getting the risk information from BN

  11. Security and Privacy in the Medical Internet of Things: A Review

    Directory of Open Access Journals (Sweden)

    Wencheng Sun

    2018-01-01

    Full Text Available Medical Internet of Things, also well known as MIoT, is playing a more and more important role in improving the health, safety, and care of billions of people after its showing up. Instead of going to the hospital for help, patients’ health-related parameters can be monitored remotely, continuously, and in real time, then processed, and transferred to medical data center, such as cloud storage, which greatly increases the efficiency, convenience, and cost performance of healthcare. The amount of data handled by MIoT devices grows exponentially, which means higher exposure of sensitive data. The security and privacy of the data collected from MIoT devices, either during their transmission to a cloud or while stored in a cloud, are major unsolved concerns. This paper focuses on the security and privacy requirements related to data flow in MIoT. In addition, we make in-depth study on the existing solutions to security and privacy issues, together with the open challenges and research issues for future work.

  12. Security auditing: a prescription for keeping protection programs healthy.

    Science.gov (United States)

    Luizzo, Anthony

    2010-01-01

    The different aspects of security auditing and the role of the security auditor is explained in detail by the author in this primer for security professionals with specific advice on what should be included in a security audit report.

  13. Practical aspects of handling data protection and data security.

    Science.gov (United States)

    Louwerse, C P

    1991-01-01

    Looking at practical applications of health care information systems, we must conclude that in the field of data protection there still is too large a gap between what is feasible and necessary on one hand, and what is achieved in actual realizations on the other. To illustrate this point, we sketch the actual data protection measures in a large hospital information system, and describe the effects of changes affecting the system, such as increasing use of personal computers, and growing intensity of use of the system. Trends in the development of new and additional systems are indicated, and a summary of possible weak points and gaps in the security is given, some suggestions for improvement are made.

  14. The Anonymization Protection Algorithm Based on Fuzzy Clustering for the Ego of Data in the Internet of Things

    Directory of Open Access Journals (Sweden)

    Mingshan Xie

    2017-01-01

    Full Text Available In order to enhance the enthusiasm of the data provider in the process of data interaction and improve the adequacy of data interaction, we put forward the concept of the ego of data and then analyzed the characteristics of the ego of data in the Internet of Things (IOT in this paper. We implement two steps of data clustering for the Internet of things; the first step is the spatial location of adjacent fuzzy clustering, and the second step is the sampling time fuzzy clustering. Equivalent classes can be obtained through the two steps. In this way we can make the data with layout characteristics to be classified into different equivalent classes, so that the specific location information of the data can be obscured, the layout characteristics of tags are eliminated, and ultimately anonymization protection would be achieved. The experimental results show that the proposed algorithm can greatly improve the efficiency of protection of the data in the interaction with others in the incompletely open manner, without reducing the quality of anonymization and enhancing the information loss. The anonymization data set generated by this method has better data availability, and this algorithm can effectively improve the security of data exchange.

  15. [A security protocol for the exchange of personal medical data via Internet: monitoring treatment and drug effects].

    Science.gov (United States)

    Viviani, R; Fischer, J; Spitzer, M; Freudenmann, R W

    2004-04-01

    We present a security protocol for the exchange of medical data via the Internet, based on the type/domain model. We discuss two applications of the protocol: in a system for the exchange of data for quality assurance, and in an on-line database of adverse reactions to drug use. We state that a type/domain security protocol can successfully comply with the complex requirements for data privacy and accessibility typical of such applications.

  16. Building an authorization model for external means of protection of APCS based on the Internet of things

    Science.gov (United States)

    Zaharov, A. A.; Nissenbaum, O. V.; Ponomaryov, K. Y.; Nesgovorov, E. S.

    2018-01-01

    In this paper we study application of Internet of Thing concept and devices to secure automated process control systems. We review different approaches in IoT (Internet of Things) architecture and design and propose them for several applications in security of automated process control systems. We consider an Attribute-based encryption in context of access control mechanism implementation and promote a secret key distribution scheme between attribute authorities and end devices.

  17. Internet

    Institute of Scientific and Technical Information of China (English)

    2001-01-01

    微软想要统治Internet,Windows XP就是这个计划中的一个组成部分。微软已经努力争取提供连接Internet的最方便、最完整的方法。新的操作系统含有Internet Explorer 6(IE6)、新的保密功能以及防火墙保护。Windows XP甚至包含有一个Macromedia Flash播放器插件。但是对Sun微系统公司的打击就是

  18. 10 CFR 95.25 - Protection of National Security Information and Restricted Data in storage.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 2 2010-01-01 2010-01-01 false Protection of National Security Information and Restricted Data in storage. 95.25 Section 95.25 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY... Protection of National Security Information and Restricted Data in storage. (a) Secret matter, while...

  19. 10 CFR 2.903 - Protection of restricted data and national security information.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 1 2010-01-01 2010-01-01 false Protection of restricted data and national security... Restricted Data and/or National Security Information § 2.903 Protection of restricted data and national security information. Nothing in this subpart shall relieve any person from safeguarding Restricted Data or...

  20. SOCIAL CONDITIONALITY OF INFORMATION SECURITY PROTECTION BY CRIMINAL LAW IN THE RUSSIAN FEDERATION

    OpenAIRE

    EFREMOVA MARINA ALEKSANDROVNA

    2016-01-01

    Information security is one of the components of the national security in the Russian Federation. The role of the information component in the national security has become significantly more important. The criminal law needs to be updated in order to enhance its effectiveness with regard to criminal law protection of information security.

  1. Compact Extensible Authentication Protocol for the Internet of Things: Enabling Scalable and Efficient Security Commissioning

    Directory of Open Access Journals (Sweden)

    Marcin Piotr Pawlowski

    2015-01-01

    Full Text Available Internet of Things security is one of the most challenging parts of the domain. Combining strong cryptography and lifelong security with highly constrained devices under conditions of limited energy consumption and no maintenance time is extremely difficult task. This paper presents an approach that combines authentication and bootstrapping protocol (TEPANOM with Extensible Authentication Protocol (EAP framework optimized for the IEEE 802.15.4 networks. The solution achieves significant reduction of network resource usage. Additionally, by application of EAP header compacting approach, further network usage savings have been reached. The EAP-TEPANOM solution has achieved substantial reduction of 42% in the number of transferred packets and 35% reduction of the transferred data. By application of EAP header compaction, it has been possible to achieve up to 80% smaller EAP header. That comprises further reduction of transferred data for 3.84% for the EAP-TEPANOM method and 10% for the EAP-TLS-ECDSA based methods. The results have placed the EAP-TEPANOM method as one of the most lightweight EAP methods from ones that have been tested throughout this research, making it feasible for large scale deployments scenarios of IoT.

  2. Internet-Based Solutions for a Secure and Efficient Seismic Network

    Science.gov (United States)

    Bhadha, R.; Black, M.; Bruton, C.; Hauksson, E.; Stubailo, I.; Watkins, M.; Alvarez, M.; Thomas, V.

    2017-12-01

    The Southern California Seismic Network (SCSN), operated by Caltech and USGS, leverages modern Internet-based computing technologies to provide timely earthquake early warning for damage reduction, event notification, ShakeMap, and other data products. Here we present recent and ongoing innovations in telemetry, security, cloud computing, virtualization, and data analysis that have allowed us to develop a network that runs securely and efficiently.Earthquake early warning systems must process seismic data within seconds of being recorded, and SCSN maintains a robust and resilient network of more than 350 digital strong motion and broadband seismic stations to achieve this goal. We have continued to improve the path diversity and fault tolerance within our network, and have also developed new tools for latency monitoring and archiving.Cyberattacks are in the news almost daily, and with most of our seismic data streams running over the Internet, it is only a matter of time before SCSN is targeted. To ensure system integrity and availability across our network, we have implemented strong security, including encryption and Virtual Private Networks (VPNs).SCSN operates its own data center at Caltech, but we have also installed real-time servers on Amazon Web Services (AWS), to provide an additional level of redundancy, and eventually to allow full off-site operations continuity for our network. Our AWS systems receive data from Caltech-based import servers and directly from field locations, and are able to process the seismic data, calculate earthquake locations and magnitudes, and distribute earthquake alerts, directly from the cloud.We have also begun a virtualization project at our Caltech data center, allowing us to serve data from Virtual Machines (VMs), making efficient use of high-performance hardware and increasing flexibility and scalability of our data processing systems.Finally, we have developed new monitoring of station average noise levels at most stations

  3. On the security of consumer wearable devices in the Internet of Things.

    Science.gov (United States)

    Tahir, Hasan; Tahir, Ruhma; McDonald-Maier, Klaus

    2018-01-01

    Miniaturization of computer hardware and the demand for network capable devices has resulted in the emergence of a new class of technology called wearable computing. Wearable devices have many purposes like lifestyle support, health monitoring, fitness monitoring, entertainment, industrial uses, and gaming. Wearable devices are hurriedly being marketed in an attempt to capture an emerging market. Owing to this, some devices do not adequately address the need for security. To enable virtualization and connectivity wearable devices sense and transmit data, therefore it is essential that the device, its data and the user are protected. In this paper the use of novel Integrated Circuit Metric (ICMetric) technology for the provision of security in wearable devices has been suggested. ICMetric technology uses the features of a device to generate an identification which is then used for the provision of cryptographic services. This paper explores how a device ICMetric can be generated by using the accelerometer and gyroscope sensor. Since wearable devices often operate in a group setting the work also focuses on generating a group identification which is then used to deliver services like authentication, confidentiality, secure admission and symmetric key generation. Experiment and simulation results prove that the scheme offers high levels of security without compromising on resource demands.

  4. Cyber resilience: a review of critical national infrastructure and cyber security protection measures applied in the UK and USA.

    Science.gov (United States)

    Harrop, Wayne; Matteson, Ashley

    This paper presents cyber resilience as key strand of national security. It establishes the importance of critical national infrastructure protection and the growing vicarious nature of remote, well-planned, and well executed cyber attacks on critical infrastructures. Examples of well-known historical cyber attacks are presented, and the emergence of 'internet of things' as a cyber vulnerability issue yet to be tackled is explored. The paper identifies key steps being undertaken by those responsible for detecting, deterring, and disrupting cyber attacks on critical national infrastructure in the United Kingdom and the USA.

  5. 78 FR 39712 - Critical Infrastructure Protection and Cyber Security Trade Mission to Saudi Arabia and Kuwait...

    Science.gov (United States)

    2013-07-02

    ... DEPARTMENT OF COMMERCE International Trade Administration Critical Infrastructure Protection and Cyber Security Trade Mission to Saudi Arabia and Kuwait Clarification and Amendment AGENCY... cyber-security firms and trade organizations which have not already submitted an application are...

  6. Host based internet protocol (IP) packet analysis to enhance network security

    International Nuclear Information System (INIS)

    Ahmad, T.; Ahmad, S.Z.; Yasin, M.M.

    2007-01-01

    Data communication in a computer network environment is facing serious security threats from numerous sources such as viruses, worms, Zombies etc. These threats can be broadly characterized as internal or external security threats. Internal threats are mainly attributed to sneaker-nets, utility modems and unauthorized users, which can be minimized by skillful network administration, password management and optimum usage policy definition. The external threats need more serious attention as these attacks are mostly coming from public networks such as Internet. Frequency and complexity of such attacks is much higher as compared to internal attacks. This paper presents a host based network layer screening of external and internal IP packets for logging, analyzing and real-time detection of possible IP spoofing and Denial of Service attacks. This work can also be used in tuning security rules definition for gateway firewalls. Software has been developed which intercepts IP traffic and analyses it with respect to integrity and origin of I P packet. The received IP packets are parsed and analyzed for possible signs of intrusion. The results show that by watching and categorizing composition of various transport protocol such as TCP, UDP, ICMP and others along with verifying the origin of received IP packet can help in devising real-time firewall rule and blocking possible external attack. This is highly desirable for fighting against zero day attacks and can result in a better Mean Time between Failures (MTBF) to increase the survivability of computer network. Used in a right context, packet screening and filtering can be a useful tool for provision of reliable and stable network services. (author)

  7. The Digital Divide and Patient Portals: Internet Access Explained Differences in Patient Portal Use for Secure Messaging by Age, Race, and Income.

    Science.gov (United States)

    Graetz, Ilana; Gordon, Nancy; Fung, Vick; Hamity, Courtnee; Reed, Mary E

    2016-08-01

    Online access to health records and the ability to exchange secure messages with physicians can improve patient engagement and outcomes; however, the digital divide could limit access to web-based portals among disadvantaged groups. To understand whether sociodemographic differences in patient portal use for secure messaging can be explained by differences in internet access and care preferences. Cross-sectional survey to examine the association between patient sociodemographic characteristics and internet access and care preferences; then, the association between sociodemographic characteristics and secure message use with and without adjusting for internet access and care preference. One thousand forty-one patients with chronic conditions in a large integrated health care delivery system (76% response rate). Internet access, portal use for secure messaging, preference for in-person or online care, and sociodemographic and health characteristics. Internet access and preference mediated some of the differences in secure message use by age, race, and income. For example, using own computer to access the internet explained 52% of the association between race and secure message use and 60% of the association between income and use (Sobel-Goodman mediation test, Pdifferences in portal use remained statistically significant when controlling for internet access and preference. As the availability and use of patient portals increase, it is important to understand which patients have limited access and the barriers they may face. Improving internet access and making portals available across multiple platforms, including mobile, may reduce some disparities in secure message use.

  8. 78 FR 666 - Treasury Inflation-Protected Securities Issued at a Premium; Bond Premium Carryforward

    Science.gov (United States)

    2013-01-04

    ...-BL29 Treasury Inflation-Protected Securities Issued at a Premium; Bond Premium Carryforward AGENCY... contains final regulations that provide guidance on the tax treatment of Treasury Inflation-Protected... regulations in this document provide guidance to holders of Treasury Inflation-Protected Securities and other...

  9. Fourier domain asymmetric cryptosystem for privacy protected multimodal biometric security

    Science.gov (United States)

    Choudhury, Debesh

    2016-04-01

    We propose a Fourier domain asymmetric cryptosystem for multimodal biometric security. One modality of biometrics (such as face) is used as the plaintext, which is encrypted by another modality of biometrics (such as fingerprint). A private key is synthesized from the encrypted biometric signature by complex spatial Fourier processing. The encrypted biometric signature is further encrypted by other biometric modalities, and the corresponding private keys are synthesized. The resulting biometric signature is privacy protected since the encryption keys are provided by the human, and hence those are private keys. Moreover, the decryption keys are synthesized using those private encryption keys. The encrypted signatures are decrypted using the synthesized private keys and inverse complex spatial Fourier processing. Computer simulations demonstrate the feasibility of the technique proposed.

  10. Current Trends in providing the Toys Security and Consumer Protection

    Directory of Open Access Journals (Sweden)

    Luiela Magdalena Csorba

    2014-01-01

    Full Text Available The goods and services market is not in equilibrium. This affects continuously the consumers under multiple aspects: economic, educational, health insurance and security, and so on. Not even the toys market outlets or the toys trading market aren’t trouble free. Because publications in the toys consumer protection field are seldom (legislation is the starting point in analyzing this area, the checks carried out at national level which showed the marketed toys insecurity and the abuses of the economic agents in this sector determined us to analyze the degree in which people knows the toy-related injuries and the danger to which they expose their own children when purchasing dangerous toys. That’s why a quantitative research was conducted, using the method of questionnaire, distributed through the Romanian consumers, with the aim to check the empirically awareness and the seriousness with which they relate the risks concerning the toys consume.

  11. Smart responsive phosphorescent materials for data recording and security protection.

    Science.gov (United States)

    Sun, Huibin; Liu, Shujuan; Lin, Wenpeng; Zhang, Kenneth Yin; Lv, Wen; Huang, Xiao; Huo, Fengwei; Yang, Huiran; Jenkins, Gareth; Zhao, Qiang; Huang, Wei

    2014-04-07

    Smart luminescent materials that are responsive to external stimuli have received considerable interest. Here we report ionic iridium (III) complexes simultaneously exhibiting mechanochromic, vapochromic and electrochromic phosphorescence. These complexes share the same phosphorescent iridium (III) cation with a N-H moiety in the N^N ligand and contain different anions, including hexafluorophosphate, tetrafluoroborate, iodide, bromide and chloride. The anionic counterions cause a variation in the emission colours of the complexes from yellow to green by forming hydrogen bonds with the N-H proton. The electronic effect of the N-H moiety is sensitive towards mechanical grinding, solvent vapour and electric field, resulting in mechanochromic, vapochromic and electrochromic phosphorescence. On the basis of these findings, we construct a data-recording device and demonstrate data encryption and decryption via fluorescence lifetime imaging and time-gated luminescence imaging techniques. Our results suggest that rationally designed phosphorescent complexes may be promising candidates for advanced data recording and security protection.

  12. Model Based Cyber Security Analysis for Research Reactor Protection System

    Energy Technology Data Exchange (ETDEWEB)

    Sho, Jinsoo; Rahman, Khalil Ur; Heo, Gyunyoung [Kyung Hee Univ., Yongin (Korea, Republic of); Son, Hanseong [Joongbu Univ., Geumsan (Korea, Republic of)

    2013-07-01

    The study on the qualitative risk due to cyber-attacks into research reactors was performed using bayesian Network (BN). This was motivated to solve the issues of cyber security raised due to digitalization of instrumentation and control (I and C) system. As a demonstrative example, we chose the reactor protection system (RPS) of research reactors. Two scenarios of cyber-attacks on RPS were analyzed to develop mitigation measures against vulnerabilities. The one is the 'insertion of reactor trip' and the other is the 'scram halt'. The six mitigation measures are developed for five vulnerability for these scenarios by getting the risk information from BN.

  13. An Internet-based tailored hearing protection intervention for firefighters: development process and users' feedback.

    Science.gov (United States)

    Hong, OiSaeng; Eakin, Brenda L; Chin, Dal Lae; Feld, Jamie; Vogel, Stephen

    2013-07-01

    Noise-induced hearing loss is a significant occupational injury for firefighters exposed to intermittent noise on the job. It is important to educate firefighters about using hearing protection devices whenever they are exposed to loud noise. Computer technology is a relatively new health education approach and can be useful for tailoring specific aspects of behavioral change training. The purpose of this study is to present the development process of an Internet-based tailored intervention program and to assess its efficacy. The intervention programs were implemented for 372 firefighters (mean age = 44 years, Caucasian = 82%, male = 95%) in three states (California, Illinois, and Indiana). The efficacy was assessed from firefighters' feedback through an Internet-based survey. A multimedia Internet-based training program was developed through (a) determining program content and writing scripts, (b) developing decision-making algorithms for tailoring, (c) graphic design and audio and video productions, (d) creating computer software and a database, and (e) postproduction quality control and pilot testing. Participant feedback regarding the training has been very positive. Participants reported that they liked completing the training via computer (83%) and also that the Internet-based training program was well organized (97%), easy to use (97%), and effective (98%) and held their interest (79%). Almost all (95%) would recommend this Internet training program to other firefighters. Interactive multimedia computer technology using the Internet was a feasible mode of delivery for a hearing protection intervention among firefighters. Participants' favorable feedback strongly supports the continued utilization of this approach for designing and developing interventions to promote healthy behaviors.

  14. How Robust Refugee Protection Policies Can Strengthen Human and National Security

    Directory of Open Access Journals (Sweden)

    Donald Kerwin

    2016-09-01

    Full Text Available This paper makes the case that refugee protection and national security should be viewed as complementary, not conflicting state goals. It argues that refugee protection can further the security of refugees, affected states, and the international community. Refugees and international migrants can also advance national security by contributing to a state’s economic vitality, military strength, diplomatic standing, and civic values. The paper identifies several strategies that would, if implemented, promote both security and refugee protection. It also outlines additional steps that the US Congress should take to enhance US refugee protection policies and security. Finally, it argues for the efficacy of political engagement in support of pro-protection, pro-security policies, and against the assumption that political populism will invariably impede support for refugee protection.

  15. Transboundary natural area protection: Broadening the definition of national security

    Science.gov (United States)

    Haven B. Cook

    2007-01-01

    This paper looks at the definition and concept of national security, and examines how the environment is linked with national security. The traditional, state view of national security that guides most foreign policy includes the concepts of military power, sovereignty and geopolitical stability. This paper advocates broadening the definition of security to include...

  16. Leadership and New Technologies. New Security Issues for Management of Internet Connectivity and Remote Control in Automotive Industry

    Directory of Open Access Journals (Sweden)

    Cosmin Cătălin Olteanu

    2015-05-01

    Full Text Available The main purpose of the paper is to illustrate the importance of implementing new security policies for infotainment systems in automotive industry. A car is full of technology and is easier today to control car systems through an internet connection linked to car system infotainment. This is how it is possible to gain control of critical car systems. More than 84% of users doesn’t even know the risk of remote control of the car in the presence of Internet connection.

  17. Guarding America: Security Guards and U.S. Critical Infrastructure Protection

    National Research Council Canada - National Science Library

    Parfomak, Paul W

    2004-01-01

    The Bush Administration's 2003 National Strategy for the Physical Protection of Critical Infrastructures and Key Assets indicates that security guards are an important source of protection for critical facilities...

  18. Risk and protective factors of internet addiction: a meta-analysis of empirical studies in Korea.

    Science.gov (United States)

    Koo, Hoon Jung; Kwon, Jung-Hye

    2014-11-01

    A meta-analysis of empirical studies performed in Korea was conducted to systematically investigate the associations between the indices of Internet addiction (IA) and psychosocial variables. Systematic literature searches were carried out using the Korean Studies Information Service System, Research Information Sharing Service, Science Direct, Google Scholar, and references in review articles. The key words were Internet addiction, (Internet) game addiction, and pathological, problematic, and excessive Internet use. Only original research papers using Korean samples published from 1999 to 2012 and officially reviewed by peers were included for analysis. Ninety-five studies meeting the inclusion criteria were identified. The magnitude of the overall effect size of the intrapersonal variables associated with internet addiction was significantly higher than that of interpersonal variables. Specifically, IA demonstrated a medium to strong association with "escape from self" and "self-identity" as self-related variables. "Attention problem", "self-control", and "emotional regulation" as control and regulation-relation variables; "addiction and absorption traits" as temperament variables; "anger" and "aggression" as emotion and mood and variables; "negative stress coping" as coping variables were also associated with comparably larger effect sizes. Contrary to our expectation, the magnitude of the correlations between relational ability and quality, parental relationships and family functionality, and IA were found to be small. The strength of the association between IA and the risk and protective factors was found to be higher in younger age groups. The findings highlight a need for closer examination of psychosocial factors, especially intrapersonal variables when assessing high-risk individuals and designing intervention strategies for both general IA and Internet game addiction.

  19. Risk and Protective Factors of Internet Addiction: A Meta-Analysis of Empirical Studies in Korea

    Science.gov (United States)

    Koo, Hoon Jung

    2014-01-01

    Purpose A meta-analysis of empirical studies performed in Korea was conducted to systematically investigate the associations between the indices of Internet addiction (IA) and psychosocial variables. Materials and Methods Systematic literature searches were carried out using the Korean Studies Information Service System, Research Information Sharing Service, Science Direct, Google Scholar, and references in review articles. The key words were Internet addiction, (Internet) game addiction, and pathological, problematic, and excessive Internet use. Only original research papers using Korean samples published from 1999 to 2012 and officially reviewed by peers were included for analysis. Ninety-five studies meeting the inclusion criteria were identified. Results The magnitude of the overall effect size of the intrapersonal variables associated with internet addiction was significantly higher than that of interpersonal variables. Specifically, IA demonstrated a medium to strong association with "escape from self" and "self-identity" as self-related variables. "Attention problem", "self-control", and "emotional regulation" as control and regulation-relation variables; "addiction and absorption traits" as temperament variables; "anger" and "aggression" as emotion and mood and variables; "negative stress coping" as coping variables were also associated with comparably larger effect sizes. Contrary to our expectation, the magnitude of the correlations between relational ability and quality, parental relationships and family functionality, and IA were found to be small. The strength of the association between IA and the risk and protective factors was found to be higher in younger age groups. Conclusion The findings highlight a need for closer examination of psychosocial factors, especially intrapersonal variables when assessing high-risk individuals and designing intervention strategies for both general IA and Internet game addiction. PMID:25323910

  20. Protection of data carriers using secure optical codes

    Science.gov (United States)

    Peters, John A.; Schilling, Andreas; Staub, René; Tompkin, Wayne R.

    2006-02-01

    Smartcard technologies, combined with biometric-enabled access control systems, are required for many high-security government ID card programs. However, recent field trials with some of the most secure biometric systems have indicated that smartcards are still vulnerable to well equipped and highly motivated counterfeiters. In this paper, we present the Kinegram Secure Memory Technology which not only provides a first-level visual verification procedure, but also reinforces the existing chip-based security measures. This security concept involves the use of securely-coded data (stored in an optically variable device) which communicates with the encoded hashed information stored in the chip memory via a smartcard reader device.

  1. Smartphone-based secure authenticated session sharing in Internet of Personal Things

    Science.gov (United States)

    Krishnan, Ram; Ninglekhu, Jiwan

    2015-03-01

    In the context of password-based authentication, a user can only memorize limited number of usernames and passwords. They are generally referred to as user-credentials. Longer character length of passwords further adds complication in mastering them. The expansion of the Internet and our growing dependency on it, has made it almost impossible for us to handle the big pool of user-credentials. Using simple, same or similar passwords is considered a poor practice, as it can easily be compromised by password cracking tools and social engineering attacks. Therefore, a robust and painless technique to manage personal credentials for websites is desirable. In this paper, a novel technique for user-credentials management via a smart mobile device such as a smartphone in a local network is proposed. We present a secure user-credential management scheme in which user's account login (username) and password associated with websites domain name is saved into the mobile device's database using a mobile application. We develop a custom browser extension application for client and use it to import user's credentials linked with the corresponding website from the mobile device via the local Wi-Fi network connection. The browser extension imports and identifies the authentication credentials and pushes them into the target TextBox locations in the webpage, ready for the user to execute. This scheme is suitably demonstrated between two personal devices in a local network.

  2. Marco Civil da Internet: Limits From the Express and Unequivocal Requirement Consent as a Legal Protection of Personal Data on the Internet

    Directory of Open Access Journals (Sweden)

    Marco Antonio Lima

    2016-10-01

    Full Text Available This article examines the limits of the legal determination of express and unequivocal consent for the collection, use, storage, processing and protection of personal data as provided for in the Marco Civil da Internet (Law 12.965/2014 provided for in the list of rights and guarantees of users of the World Wide Web. With the increasing use of personal data from the Internet, for purposes of market analysis, prospecting investment trends, consumption and guidance of advertising campaigns - possible through technological resources for treatment and analysis of information - it is urgent to effectiveness the legal protection of this intangible property.

  3. 78 FR 54588 - Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound

    Science.gov (United States)

    2013-09-05

    ... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 165 [Docket No. USCG-2012-0087] Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound AGENCY: Coast Guard, DHS... Security Zone in Commencement Bay, Tacoma, Washington from 6:00 a.m. on September 2, 2013 through 11:59 p.m...

  4. 78 FR 57485 - Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound

    Science.gov (United States)

    2013-09-19

    ... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 165 [Docket No. USCG-2012-0087] Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound AGENCY: Coast Guard, DHS... Security Zone in Commencement Bay, Tacoma, Washington from 6 a.m. on September 12, 2013 through 11:59 p.m...

  5. 76 FR 27897 - Security and Safety Zone Regulations, Large Passenger Vessel Protection, Captain of the Port...

    Science.gov (United States)

    2011-05-13

    ... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 165 [Docket No. USCG-2011-0342] Security and Safety Zone Regulations, Large Passenger Vessel Protection, Captain of the Port Columbia River... will enforce the security and safety zone in 33 CFR 165.1318 for large passenger vessels operating in...

  6. 77 FR 9528 - Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound

    Science.gov (United States)

    2012-02-17

    ... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 165 [Docket No. USCG-2012-0087] Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound AGENCY: Coast Guard, DHS... Waterway Security Zone in Commencement Bay, Tacoma, Washington from 6 a.m. on February 17, 2012, through 11...

  7. 22 CFR 1101.5 - Security, confidentiality and protection of records.

    Science.gov (United States)

    2010-04-01

    ... 22 Foreign Relations 2 2010-04-01 2010-04-01 true Security, confidentiality and protection of... Bureau of Standard's booklet “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May... STATES AND MEXICO, UNITED STATES SECTION PRIVACY ACT OF 1974 § 1101.5 Security, confidentiality and...

  8. Radiation Protection, Safety and Security Issues in Ghana

    International Nuclear Information System (INIS)

    Boadu, M. B.; Emi-Reynolds, G.; Amoako, J. K.; Hasford, F.; Akrobortu, E.

    2015-01-01

    The Radiation Protection Board was established in 1993 by PNDC Law 308 as the National Competent Authority for the regulation of radiation sources and radioactive materials in Ghana. The mandate and responsibilities of RPB are prescribed in the legislative instrument, LI 1559 issued in 1993. The operational functions of the Board are carried out by the Radiation Protection Institute, which was established to provide technical support for the enforcement of the legislative instrument. The regulatory activities include among others: – Issuance permits for the import/export of any radiation producing device and radioactive materials into/out of the country. It therefore certifies the radioactivity levels in food and the environmental samples. – Authorization and Inspection of practices using radiation sources and radioactive materials in Ghana. – Undertakes safety assessment services and enforcement actions on practices using radiation sources and radioactive materials in line with regulations. – Provides guidance and technical support in fulfilling regulatory requirement to users of radiation producing devices and radioactive materials nationwide by monitoring of monthly radiation absorbed doses for personnel working at radiation facilities. – Provides support to the management of practices in respect of nuclear and radioactive waste programme. – Calibrates radiation emitting equipment and nuclear instrumentation to ensure the safety of patients, workers and the general public. – Establish guidelines for the mounting (non-ionizing) communication masts. – Environmental monitoring (non-ionizing) programmes for communication masts. With the establishment of the national competent authority, facilities using radioactive sources and radiation emitting devices have been brought under regulatory control. Effective regulatory control of radiation emitting devices are achieved through established legal framework, independent Regulatory Authority supported by

  9. Joint force protection advanced security system (JFPASS) "the future of force protection: integrate and automate"

    Science.gov (United States)

    Lama, Carlos E.; Fagan, Joe E.

    2009-09-01

    The United States Department of Defense (DoD) defines 'force protection' as "preventive measures taken to mitigate hostile actions against DoD personnel (to include family members), resources, facilities, and critical information." Advanced technologies enable significant improvements in automating and distributing situation awareness, optimizing operator time, and improving sustainability, which enhance protection and lower costs. The JFPASS Joint Capability Technology Demonstration (JCTD) demonstrates a force protection environment that combines physical security and Chemical, Biological, Radiological, Nuclear, and Explosive (CBRNE) defense through the application of integrated command and control and data fusion. The JFPASS JCTD provides a layered approach to force protection by integrating traditional sensors used in physical security, such as video cameras, battlefield surveillance radars, unmanned and unattended ground sensors. The optimization of human participation and automation of processes is achieved by employment of unmanned ground vehicles, along with remotely operated lethal and less-than-lethal weapon systems. These capabilities are integrated via a tailorable, user-defined common operational picture display through a data fusion engine operating in the background. The combined systems automate the screening of alarms, manage the information displays, and provide assessment and response measures. The data fusion engine links disparate sensors and systems, and applies tailored logic to focus the assessment of events. It enables timely responses by providing the user with automated and semi-automated decision support tools. The JFPASS JCTD uses standard communication/data exchange protocols, which allow the system to incorporate future sensor technologies or communication networks, while maintaining the ability to communicate with legacy or existing systems.

  10. Analysis of radiological protection and security in the radioactive diagnosis area in a third level hospital

    International Nuclear Information System (INIS)

    Azorin Vega, J.C.; Aazorin Nieto, J.; Rivera Montalvo, T.

    1998-01-01

    Results from the evaluation made to radiological security and protection conditions prevailing in 13 medical diagnosis rooms with X rays at the National Nutrition Institute Zlavador Zubiran (third level hospital), aiming to give adequate protection and radiological security devices to the staff exposed from that hospital and to comply fully with requirements set by the standards

  11. 76 FR 75829 - Treasury Inflation-Protected Securities Issued at a Premium

    Science.gov (United States)

    2011-12-05

    ... Treasury Inflation-Protected Securities Issued at a Premium AGENCY: Internal Revenue Service (IRS... IRS is issuing temporary regulations that provide guidance on the tax treatment of Treasury Inflation....1275-7(d) applies to Treasury Inflation-Protected Securities (TIPS) issued with more than a de minimis...

  12. 77 FR 15319 - Treasury Inflation-Protected Securities Issued at a Premium; Hearing Cancellation

    Science.gov (United States)

    2012-03-15

    ... DEPARTMENT OF THE TREASURY Internal Revenue Service 26 CFR Part 1 [REG-130777-11] RIN 1545-BK45 Treasury Inflation-Protected Securities Issued at a Premium; Hearing Cancellation AGENCY: Internal Revenue...), providing guidance on the tax treatment of Treasury Inflation-Protected Securities issued with more than a...

  13. The development of international refugee protection through the practice of the UN Security Council

    NARCIS (Netherlands)

    Ahlborn, C.

    2010-01-01

    This paper examines the ambivalent influence of the UN Security Council’s practice on the development of international refugee protection since the early 1990s. While the international refugee protection regime did not originally foresee a role for the Security Council, the increasingly complex

  14. 10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

    Science.gov (United States)

    2010-01-01

    ... significance (Category III), and for protection of Restricted Data, National Security Information, Safeguards... 10 Energy 2 2010-01-01 2010-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED...

  15. Genetic-linked Inattentiveness Protects Individuals from Internet Overuse: A Genetic Study of Internet Overuse Evaluating Hypotheses Based on Addiction, Inattention, Novelty-seeking and Harm-avoidance

    Directory of Open Access Journals (Sweden)

    Cheng Sun

    2016-06-01

    Full Text Available The all-pervasive Internet has created serious problems, such as Internet overuse, which has triggered considerable debate over its relationship with addiction. To further explore its genetic susceptibilities and alternative explanations for Internet overuse, we proposed and evaluated four hypotheses, each based on existing knowledge of the biological bases of addiction, inattention, novelty-seeking, and harm-avoidance. Four genetic loci including DRD4 VNTR, DRD2 Taq1A, COMT Val158Met and 5-HTTLPR length polymorphisms were screened from seventy-three individuals. Our results showed that the DRD4 4R/4R individuals scored significantly higher than the 2R or 7R carriers in Internet Addiction Test (IAT. The 5-HTTLPR short/short males scored significantly higher in IAT than the long variant carriers. Bayesian analysis showed the most compatible hypothesis with the observed genetic results was based on attention (69.8%, whereas hypotheses based harm-avoidance (21.6%, novelty-seeking (7.8% and addiction (0.9% received little support. Our study suggests that carriers of alleles (DRD4 2R and 7R, 5-HTTLPR long associated with inattentiveness are more likely to experience disrupted patterns and reduced durations of Internet use, protecting them from Internet overuse. Furthermore, our study suggests that Internet overuse should be categorized differently from addiction due to the lack of shared genetic contributions.

  16. Seven layers of security to help protect biomedical research facilities.

    Science.gov (United States)

    Mortell, Norman

    2010-04-01

    In addition to risks such as theft and fire that can confront any type of business, the biomedical research community often faces additional concerns over animal rights extremists, infiltrations, data security and intellectual property rights. Given these concerns, it is not surprising that the industry gives a high priority to security. This article identifies security threats faced by biomedical research companies and shows how these threats are ranked in importance by industry stakeholders. The author then goes on to discuss seven key 'layers' of security, from the external environment to the research facility itself, and how these layers all contribute to the creation of a successfully secured facility.

  17. The research of computer network security and protection strategy

    Science.gov (United States)

    He, Jian

    2017-05-01

    With the widespread popularity of computer network applications, its security is also received a high degree of attention. Factors affecting the safety of network is complex, for to do a good job of network security is a systematic work, has the high challenge. For safety and reliability problems of computer network system, this paper combined with practical work experience, from the threat of network security, security technology, network some Suggestions and measures for the system design principle, in order to make the masses of users in computer networks to enhance safety awareness and master certain network security technology.

  18. Security of medical data transfer and storage in Internet. Cryptography, antiviral security and electronic signature problems, which must be solved in nearest future in practical context.

    Science.gov (United States)

    Kasztelowicz, Piotr; Czubenko, Marek; Zieba, Iwona

    2003-01-01

    The informatical revolution in computer age, which gives significant benefit in transfer of medical information requests to pay still more attention for aspect of network security. All known advantages of network technologies--first of all simplicity of copying, multiplication and sending information to many individuals can be also dangerous, if illegal, not permitted persons get access to medical data bases. Internet is assumed to be as especially "anarchic" medium, therefore in order to use it in professional work any security principles should be bewared. In our presentation we will try to find the optimal security solution in organisational and technological aspects for any medical network. In our opinion the harmonious co-operation between users, medical authorities and network administrators is core of the success.

  19. Differences in legislation of data privacy protection in internet marketing in USA, EU and Serbia

    Directory of Open Access Journals (Sweden)

    Markov Jasmina

    2012-01-01

    Full Text Available There is a growing number of companies that are, in its operations and dealings with consumers, turning to the Internet and using huge opportunities that it provides. Therefore, Internet marketing is now experiencing extreme expansion and it is considered to be the marketing segment that is vulnerable to intensive and continuous change. Along with the positive effects brought to both businesses and consumers, there are some negatives associated with this form of marketing, and one of them is the insufficient protection of privacy. The fact is that we must raise the level of data protection, and improve its quality. Intense changes have to be taken on the normative level, because there are still plenty of reasons for the dissatisfaction of consumers when it comes to protecting their privacy. Thus, the legislation must play a key role in building consumer confidence as well as in the establishment of a positive relationship with marketers. The aim of this paper is to show the importance of the construction of such levels of private data protection which will establish longterm partnerships between consumers, marketers and other participants in the market, since only the aforementioned relations can bring prosperity to all parties. The paper will make a comparative analysis of the legislative framework in this field in the United States, the European Union and Serbia, as well as stress still present significant backlog of Serbia in relation to the aforementioned developed countries.

  20. Building a highly available and intrusion tolerant Database Security and Protection System (DSPS).

    Science.gov (United States)

    Cai, Liang; Yang, Xiao-Hu; Dong, Jin-Xiang

    2003-01-01

    Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the server group structure to improve availability and the key distribution structure needed by proactive security. This paper detailed the implementation of proactive security in DSPS. After thorough performance analysis, the authors concluded that the performance difference between the replicated mechanism and proactive mechanism becomes smaller and smaller with increasing number of concurrent connections; and that proactive security is very useful and practical for large, critical applications.

  1. Toward a Robust Security Paradigm for Bluetooth Low Energy-Based Smart Objects in the Internet-of-Things

    Science.gov (United States)

    Cha, Shi-Cho; Chen, Jyun-Fu

    2017-01-01

    Bluetooth Low Energy (BLE) has emerged as one of the most promising technologies to enable the Internet-of-Things (IoT) paradigm. In BLE-based IoT applications, e.g., wearables-oriented service applications, the Bluetooth MAC addresses of devices will be swapped for device pairings. The random address technique is adopted to prevent malicious users from tracking the victim’s devices with stationary Bluetooth MAC addresses and accordingly the device privacy can be preserved. However, there exists a tradeoff between privacy and security in the random address technique. That is, when device pairing is launched and one device cannot actually identify another one with addresses, it provides an opportunity for malicious users to break the system security via impersonation attacks. Hence, using random addresses may lead to higher security risks. In this study, we point out the potential risk of using random address technique and then present critical security requirements for BLE-based IoT applications. To fulfill the claimed requirements, we present a privacy-aware mechanism, which is based on elliptic curve cryptography, for secure communication and access-control among BLE-based IoT objects. Moreover, to ensure the security of smartphone application associated with BLE-based IoT objects, we construct a Smart Contract-based Investigation Report Management framework (SCIRM) which enables smartphone application users to obtain security inspection reports of BLE-based applications of interest with smart contracts. PMID:29036900

  2. Toward a Robust Security Paradigm for Bluetooth Low Energy-Based Smart Objects in the Internet-of-Things

    Directory of Open Access Journals (Sweden)

    Shi-Cho Cha

    2017-10-01

    Full Text Available Bluetooth Low Energy (BLE has emerged as one of the most promising technologies to enable the Internet-of-Things (IoT paradigm. In BLE-based IoT applications, e.g., wearables-oriented service applications, the Bluetooth MAC addresses of devices will be swapped for device pairings. The random address technique is adopted to prevent malicious users from tracking the victim’s devices with stationary Bluetooth MAC addresses and accordingly the device privacy can be preserved. However, there exists a tradeoff between privacy and security in the random address technique. That is, when device pairing is launched and one device cannot actually identify another one with addresses, it provides an opportunity for malicious users to break the system security via impersonation attacks. Hence, using random addresses may lead to higher security risks. In this study, we point out the potential risk of using random address technique and then present critical security requirements for BLE-based IoT applications. To fulfill the claimed requirements, we present a privacy-aware mechanism, which is based on elliptic curve cryptography, for secure communication and access-control among BLE-based IoT objects. Moreover, to ensure the security of smartphone application associated with BLE-based IoT objects, we construct a Smart Contract-based Investigation Report Management framework (SCIRM which enables smartphone application users to obtain security inspection reports of BLE-based applications of interest with smart contracts.

  3. Toward a Robust Security Paradigm for Bluetooth Low Energy-Based Smart Objects in the Internet-of-Things.

    Science.gov (United States)

    Cha, Shi-Cho; Yeh, Kuo-Hui; Chen, Jyun-Fu

    2017-10-14

    Bluetooth Low Energy (BLE) has emerged as one of the most promising technologies to enable the Internet-of-Things (IoT) paradigm. In BLE-based IoT applications, e.g., wearables-oriented service applications, the Bluetooth MAC addresses of devices will be swapped for device pairings. The random address technique is adopted to prevent malicious users from tracking the victim's devices with stationary Bluetooth MAC addresses and accordingly the device privacy can be preserved. However, there exists a tradeoff between privacy and security in the random address technique. That is, when device pairing is launched and one device cannot actually identify another one with addresses, it provides an opportunity for malicious users to break the system security via impersonation attacks. Hence, using random addresses may lead to higher security risks. In this study, we point out the potential risk of using random address technique and then present critical security requirements for BLE-based IoT applications. To fulfill the claimed requirements, we present a privacy-aware mechanism, which is based on elliptic curve cryptography, for secure communication and access-control among BLE-based IoT objects. Moreover, to ensure the security of smartphone application associated with BLE-based IoT objects, we construct a Smart Contract-based Investigation Report Management framework (SCIRM) which enables smartphone application users to obtain security inspection reports of BLE-based applications of interest with smart contracts.

  4. Using Internet search behavior to assess public awareness of protected wetlands.

    Science.gov (United States)

    Do, Yuno; Kim, Ji Yoon; Lineman, Maurice; Kim, Dong-Kyun; Joo, Gea-Jae

    2015-02-01

    Improving public awareness of protected wetlands facilitates sustainable wetland management, which depends on public participation. One way of gauging public interest is by tracking Internet search behavior (ISB). We assessed public awareness of issues related to protected wetland areas (PWAs) in South Korea by examining the frequencies of specific queries (PWAs, Ramsar, Upo wetland, Sunchon Bay, etc.) using relative search volumes (RSVs) obtained from an Internet search engine. RSV shows how many times a search term is used relative to a second search term during a specific period. Public awareness of PWAs changed from 2007 to 2013. Initially the majority of Internet searches were related to the most well-known tidal and inland wetlands Sunchon Bay and Upo wetlands, which are the largest existing wetlands in Korea with the greatest historical exposure. Public awareness, as reflected in RSVs, of wetlands increased significantly following PWA designation for the wetlands in 2008, which followed the Ramsar 10th Conference of Contracting Parties to the Convention on Wetlands (COP10) meeting. Public interest was strongly correlated to the number of news articles in the popular media, as evidenced by the increase in Internet searches for specific wetlands and words associated with specific wetlands. Correspondingly, the number of visitors to specific wetlands increased. To increase public interest in wetlands, wetland aspects that enhance wetland conservation should be promoted by the government and enhanced via public education. Our approach can be used to gauge public awareness and participation in a wide range of conservation efforts. © 2014 Society for Conservation Biology.

  5. Kid's Privacy on the Internet : Collecting Children's Personal Data on the Internet and the Protection of Privacy

    NARCIS (Netherlands)

    Nouwt, J.

    2002-01-01

    The children of today are growing up with the Internet. At the same time, there is a lot of uncertainty and ignorance about collecting personal data from children on the Internet, for example for direct marketing purposes. There is also much uncertainty and ignorance about the applicability of data

  6. Secure transfer of surveillance data over Internet using Virtual Private Network technology. Field trial between STUK and IAEA

    International Nuclear Information System (INIS)

    Smartt, H.; Martinez, R.; Caskey, S.; Honkamaa, T.; Ilander, T.; Poellaenen, R.; Jeremica, N.; Ford, G.

    2000-01-01

    One of the primary concerns of employing remote monitoring technologies for IAEA safeguards applications is the high cost of data transmission. Transmitting data over the Internet has been shown often to be less expensive than other data transmission methods. However, data security of the Internet is often considered to be at a low level. Virtual Private Networks has emerged as a solution to this problem. A field demonstration was implemented to evaluate the use of Virtual Private Networks (via the Internet) as a means for data transmission. Evaluation points included security, reliability and cost. The existing Finnish Remote Environmental Monitoring System, located at the STUK facility in Helsinki, Finland, served as the field demonstration system. Sandia National Laboratories (SNL) established a Virtual Private Network between STUK (Radiation and Nuclear Safety Authority) Headquarters in Helsinki, Finland, and IAEA Headquarters in Vienna, Austria. Data from the existing STUK Remote Monitoring System was viewed at the IAEA via this network. The Virtual Private Network link was established in a proper manner, which guarantees the data security. Encryption was verified using a network sniffer. No problems were? encountered during the test. In the test system, fixed costs were higher than in the previous system, which utilized telephone lines. On the other hand transmission and operating costs are very low. Therefore, with low data amounts, the test system is not cost-effective, but if the data amount is tens of Megabytes per day the use of Virtual Private Networks and Internet will be economically justifiable. A cost-benefit analysis should be performed for each site due to significant variables. (orig.)

  7. Protecting human health and security in digital Europe: how to deal with the "privacy paradox"?

    Science.gov (United States)

    Büschel, Isabell; Mehdi, Rostane; Cammilleri, Anne; Marzouki, Yousri; Elger, Bernice

    2014-09-01

    This article is the result of an international research between law and ethics scholars from Universities in France and Switzerland, who have been closely collaborating with technical experts on the design and use of information and communication technologies in the fields of human health and security. The interdisciplinary approach is a unique feature and guarantees important new insights in the social, ethical and legal implications of these technologies for the individual and society as a whole. Its aim is to shed light on the tension between secrecy and transparency in the digital era. A special focus is put from the perspectives of psychology, medical ethics and European law on the contradiction between individuals' motivations for consented processing of personal data and their fears about unknown disclosure, transferal and sharing of personal data via information and communication technologies (named the "privacy paradox"). Potential benefits and harms for the individual and society resulting from the use of computers, mobile phones, the Internet and social media are being discussed. Furthermore, the authors point out the ethical and legal limitations inherent to the processing of personal data in a democratic society governed by the rule of law. Finally, they seek to demonstrate that the impact of information and communication technology use on the individuals' well-being, the latter being closely correlated with a high level of fundamental rights protection in Europe, is a promising feature of the socalled "e-democracy" as a new way to collectively attribute meaning to large-scale online actions, motivations and ideas.

  8. Protecting livelihoods, boosting food security in Kenya | IDRC ...

    International Development Research Centre (IDRC) Digital Library (Canada)

    Switching to Sudan grass for livestock fodder will increase food security in Kenya Farmers learned new techniques for producing livestock fodder, with important outcomes for household food security. ... The company provided drip kits to 300 farmers in Tana River for chilli production (through loans of US$74 per kit).

  9. An Analysis of Fraud on the Internet.

    Science.gov (United States)

    Baker, C. Richard

    1999-01-01

    Examines the issue of fraud on the Internet and discusses three areas with significant potential for misleading and fraudulent practices: securities sales and trading; electronic commerce, including privacy and information protection; and the rapid growth of Internet companies, including advertising issues. (Author/LRW)

  10. A Crowd-Based Intelligence Approach for Measurable Security, Privacy, and Dependability in Internet of Automated Vehicles with Vehicular Fog

    Directory of Open Access Journals (Sweden)

    Ashish Rauniyar

    2018-01-01

    Full Text Available With the advent of Internet of things (IoT and cloud computing technologies, we are in the era of automation, device-to-device (D2D and machine-to-machine (M2M communications. Automated vehicles have recently gained a huge attention worldwide, and it has created a new wave of revolution in automobile industries. However, in order to fully establish automated vehicles and their connectivity to the surroundings, security, privacy, and dependability always remain a crucial issue. One cannot deny the fact that such automatic vehicles are highly vulnerable to different kinds of security attacks. Also, today’s such systems are built from generic components. Prior analysis of different attack trends and vulnerabilities enables us to deploy security solutions effectively. Moreover, scientific research has shown that a “group” can perform better than individuals in making decisions and predictions. Therefore, this paper deals with the measurable security, privacy, and dependability of automated vehicles through the crowd-based intelligence approach that is inspired from swarm intelligence. We have studied three use case scenarios of automated vehicles and systems with vehicular fog and have analyzed the security, privacy, and dependability metrics of such systems. Our systematic approaches to measuring efficient system configuration, security, privacy, and dependability of automated vehicles are essential for getting the overall picture of the system such as design patterns, best practices for configuration of system, metrics, and measurements.

  11. Zephyr: A secure Internet-based process to streamline engineering procurements using the World Wide Web

    Energy Technology Data Exchange (ETDEWEB)

    Jordan, C.W.; Cavitt, R.E.; Niven, W.A.; Warren, F.E.; Taylor, S.S.; Sharick, T.M.; Vickers, D.L.; Mitschkowetz, N.; Weaver, R.L.

    1996-08-13

    Lawrence Livermore National Laboratory (LLNL) is piloting an Internet- based paperless process called `Zephyr` to streamline engineering procurements. Major benefits have accrued by using Zephyr in reducing procurement time, speeding the engineering development cycle, facilitating industrial collaboration, and reducing overall costs. Programs at LLNL are benefiting by the efficiencies introduced since implementing Zephyr`s engineering and commerce on the Internet.

  12. Cyber Security Analysis by Attack Trees for a Reactor Protection System

    International Nuclear Information System (INIS)

    Park, Gee-Yong; Lee, Cheol Kwon; Choi, Jong Gyun; Kim, Dong Hoon; Lee, Young Jun; Kwon, Kee-Choon

    2008-01-01

    As nuclear facilities are introducing digital systems, the cyber security becomes an emerging topic to be analyzed and resolved. The domestic and other nation's regulatory bodies notice this topic and are preparing an appropriate guidance. The nuclear industry where new construction or upgrade of I and C systems is planned is analyzing and establishing a cyber security. A risk-based analysis for the cyber security has been performed in the KNICS (Korea Nuclear I and C Systems) project where the cyber security analysis has been applied to a reactor protection system (RPS). In this paper, the cyber security analysis based on the attack trees is proposed for the KNICS RPS

  13. Towards Self-Awareness Privacy Protection for Internet of Things Data Collection

    Directory of Open Access Journals (Sweden)

    Kok-Seng Wong

    2014-01-01

    Full Text Available The Internet of Things (IoT is now an emerging global Internet-based information architecture used to facilitate the exchange of goods and services. IoT-related applications are aiming to bring technology to people anytime and anywhere, with any device. However, the use of IoT raises a privacy concern because data will be collected automatically from the network devices and objects which are embedded with IoT technologies. In the current applications, data collector is a dominant player who enforces the secure protocol that cannot be verified by the data owners. In view of this, some of the respondents might refuse to contribute their personal data or submit inaccurate data. In this paper, we study a self-awareness data collection protocol to raise the confidence of the respondents when submitting their personal data to the data collector. Our self-awareness protocol requires each respondent to help others in preserving his privacy. The communication (respondents and data collector and collaboration (among respondents in our solution will be performed automatically.

  14. Extending Mobile Security Robots to Force Protection Missions

    National Research Council Canada - National Science Library

    Carroll, Daniel

    2002-01-01

    ...) sites for physical security and automated inventory missions MDARS was initiated in 1989 to improve the effectiveness of a shrinking guard force, but was quickly expanded to address the intensive...

  15. Physical protection solutions for security problems at nuclear power plants

    International Nuclear Information System (INIS)

    Darby, J.L.; Jacobs, J.

    1980-09-01

    Under Department of Energy sponsorship, Sandia National Laboratories has developed a broad technological base of components and integrated systems to address security concerns at facilities of importance, including nuclear reactors. The primary security concern at a light water reactor is radiological sabotage, a deliberate set of actions at a plant which could expose the public to a significant amount of radiation (on the order of 10 CFR 100 limits)

  16. 76 FR 34732 - Privacy Act of 1974; Department of Homeland Security/National Protection and Programs Directorate...

    Science.gov (United States)

    2011-06-14

    ... 1974; Department of Homeland Security/National Protection and Programs Directorate--002 Chemical... Homeland Security/National Protection and Programs Directorate--002 Chemical Facility Anti-Terrorism.... 552a, the Department of Homeland Security (DHS)/National Protection and Programs Directorate (NPPD...

  17. Internet enlightens; Internet eclaire

    Energy Technology Data Exchange (ETDEWEB)

    Figueiredo, S. [Institut de Radioprotection et de Surete Nucleaire (IRSN), 92 - Fontenay-aux-Roses (France)

    2009-07-15

    Numerous Internet sites are given in relation with radiotherapy, nuclear activity, radiation protection, and environment shared by sites in France, Europe, big agencies and non-ionizing radiations. (N.C.)

  18. Internet enlightens; Internet eclaire

    Energy Technology Data Exchange (ETDEWEB)

    Figueiredo, S. [Societe Francaise de Radioprotection, 75 - Paris (France)

    2008-04-15

    Numerous Internet sites are given in relation with radiotherapy, nuclear activity, radiation protection,radioecology, nuclear laws. To note three sites treat the accident of radiotherapy arisen to Toulouse. (N.C.)

  19. Internet enlightens; Internet eclaire

    Energy Technology Data Exchange (ETDEWEB)

    Anon.

    2010-01-15

    This part of the issue gives Internet addresses in relation with nuclear energy, safety, radiation protection, legislation, at the national level and European and international level. A special part is devoted to non ionizing radiation. (N.C.)

  20. Internet enlightens; Internet eclaire

    Energy Technology Data Exchange (ETDEWEB)

    Figueiredo, S. [Institut de Radioprotection et de Surete Nucleaire, IRSN, 92 - Fontenay aux Roses (France)

    2009-10-15

    Numerous Internet sites are given in relation with radiotherapy, nuclear medicine and ionizing radiation, nuclear activity, radiation protection for populations, radioactive waste management in France and Europe. (N.C.)

  1. Including Internet insurance as part of a hospital computer network security plan.

    Science.gov (United States)

    Riccardi, Ken

    2002-01-01

    Cyber attacks on a hospital's computer network is a new crime to be reckoned with. Should your hospital consider internet insurance? The author explains this new phenomenon and presents a risk assessment for determining network vulnerabilities.

  2. Sandia's experience in designing and implementing integrated high security physical protection systems

    International Nuclear Information System (INIS)

    Caskey, D.L.

    1986-01-01

    As DOE's lead laboratory for physical security, Sandia National Laboratories has had a major physical security program for over ten years. Activities have ranged from component development and evaluation, to full scale system design and implementation. This paper presents some of the lessons learned in designing and implementing state-of-the-art high security physical protection systems for a number of government facilities. A generic system design is discussed for illustration purposes. Sandia efforts to transfer technology to industry are described

  3. Convergence of Secure Vehicular Ad-Hoc Network and Cloud in Internet of Things

    DEFF Research Database (Denmark)

    Kulkarni, Nandkumar P.; Prasad, Neeli R.; Lin, Tao

    2016-01-01

    that VANET could be the basis of many new applications in the field of Internet of Things (IoT). The applications of VANET are not limited to be the driver for safety, traffic management, entertainment, commerce, etc. In the future, VANETs are expected to transport the enormous amount of information. Some......-as-a-Service (STaaS), Platform-as-a-Service (PaaS), etc. over the internet via Cloud vendors....

  4. Security risk assessment and protection in the chemical and process industry

    OpenAIRE

    Reniers, Genserik; van Lerberghe, Paul; van Gulijk, Coen

    2014-01-01

    This article describes a security risk assessment and protection methodology that was developed for use in the chemical- and process industry in Belgium. The approach of the method follows a risk-based approach that follows desing principles for chemical safety. That approach is beneficial for workers in the chemical industry because they recognize the steps in this model from familiar safety models .The model combines the rings-of-protection approach with generic security practices including...

  5. Protection of minority interest and the development of security markets

    NARCIS (Netherlands)

    Modigliani, F.; Perotti, E.C.

    1997-01-01

    While excessive regulation is an obstacle to the development of financial markets, we argue that lack of basic rules or poorly enforced regulation may explain the relative importance across countries of banking and security markets in financing firms. A selective or arbitrary enforcement transforms

  6. Social Security Disability Insurance: Essential Protection when Work Incapacity Strikes

    Science.gov (United States)

    Reno, Virginia P.; Ekman, Lisa D.

    2012-01-01

    Social Security Disability Insurance (SSDI) is an essential lifeline for millions of Americans. Without it, many families would be in deep financial distress. SSDI is insurance that workers pay for through premiums deducted from their pay. In return, workers gain the right to monthly benefits if a disabling condition ends their capacity to earn a…

  7. Recovering Data from Password Protected Data Security Applications in Android Based Smartphones

    Directory of Open Access Journals (Sweden)

    Hammad Riaz

    2016-06-01

    Full Text Available The standard method of mobile forensic analysis is to attach the mobile device to forensic tools and to perform logical, file system, or physical extraction. A hindrance in analysis arises if the mobile is not properly supported or data in the handset is secured using data security android applications. The techniques discussed in this paper help in the analysis and extraction of data files secured using data hiding password protected android based applications. A few well known data protection android applications are analyzed. The analysis was performed on both partially supported and fully supported sets.

  8. Develop a solution for protecting and securing enterprise networks from malicious attacks

    Science.gov (United States)

    Kamuru, Harshitha; Nijim, Mais

    2014-05-01

    In the world of computer and network security, there are myriad ways to launch an attack, which, from the perspective of a network, can usually be defined as "traffic that has huge malicious intent." Firewall acts as one of the measure in order to secure the device from incoming unauthorized data. There are infinite number of computer attacks that no firewall can prevent, such as those executed locally on the machine by a malicious user. From the network's perspective, there are numerous types of attack. All the attacks that degrade the effectiveness of data can be grouped into two types: brute force and precision. The Firewall that belongs to Juniper has the capability to protect against both types of attack. Denial of Service (DoS) attacks are one of the most well-known network security threats under brute force attacks, which is largely due to the high-profile way in which they can affect networks. Over the years, some of the largest, most respected Internet sites have been effectively taken offline by Denial of Service (DOS) attacks. A DoS attack typically has a singular focus, namely, to cause the services running on a particular host or network to become unavailable. Some DoS attacks exploit vulnerabilities in an operating system and cause it to crash, such as the infamous Win nuke attack. Others submerge a network or device with traffic so that there are no more resources to handle legitimate traffic. Precision attacks typically involve multiple phases and often involves a bit more thought than brute force attacks, all the way from reconnaissance to machine ownership. Before a precision attack is launched, information about the victim needs to be gathered. This information gathering typically takes the form of various types of scans to determine available hosts, networks, and ports. The hosts available on a network can be determined by ping sweeps. The available ports on a machine can be located by port scans. Screens cover a wide variety of attack traffic

  9. Proposed Embedded Security Framework for Internet of Things (IoT)

    DEFF Research Database (Denmark)

    Babar, Sachin D.; Stango, Antonietta; Prasad, Neeli R.

    2011-01-01

    IoT is going to be an established part of life by extending the communication and networking anytime, anywhere. Security requirements for IoT will certainly underline the importance of properly formulated, implemented, and enforced security policies throughout their life-cycle. This paper gives...

  10. IP Security für Linux

    OpenAIRE

    Parthey, Mirko

    2001-01-01

    Die Nutzung des Internet für sicherheitskritische Anwendungen erfordert kryptographische Schutzmechanismen. IP Security (IPsec) definiert dafür geeignete Protokolle. Diese Arbeit gibt einen Überblick über IPsec. Eine IPsec-Implementierung für Linux (FreeS/WAN) wird auf Erweiterbarkeit und Praxistauglichkeit untersucht. Using the Internet in security-critical areas requires cryptographic protection, for which IP Security (IPsec) defines suitable protocols. This paper gives an overview of IP...

  11. Security and health protection during the transport of hazardous substances

    International Nuclear Information System (INIS)

    Benkovic, Z.; Bobic, V.

    2009-01-01

    The introduction of this work describes the legal regulations which regulate the conditions and method of the transport of hazardous substances, necessary documentation for storage, forwarding and transport. Hazardous substances are defined and classified according to the ADR. The necessary security measures which are taken for the transport of particular types of hazardous substances are mentioned. Marking and labeling of vehicles for the transport of hazardous substances (plates and lists of hazards), packing and marking of packaging is important. The safety measures which are taken at the filling stations of combustible liquids as well as places specially organized for filling, prohibitions and limitations and necessary transport documentation are mentioned. It is visible from the above mentioned that the activity of the whole security chain is necessary and depends on the good knowledge of basic characteristics and features of substances. All the participants in the security chain have to be familiar with and consistently obey the legal regulations. The manufacturer must know the features of the hazardous substance, supervisory services must be acquainted with the threat and potential danger. The hauler and intervention forces must, in case of accidents and damage, be familiar with the emergency procedures in case of accidents and act properly regarding the threatening dangerous substance.(author)

  12. Taiwan's perspective on electronic medical records' security and privacy protection: lessons learned from HIPAA.

    Science.gov (United States)

    Yang, Che-Ming; Lin, Herng-Ching; Chang, Polun; Jian, Wen-Shan

    2006-06-01

    The protection of patients' health information is a very important concern in the information age. The purpose of this study is to ascertain what constitutes an effective legal framework in protecting both the security and privacy of health information, especially electronic medical records. All sorts of bills regarding electronic medical data protection have been proposed around the world including Health Insurance Portability and Accountability Act (HIPAA) of the U.S. The trend of a centralized bill that focuses on managing computerized health information is the part that needs our further attention. Under the sponsor of Taiwan's Department of Health (DOH), our expert panel drafted the "Medical Information Security and Privacy Protection Guidelines", which identifies nine principles and entails 12 articles, in the hope that medical organizations will have an effective reference in how to manage their medical information in a confidential and secured fashion especially in electronic transactions.

  13. 76 FR 3014 - Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound, WA

    Science.gov (United States)

    2011-01-19

    ... Coast Guard will enforce the Blair Waterway security zone in Commencement Bay, WA for protection of... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 165 [Docket No. USCG-2011-0015] Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound, WA AGENCY: Coast Guard, DHS...

  14. 76 FR 66940 - Privacy Act of 1974; Department of Homeland Security/United States Secret Service-004 Protection...

    Science.gov (United States)

    2011-10-28

    ... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2011-0083] Privacy Act of 1974; Department of Homeland Security/United States Secret Service--004 Protection Information System... Security (DHS)/United States Secret Service (USSS)-004 System name: DHS/USSS-004 Protection Information...

  15. 33 CFR 165.1321 - Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound, WA.

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Security Zone; Protection of... Areas Thirteenth Coast Guard District § 165.1321 Security Zone; Protection of Military Cargo, Captain of... Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) PORTS AND WATERWAYS SAFETY...

  16. 17 CFR 240.15c3-3 - Customer protection-reserves and custody of securities.

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Customer protection-reserves... Markets § 240.15c3-3 Customer protection—reserves and custody of securities. (a) Definitions. For the... the dealer as to that collateral; (iii) The Securities Investor Protection Act of 1970 (15 U.S.C...

  17. Social Protection for Enhanced Food Security in Sub-Saharan Africa

    OpenAIRE

    Stephen Devereux

    2012-01-01

    This paper identifies several positive synergies between social protection programmes and food security outcomes. One function of social protection is to manage and reduce vulnerability, and several instruments are reviewed – weather-indexed insurance, public works programmes, emergency food aid and buffer stock management – which all contribute to stabilising income and access to food across good and bad years, or between the harvest and the hungry season. Other social protection instruments...

  18. Electronic Contracts and the Personal data Protection of the Consumer: Sources Dialogue Between the Consumer Protection Code and the Internet Civil Mark.

    Directory of Open Access Journals (Sweden)

    Rosane Leal Da Silva

    2016-10-01

    Full Text Available This paper analyzes the personal data protection of the consumer and your vulnerability in interactive electronic contracts, aiming to point means of defense. For this, uses the deductive approach and starts of the electronic contracting to discuss the legal protection of the consumer in light of the capturing and processing of personal data by the furnisher. Considering the absence of law about personal data, concludes that electronic contracting expands the consumer vulnerability, which requires the principles application of the Consumer Protection Code, adding the Internet Civil Mark in relation to the privacy protection.

  19. Cyber security deterrence and it protection for critical infrastructures

    CERN Document Server

    Martellini, Maurizio

    2013-01-01

    The experts of the International Working Group-Landau Network Centro Volta (IWG-LNCV) discuss aspects of cyber security and present possible methods of deterrence, defense and resilience against cyber attacks. This SpringerBrief covers state-of-the-art documentation on the deterrence power of cyber attacks and argues that nations are entering a new cyber arms race. The brief also provides a technical analysis of possible cyber attacks towards critical infrastructures in the chemical industry and chemical safety industry. The authors also propose modern analyses and a holistic approach to resil

  20. Ensuring freedoms and protecting rights in the governance of the Internet : a comparative analysis of blocking measures and Internet Providers’ Removal of Illegal Internet Content

    NARCIS (Netherlands)

    Parti, K.; Marin, Luisa

    2013-01-01

    Removing illegal or harmful material from the internet has been pursued for more than two decades. The advent of Web 2.0, with the prominent increase and diffusion of user-generated content, amplifies the necessity for technical and legal frameworks enabling the removal of illegal material from the

  1. Deploying Difference: Security Threat Narratives and State Displacement from Protected Areas

    Directory of Open Access Journals (Sweden)

    Elizabeth Lunstrum

    2018-01-01

    Full Text Available State actors are increasingly treating protected areas as sites of security threats and policing resident communities as though they are the cause of this insecurity. This is translating into community eviction from protected areas that is authorised by security concerns and logics and hence not merely conservation concerns. We ground this claim by drawing upon empirical work from two borderland conservation areas: Mozambique's Limpopo National Park (LNP and Guatemala's Maya Biosphere Reserve (MBR. In both cases, we show how these security-provoked evictions are authorised by the mobilisation of interlocking axes of difference that articulate notions of territorial trespass with that of a racialised enemy. Rather than a new problem or phenomena, we show how these axes are rooted in prior histories of state actors rendering racialised subjects dangerous, Cold War histories in both cases and a longer colonial history with the LNP. We also show how standing behind these evictions is the nation-state and its practices of protected area territorialisation. From here, we illustrate how the rationale behind displacement from protected areas matters, as evictions become more difficult to contest once they are authorised by security considerations. The cases, however, differ in one key respect. While displacement from the LNP is an instance of conservation-induced displacement (CID, although one re-worked by security considerations, eviction from the MBR is motivated more centrally by security concerns yet takes advantage of protected area legislation. The study hence offers insight into a growing literature on conservation-security encounters and into different articulations of conservation, security, and displacement.

  2. Protecting intellectual property in space; Proceedings of the Aerospace Computer Security Conference, McLean, VA, March 20, 1985

    Science.gov (United States)

    1985-01-01

    The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.

  3. Protecting smallholders' food security by improving soils | CRDI ...

    International Development Research Centre (IDRC) Digital Library (Canada)

    The resilience of farming systems to climate change and variability depends upon healthy soil. ... communities I know already struggle with perennial food deficits and limited .... Protection de la sécurité alimentaire des petits exploitants grâce à ...

  4. Safe and secure South Africa. Vehicle landmine protection validation testing

    CSIR Research Space (South Africa)

    Reinecke, JD

    2008-11-01

    Full Text Available The objective of this paper is to provide an overview of vehicle landmine protection validation testing in South Africa. A short history of validation test standards is given, followed by a summary of current open test standards in general use...

  5. SMART HOME SECURITY SOLUTIONS BASED ON INTERNET OF THINGS (IOT) USING WIFI INTERFACE

    OpenAIRE

    Bhavna1, Dr. Neetu Sharma2

    2018-01-01

    Smart home system is very popular in modern days that give many kind of application that make everything is simple and easy to control. In modern day, home appliances are using wireless technology and can be accessed by internet that will make residents life easier and organized. IoT-based Home Automation System is designed to assist the people with physical disabilities and elderly to provide support as well as to control the electrical appliances and monitor the room temperature using mobil...

  6. Security and Privacy in the Medical Internet of Things: A Review

    OpenAIRE

    Sun, Wencheng; Cai, Zhiping; Li, Yangyang; Liu, Fang; Fang, Shengqun; Wang, Guoyan

    2018-01-01

    Medical Internet of Things, also well known as MIoT, is playing a more and more important role in improving the health, safety, and care of billions of people after its showing up. Instead of going to the hospital for help, patients’ health-related parameters can be monitored remotely, continuously, and in real time, then processed, and transferred to medical data center, such as cloud storage, which greatly increases the efficiency, convenience, and cost performance of healthcare. The amount...

  7. Radiation Protection, Safety and Security Issues in Ghana.

    Science.gov (United States)

    Boadu, Mary; Emi-Reynolds, Geoffrey; Amoako, Joseph Kwabena; Akrobortu, Emmanuel; Hasford, Francis

    2016-11-01

    Although the use of radioisotopes in Ghana began in 1952, the Radiation Protection Board of Ghana was established in 1993 and served as the national competent authority for authorization and inspection of practices and activities involving radiation sources until 2015. The law has been superseded by an Act of Parliament, Act 895 of 2015, mandating the Nuclear Regulatory Authority of Ghana to take charge of the regulation of radiation sources and their applications. The Radiation Protection Institute in Ghana provided technical support to the regulatory authority. Regulatory and service activities that were undertaken by the Institute include issuance of permits for handling of a radiation sources, authorization and inspection of radiation sources, radiation safety assessment, safety assessment of cellular signal towers, and calibration of radiation-emitting equipment. Practices and activities involving application of radiation are brought under regulatory control in the country through supervision by the national competent authority.

  8. Los Alamos National Laboratory Facilities, Security and Safeguards Division, Safeguards and Security Program Office, Protective Force Oversight Program

    International Nuclear Information System (INIS)

    1995-01-01

    The purpose of this document is to identify and describe the duties and responsibilities of Facility Security and Safeguards (FSS) Safeguards and Security (SS) organizations (groups/offices) with oversight functions over the Protection Force (PF) subcontractor. Responsible organizations will continue their present PF oversight functions under the Cost Plus Award Fee (CPAF) assessment, but now will be required to also coordinate, integrate, and interface with other FSS S and S organizations and with the PF subcontractor to measure performance, assess Department of Energy (DOE) compliance, reduce costs, and minimize duplication of effort. The role of the PF subcontractor is to provide the Laboratory with effective and efficient protective force services. PF services include providing protection for the special nuclear material, government property and classified or sensitive information developed and/or consigned to the Laboratory, as well as protection for personnel who work or participate in laboratory activities. FSS S and S oversight of both performance and compliance standards/metrics is essential for these PF objectives to be met

  9. [Application of classified protection of information security in the information system of air pollution and health impact monitoring].

    Science.gov (United States)

    Hao, Shuxin; Lü, Yiran; Liu, Jie; Liu, Yue; Xu, Dongqun

    2018-01-01

    To study the application of classified protection of information security in the information system of air pollution and health impact monitoring, so as to solve the possible safety risk of the information system. According to the relevant national standards and requirements for the information system security classified protection, and the professional characteristics of the information system, to design and implement the security architecture of information system, also to determine the protection level of information system. Basic security measures for the information system were developed in the technical safety and management safety aspects according to the protection levels, which effectively prevented the security risk of the information system. The information system established relatively complete information security protection measures, to enhanced the security of professional information and system service, and to ensure the safety of air pollution and health impact monitoring project carried out smoothly.

  10. Charting a Security Landscape in the Clouds: Data Protection and Collaboration in Cloud Storage

    Science.gov (United States)

    2016-07-01

    strength of specific cryptographic primitives used such as Advanced Encryption Standard ( AES ); protection of keys and key materials beyond the protocol...Advanced Encryption Standard ( AES ) with a 256-bit key instead of a 128-bit key for example, is not a particularly insightful observation. Rather, this... AES Advanced Encryption Standard TLS/SSL Transport Layer Security/Security Socket Layer 35 REFERENCES [1] International Data Corporation

  11. Data Protection and the Prevention of Cybercrime: The EU as an area of security?

    OpenAIRE

    PORCEDDA, Maria Grazia

    2012-01-01

    (This working paper is a revised version of Ms. Porcedda's EUI LL.M. thesis, 2012.) Cybercrime and cyber-security are attracting increasing attention, both for the relevance of Critical Information Infrastructure to the national economy and security, and the interplay of the policies tackling them with ‘ICT sensitive’ liberties, such as privacy and data protection. This study addresses the subject in two ways. On the one hand, it aims to cast light on the (legal substantive) nature of, ...

  12. THE PROTECTION OF CONSUMER RIGHTS FOR AVIATION SAFETY AND SECURITY IN INDONESIA AND MALAYSIA

    OpenAIRE

    Annalisa Yahanan; Febrian Febrian; Rohani Abdul Rahim

    2017-01-01

    Indonesia and Malaysia have a good potency for cooperation in aviation industry. It can be seen in the establishing two aviation companies namely PT. Indonesia Air Asia and Malindo which both are low-cost carrier. These aviation industries are categorized as low-cost carrier, however safety and security are absolute factors because these are rights for consumers. This article will describe further about safety and security standard; protecting the rights for consumers in connection with safet...

  13. The Protection of Consumer Rights for Aviation Safety and Security in Indonesia and Malaysia

    OpenAIRE

    Yahanan, Annalisa; Febrian, Febrian; Rahim, Rohani Abdul

    2017-01-01

    Indonesia and Malaysia have a good potency for cooperation in aviation industry. It can be seen in the establishing two aviation companies namely PT. Indonesia Air Asia and Malindo which both are low-cost carrier. These aviation industries are categorized as low-cost carrier, however safety and security are absolute factors because these are rights for consumers. This article will describe further about safety and security standard; protecting the rights for consumers in connection with safet...

  14. Security central processing unit applications in the protection of nuclear facilities

    International Nuclear Information System (INIS)

    Goetzke, R.E.

    1987-01-01

    New or upgraded electronic security systems protecting nuclear facilities or complexes will be heavily computer dependent. Proper planning for new systems and the employment of new state-of-the-art 32 bit processors in the processing of subsystem reports are key elements in effective security systems. The processing of subsystem reports represents only a small segment of system overhead. In selecting a security system to meet the current and future needs for nuclear security applications the central processing unit (CPU) applied in the system architecture is the critical element in system performance. New 32 bit technology eliminates the need for program overlays while providing system programmers with well documented program tools to develop effective systems to operate in all phases of nuclear security applications

  15. Cyber Security Analysis by Attack Trees for a Reactor Protection System

    Energy Technology Data Exchange (ETDEWEB)

    Park, Gee-Yong; Lee, Cheol Kwon; Choi, Jong Gyun; Kim, Dong Hoon; Lee, Young Jun; Kwon, Kee-Choon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2008-10-15

    As nuclear facilities are introducing digital systems, the cyber security becomes an emerging topic to be analyzed and resolved. The domestic and other nation's regulatory bodies notice this topic and are preparing an appropriate guidance. The nuclear industry where new construction or upgrade of I and C systems is planned is analyzing and establishing a cyber security. A risk-based analysis for the cyber security has been performed in the KNICS (Korea Nuclear I and C Systems) project where the cyber security analysis has been applied to a reactor protection system (RPS). In this paper, the cyber security analysis based on the attack trees is proposed for the KNICS RPS.

  16. Privacy and Security Issues Surrounding the Protection of Data Generated by Continuous Glucose Monitors.

    Science.gov (United States)

    Britton, Katherine E; Britton-Colonnese, Jennifer D

    2017-03-01

    Being able to track, analyze, and use data from continuous glucose monitors (CGMs) and through platforms and apps that communicate with CGMs helps achieve better outcomes and can advance the understanding of diabetes. The risks to patients' expectation of privacy are great, and their ability to control how their information is collected, stored, and used is virtually nonexistent. Patients' physical security is also at risk if adequate cybersecurity measures are not taken. Currently, data privacy and security protections are not robust enough to address the privacy and security risks and stymies the current and future benefits of CGM and the platforms and apps that communicate with them.

  17. Avoiding the internet of insecure industrial things

    OpenAIRE

    Urquhart, Lachlan; McAuley, Derek

    2018-01-01

    Security incidents such as targeted distributed denial of service (DDoS) attacks on power grids and hacking of factory industrial control systems (ICS) are on the increase. This paper unpacks where emerging security risks lie for the industrial internet of things, drawing on both technical and regulatory perspectives. Legal changes are being ushered by the European Union (EU) Network and Information Security (NIS) Directive 2016 and the General Data Protection Regulation 2016 (GDPR) (both to ...

  18. Big Data, Internet of Things and Cloud Convergence--An Architecture for Secure E-Health Applications.

    Science.gov (United States)

    Suciu, George; Suciu, Victor; Martian, Alexandru; Craciunescu, Razvan; Vulpe, Alexandru; Marcu, Ioana; Halunga, Simona; Fratu, Octavian

    2015-11-01

    Big data storage and processing are considered as one of the main applications for cloud computing systems. Furthermore, the development of the Internet of Things (IoT) paradigm has advanced the research on Machine to Machine (M2M) communications and enabled novel tele-monitoring architectures for E-Health applications. However, there is a need for converging current decentralized cloud systems, general software for processing big data and IoT systems. The purpose of this paper is to analyze existing components and methods of securely integrating big data processing with cloud M2M systems based on Remote Telemetry Units (RTUs) and to propose a converged E-Health architecture built on Exalead CloudView, a search based application. Finally, we discuss the main findings of the proposed implementation and future directions.

  19. Privacy preservation and information security protection for patients' portable electronic health records.

    Science.gov (United States)

    Huang, Lu-Chou; Chu, Huei-Chung; Lien, Chung-Yueh; Hsiao, Chia-Hung; Kao, Tsair

    2009-09-01

    As patients face the possibility of copying and keeping their electronic health records (EHRs) through portable storage media, they will encounter new risks to the protection of their private information. In this study, we propose a method to preserve the privacy and security of patients' portable medical records in portable storage media to avoid any inappropriate or unintentional disclosure. Following HIPAA guidelines, the method is designed to protect, recover and verify patient's identifiers in portable EHRs. The results of this study show that our methods are effective in ensuring both information security and privacy preservation for patients through portable storage medium.

  20. One-Time URL: A Proximity Security Mechanism between Internet of Things and Mobile Devices.

    Science.gov (United States)

    Solano, Antonio; Dormido, Raquel; Duro, Natividad; González, Víctor

    2016-10-13

    The aim of this paper is to determine the physical proximity of connected things when they are accessed from a smartphone. Links between connected things and mobile communication devices are temporarily created by means of dynamic URLs (uniform resource locators) which may be easily discovered with pervasive short-range radio frequency technologies available on smartphones. In addition, a multi cross domain silent logging mechanism to allow people to interact with their surrounding connected things from their mobile communication devices is presented. The proposed mechanisms are based in web standards technologies, evolving our social network of Internet of Things towards the so-called Web of Things.

  1. Beyond the Convenience of the Internet of Things: Security and Privacy Concerns

    CSIR Research Space (South Africa)

    Moganedi, Mapoung S

    2017-06-01

    Full Text Available . Leary, “Writing Narrative Literature Reviews,” vol. 1, no. 3, pp. 311– 320, 1997. [17] J. E. Wallace, “How to write a literature review,” 2013. [18] M. Fons, F. Fons, and E. Cantó, “Embedded security: New trends in personal recognition systems,” Proc...

  2. Covering the Monitoring Network: A Unified Framework to Protect E-Commerce Security

    Directory of Open Access Journals (Sweden)

    Lirong Qiu

    2017-01-01

    Full Text Available Multimedia applications in smart electronic commerce (e-commerce, such as online trading and Internet marketing, always face security in storage and transmission of digital images and videos. This study addresses the problem of security in e-commerce and proposes a unified framework to analyze the security data. First, to allocate the definite security resources optimally, we build our e-commerce monitoring model as an undirected network, where a monitored node is a vertex of the graph and a connection between vertices is an undirected edge. Moreover, we aim to find a minimal cover for the monitoring network as the optimal solution of resource allocation, which is defined as the network monitoring minimization problem (NMM. This problem is proved to be NP-hard. Second, by analyzing the latent threats, we design a novel and trusted monitoring system that can integrate incident monitoring, data analysis, risk assessment, and security warnings. This system does not touch users’ privacy data. Third, we propose a sequential model-based risk assessment method, which can predict the risk according to the text semantics. Our experimental results on web scale data demonstrate that our system is flexible enough when monitoring, which also verify the effectiveness and efficiency of our system.

  3. Mutual Authentication Scheme in Secure Internet of Things Technology for Comfortable Lifestyle.

    Science.gov (United States)

    Park, Namje; Kang, Namhi

    2015-12-24

    The Internet of Things (IoT), which can be regarded as an enhanced version of machine-to-machine communication technology, was proposed to realize intelligent thing-to-thing communications by utilizing the Internet connectivity. In the IoT, "things" are generally heterogeneous and resource constrained. In addition, such things are connected to each other over low-power and lossy networks. In this paper, we propose an inter-device authentication and session-key distribution system for devices with only encryption modules. In the proposed system, unlike existing sensor-network environments where the key distribution center distributes the key, each sensor node is involved with the generation of session keys. In addition, in the proposed scheme, the performance is improved so that the authenticated device can calculate the session key in advance. The proposed mutual authentication and session-key distribution system can withstand replay attacks, man-in-the-middle attacks, and wiretapped secret-key attacks.

  4. Mutual Authentication Scheme in Secure Internet of Things Technology for Comfortable Lifestyle

    Directory of Open Access Journals (Sweden)

    Namje Park

    2015-12-01

    Full Text Available The Internet of Things (IoT, which can be regarded as an enhanced version of machine-to-machine communication technology, was proposed to realize intelligent thing-to-thing communications by utilizing the Internet connectivity. In the IoT, “things” are generally heterogeneous and resource constrained. In addition, such things are connected to each other over low-power and lossy networks. In this paper, we propose an inter-device authentication and session-key distribution system for devices with only encryption modules. In the proposed system, unlike existing sensor-network environments where the key distribution center distributes the key, each sensor node is involved with the generation of session keys. In addition, in the proposed scheme, the performance is improved so that the authenticated device can calculate the session key in advance. The proposed mutual authentication and session-key distribution system can withstand replay attacks, man-in-the-middle attacks, and wiretapped secret-key attacks.

  5. Network security

    CERN Document Server

    Perez, André

    2014-01-01

    This book introduces the security mechanisms deployed in Ethernet, Wireless-Fidelity (Wi-Fi), Internet Protocol (IP) and MultiProtocol Label Switching (MPLS) networks. These mechanisms are grouped throughout the book according to the following four functions: data protection, access control, network isolation, and data monitoring. Data protection is supplied by data confidentiality and integrity control services. Access control is provided by a third-party authentication service. Network isolation is supplied by the Virtual Private Network (VPN) service. Data monitoring consists of applying

  6. Risk and Protective Factors of Internet Addiction: A Meta-Analysis of Empirical Studies in Korea

    OpenAIRE

    Koo, Hoon Jung; Kwon, Jung-Hye

    2014-01-01

    Purpose A meta-analysis of empirical studies performed in Korea was conducted to systematically investigate the associations between the indices of Internet addiction (IA) and psychosocial variables. Materials and Methods Systematic literature searches were carried out using the Korean Studies Information Service System, Research Information Sharing Service, Science Direct, Google Scholar, and references in review articles. The key words were Internet addiction, (Internet) game addiction, and...

  7. Robust and Secure Watermarking Using Sparse Information of Watermark for Biometric Data Protection

    OpenAIRE

    Rohit M Thanki; Ved Vyas Dwivedi; Komal Borisagar

    2016-01-01

    Biometric based human authentication system is used for security purpose in many organizations in the present world. This biometric authentication system has several vulnerable points. Two of vulnerable points are protection of biometric templates at system database and protection of biometric templates at communication channel between two modules of biometric authentication systems. In this paper proposed a robust watermarking scheme using the sparse information of watermark biometric to sec...

  8. Implementing voice over Internet protocol in mobile ad hoc network – analysing its features regarding efficiency, reliability and security

    Directory of Open Access Journals (Sweden)

    Naveed Ahmed Sheikh

    2014-05-01

    Full Text Available Providing secure and efficient real-time voice communication in mobile ad hoc network (MANET environment is a challenging problem. Voice over Internet protocol (VoIP has originally been developed over the past two decades for infrastructure-based networks. There are strict timing constraints for acceptable quality VoIP services, in addition to registration and discovery issues in VoIP end-points. In MANETs, ad hoc nature of networks and multi-hop wireless environment with significant packet loss and delays present formidable challenges to the implementation. Providing a secure real-time VoIP service on MANET is the main design objective of this paper. The authors have successfully developed a prototype system that establishes reliable and efficient VoIP communication and provides an extremely flexible method for voice communication in MANETs. The authors’ cooperative mesh-based MANET implementation can be used for rapidly deployable VoIP communication with survivable and efficient dynamic networking using open source software.

  9. Protecting America: Reorganizing the Nation's Security Forces to Ensure the Protection of Our Critical Infrastructure

    National Research Council Canada - National Science Library

    Williams

    2004-01-01

    .... This national strategy amplified the significant responsibilities of states, localities, the private sector, and private citizens to protect and defend our communities and our critical infrastructure...

  10. NPP physical protection and information security as necessary conditions for reducing nuclear and radiation accident risks

    International Nuclear Information System (INIS)

    Pogosov, O.Yu.; Derevyanko, O.V.

    2017-01-01

    The paper focuses on the fact that nuclear failures and incidents can lead to radioactive contamination of NPP premises. Nuclear and radiation hazard may be caused by malefactors in technological processes when applying computers or inadequate control in case of insufficient level of information security.The researchers performed analysis of factors for reducing risks of nuclear and radiation accidents at NPPs considering specific conditions related to information security of NPP physical protection systems. The paper considers connection of heterogeneous factors that may increase the risk of NPP accidents, possibilities and ways to improve adequate modelling of security of information with limited access directly related to the functioning of automated set of engineering and technical means for NPP physical protection. Within the overall Hutchinson formalization, it is proposed to include additional functional dependencies on indicators specific for NPPs into analysis algorithms.

  11. Policies and measures for economic efficiency, energy security and environment protection in India

    International Nuclear Information System (INIS)

    Venkaiah, M.; Kaushik, S.C.; Dewangan, M.L.

    2007-01-01

    India needs to sustain 8-10% economic growth to meet energy needs of people below poverty line. India would, at least, need to grow its primary energy supply (3-4 times) of present consumption to deliver a sustained growth of 8% by 2031. This paper discusses India's policies and measures for economic efficiency, environment protection and energy security (3-E). (author)

  12. The normative erosion of international refugee protection through UN Security Council practice

    NARCIS (Netherlands)

    Ahlborn, C.

    2011-01-01

    Since the early 1990s, the UN Security Council has used its enforcement measures under Chapter VII of the UN Charter to address different aspects of international refugee protection from the root causes of forced displacement to the search for durable solutions to the refugee problem. At the same

  13. Internet enlightens; Internet eclaire

    Energy Technology Data Exchange (ETDEWEB)

    Figueiredo, S. [IRSN, 92 - Fontenay-aux-Roses (France)

    2010-04-15

    This part of the issue gives Internet addresses in relation with nuclear energy, safety, radiation protection in nuclear medicine, legislation, at the national level and European and international level. A special part is devoted to non ionizing radiation. (N.C.)

  14. 78 FR 7265 - Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound, WA

    Science.gov (United States)

    2013-02-01

    ... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 165 [Docket No. USCG-2012-0087] Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound, WA AGENCY: Coast Guard, DHS... Security Zone in Commencement Bay, Tacoma, Washington from 6 a.m. on February 1, 2013, through 11:59 p.m...

  15. 78 FR 11981 - Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound, WA

    Science.gov (United States)

    2013-02-21

    ... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 165 [Docket No. USCG-2012-0087] Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound, WA AGENCY: Coast Guard, DHS... Security Zone in Commencement Bay, Tacoma, Washington from 6 a.m. on February 23, 2013, through 11:59 p.m...

  16. Robust and Secure Watermarking Using Sparse Information of Watermark for Biometric Data Protection

    Directory of Open Access Journals (Sweden)

    Rohit M Thanki

    2016-08-01

    Full Text Available Biometric based human authentication system is used for security purpose in many organizations in the present world. This biometric authentication system has several vulnerable points. Two of vulnerable points are protection of biometric templates at system database and protection of biometric templates at communication channel between two modules of biometric authentication systems. In this paper proposed a robust watermarking scheme using the sparse information of watermark biometric to secure vulnerable point like protection of biometric templates at the communication channel of biometric authentication systems. A compressive sensing theory procedure is used for generation of sparse information on watermark biometric data using detail wavelet coefficients. Then sparse information of watermark biometric data is embedded into DCT coefficients of host biometric data. This proposed scheme is robust to common signal processing and geometric attacks like JPEG compression, adding noise, filtering, and cropping, histogram equalization. This proposed scheme has more advantages and high quality measures compared to existing schemes in the literature.

  17. SECURE INTERNET OF THINGS-BASED CLOUD FRAMEWORK TO CONTROL ZIKA VIRUS OUTBREAK.

    Science.gov (United States)

    Sareen, Sanjay; Sood, Sandeep K; Gupta, Sunil Kumar

    2017-01-01

    Zika virus (ZikaV) is currently one of the most important emerging viruses in the world which has caused outbreaks and epidemics and has also been associated with severe clinical manifestations and congenital malformations. Traditional approaches to combat the ZikaV outbreak are not effective for detection and control. The aim of this study is to propose a cloud-based system to prevent and control the spread of Zika virus disease using integration of mobile phones and Internet of Things (IoT). A Naive Bayesian Network (NBN) is used to diagnose the possibly infected users, and Google Maps Web service is used to provide the geographic positioning system (GPS)-based risk assessment to prevent the outbreak. It is used to represent each ZikaV infected user, mosquito-dense sites, and breeding sites on the Google map that helps the government healthcare authorities to control such risk-prone areas effectively and efficiently. The performance and accuracy of the proposed system are evaluated using dataset for 2 million users. Our system provides high accuracy for initial diagnosis of different users according to their symptoms and appropriate GPS-based risk assessment. The cloud-based proposed system contributed to the accurate NBN-based classification of infected users and accurate identification of risk-prone areas using Google Maps.

  18. Improvement of security techniques and protection of biometric data in biometric systems: Presentation of International Standard ISO 24745

    OpenAIRE

    Milinković, Milorad

    2017-01-01

    This paper presents the International Standard ISO 24745 as a potential security tool for biometric information protection, more precisely as a tool for privacy protection in biometric systems. This is one of the latest internationally accepted standards that address the security issues of biometric systems.

  19. 14 CFR 193.5 - How may I submit safety or security information and have it protected from disclosure?

    Science.gov (United States)

    2010-01-01

    ... SUBMITTED INFORMATION § 193.5 How may I submit safety or security information and have it protected from... 14 Aeronautics and Space 3 2010-01-01 2010-01-01 false How may I submit safety or security information and have it protected from disclosure? 193.5 Section 193.5 Aeronautics and Space FEDERAL AVIATION...

  20. 33 CFR 165.1313 - Security zone regulations, tank ship protection, Puget Sound and adjacent waters, Washington

    Science.gov (United States)

    2010-07-01

    ... Areas Thirteenth Coast Guard District § 165.1313 Security zone regulations, tank ship protection, Puget... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Security zone regulations, tank ship protection, Puget Sound and adjacent waters, Washington 165.1313 Section 165.1313 Navigation and...

  1. 33 CFR 165.1324 - Safety and Security Zone; Cruise Ship Protection, Elliott Bay and Pier-91, Seattle, Washington.

    Science.gov (United States)

    2010-07-01

    ... Areas Thirteenth Coast Guard District § 165.1324 Safety and Security Zone; Cruise Ship Protection... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Safety and Security Zone; Cruise Ship Protection, Elliott Bay and Pier-91, Seattle, Washington. 165.1324 Section 165.1324 Navigation and...

  2. An Energy-Efficient Virtualization-Based Secure Platform for Protecting Sensitive User Data

    Directory of Open Access Journals (Sweden)

    Kyung-Soo Lim

    2017-07-01

    Full Text Available Currently, the exchange cycles of various computers, smartphones, tablets, and others have become shorter, because new high-performance devices continue to roll out rapidly. However, existing legacy devices are not old-fashioned or obsolete to use. From the perspective of sustainable information technology (IT, energy-efficient virtualization can apply a way to increase reusability for special customized devices and enhance the security of existing legacy devices. It means that the virtualization can customize a specially designed purpose using the guest domain from obsolete devices. Thus, this could be a computing scheme that keeps energy supplies and demands in balance for future sustainable IT. Moreover, energy-efficient virtualization can be the long-term and self-sustainable solution such as cloud computing, big data and so forth. By separating the domain of the host device based on virtualization, the guest OS on the segmented domain can be used as a Trusted Execution Environment to perform security features. In this paper, we introduce a secure platform to protect sensitive user data by domain isolation utilizing virtualization. The sensitive user data on our secure platform can protect against the infringement of personal information by malicious attacks. This study is an effective solution in terms of sustainability by recycling them for special purposes or enhancing the security of existing devices.

  3. Evaluating the effectiveness of protected areas for maintaining biodiversity, securing habitats, and reducing threats

    DEFF Research Database (Denmark)

    Geldmann, Jonas

    of this thesis has been to evaluate the performance and effectiveness of protected area in securing biodiversity, by evaluating their ability to either improve conservation responses, the state of biodiversity, or alternatively to reduce the human pressures responsible for the loss of biodiversity. The scope......Protected areas are amongst the most important conservation responses to halt the loss of biodiversity and cover more than 12.7% of the terrestrial surface of earth. Likewise, protected areas are an important political instrument and a key component of the Convention for Biological Diversity (CBD......); seeking to protect at least 17% of the terrestrial surface and 10% of the coastal and marine areas by 2020. Protected areas are expected to deliver on many different objectives covering biodiversity, climate change mitigation, local livelihood, and cultural & esthetic values. Within each...

  4. Internet Economics IV

    Science.gov (United States)

    2004-08-01

    edts.): Internet Economics IV Technical Report No. 2004-04, August 2004 Information Systems Laboratory IIS, Departement of Computer Science University of...level agreements (SLA), Information technology (IT), Internet address, Internet service provider 16. PRICE CODE 17. SECURITY CLASSIFICATION 18... technology and its economic impacts in the Internet world today. The second talk addresses the area of AAA protocol, summarizing authentication

  5. Informatics in Radiology (infoRAD): personal computer security: part 2. Software Configuration and file protection.

    Science.gov (United States)

    Caruso, Ronald D

    2004-01-01

    Proper configuration of software security settings and proper file management are necessary and important elements of safe computer use. Unfortunately, the configuration of software security options is often not user friendly. Safe file management requires the use of several utilities, most of which are already installed on the computer or available as freeware. Among these file operations are setting passwords, defragmentation, deletion, wiping, removal of personal information, and encryption. For example, Digital Imaging and Communications in Medicine medical images need to be anonymized, or "scrubbed," to remove patient identifying information in the header section prior to their use in a public educational or research environment. The choices made with respect to computer security may affect the convenience of the computing process. Ultimately, the degree of inconvenience accepted will depend on the sensitivity of the files and communications to be protected and the tolerance of the user. Copyright RSNA, 2004

  6. Role of physical protection and safeguards technology used to Nuclear Material Security

    International Nuclear Information System (INIS)

    Djoko-Irianto, Ign.

    2005-01-01

    The presence of nuclear materials at any nuclear facility must be in secure and must be known as safeguards purpose such as its position, from or type and amount. The clarification of the amount be reported to the national regulatory body and International Atomic Energy Agency (IAEA) as the International regulatory body. The national regulatory body and IAEA will then verify that report. The verification must be done to know there is no difference of the amount, and to give the assurance to the International community that any diversion of safeguarded nuclear material from civil use to a prescribed military purpose would be detected. To carry out verification, several verification techniques such as non-destructive analysis, surveillance, unattended and remote monitoring and environmental sampling are explained to convey the impression how those techniques are implemented. According to the security requirement, the physical protection system including all components of physical protection system have to be effectively designed

  7. A Secure Watermarking Scheme for Buyer-Seller Identification and Copyright Protection

    Science.gov (United States)

    Ahmed, Fawad; Sattar, Farook; Siyal, Mohammed Yakoob; Yu, Dan

    2006-12-01

    We propose a secure watermarking scheme that integrates watermarking with cryptography for addressing some important issues in copyright protection. We address three copyright protection issues—buyer-seller identification, copyright infringement, and ownership verification. By buyer-seller identification, we mean that a successful watermark extraction at the buyer's end will reveal the identities of the buyer and seller of the watermarked image. For copyright infringement, our proposed scheme enables the seller to identify the specific buyer from whom an illegal copy of the watermarked image has originated, and further prove this fact to a third party. For multiple ownership claims, our scheme enables a legal seller to claim his/her ownership in the court of law. We will show that the combination of cryptography with watermarking not only increases the security of the overall scheme, but it also enables to associate identities of buyer/seller with their respective watermarked images.

  8. [ELGA--the electronic health record in the light of data protection and data security].

    Science.gov (United States)

    Ströher, Alexander; Honekamp, Wilfried

    2011-07-01

    The introduction of an electronic health record (ELGA) is a subject discussed for a long time in Austria. Another big step toward ELGA is made at the end of 2010 on the pilot project e-medication in three model regions; other projects should follow. In addition, projects of the ELGA structure are sped up on the part of the ELGA GmbH to install the base of a functioning electronic health record. Unfortunately, many of these initiatives take place, so to speak, secretly, so that in the consciousness of the general public - and that includes not only patients but also physicians and other healthcare providers - always concerns about protection and security of such a storage of health data arouse. In this article the bases of the planned act are discussed taking into account the data protection and data security.

  9. ConstitutionalJustice: Cases of Protection of Freedom and Personal Security in Colombia

    Directory of Open Access Journals (Sweden)

    Viridiana Molinares Hassan

    2014-07-01

    Full Text Available In this paper we present the results of an investigation about judicial protection of freedom and personal security granted by the Constitutional Court (cc of Colombia, with a comparative analysis between the period 1992-2001, to which governments have appointed period of postconstitucionales, which coincides with the issuance of the 1991 Constitution, and the creation of constitutional jurisdiction, and the period 2002-2010, during which it ran the Democratic Security Policy (dsp as a government policy proposal by former president Álvaro Uribe, whose aim was to achieve peace through the declaration of war to the guerrilla group Revolutionary Armed Forces of Colombia (farc. Our interest is to show that the protection of freedom and personal security as the basis of the Constitutional (ec finds in the cc his greatest guarantor, even against closing courts in other jurisdictions that are still rooted in the failed legal positivist paradigm, ignoring the postulates of neoconstitutionalism dc sufficiently developed from a process of creative interpretation and decision-making. This coupled with the importance for the branches of power and knowledge associated scope of freedom and personal security developed by the cc in the difficult context of irregular warfare that exists in Colombia, yet it is, for universal constitutionalism, an example of the development of legal guarantor in the context of current constitutionalism.

  10. THE PROTECTION OF CONSUMER RIGHTS FOR AVIATION SAFETY AND SECURITY IN INDONESIA AND MALAYSIA

    Directory of Open Access Journals (Sweden)

    Annalisa Yahanan

    2017-01-01

    Full Text Available Indonesia and Malaysia have a good potency for cooperation in aviation industry. It can be seen in the establishing two aviation companies namely PT. Indonesia Air Asia and Malindo which both are low-cost carrier. These aviation industries are categorized as low-cost carrier, however safety and security are absolute factors because these are rights for consumers. This article will describe further about safety and security standard; protecting the rights for consumers in connection with safety aviation in Indonesia and Malaysia from the Consumer Protection Law and the Aviation Law. As a result of the research shows that safety standard passenger for air transportation in airport covers information and safety facility in the shape of availability of the emergency safety tools (fires, accidents and natural disasters; information, area and health facility; and healthcare workers. Moreover, safety standards for passenger in an aircraft include information and safety facility in the shape of availability information and the emergency safety tools for passenger in an aircraft. The protection for consumer rights for safety flight in Indonesia as follows: aviation industry has obligation to fulfill minimum standard of safety and security; consumers must be safety from false information which raises concern; aircraft operation which endanger of the passenger; and consumer protection in operating the electronic device which endanger flight. On the other hand, the law of consumer rights in Malaysia relating to aviation are ruled under the Aviation Law as a result of the Warsaw Convention 1929. In conclusion, the verdict of consumer rights related to security aviation begins when the passenger enter to an aircraft, in the aircraft, and by the time they get off the plane.

  11. Considerations Regarding the Security and Protection of E-Banking Services Consumers’ Interests

    OpenAIRE

    Marinela Vrancianu; Liana Anica Popa

    2010-01-01

    A significant number of breaches in the security of electronic banking (e-Banking) system is reported each year, drawing attention to the need to protect and inform customers about the risk of exposure to malicious actions initiated by cyber-criminals. Financial institutions and consumers recognize the fact that attacks and financial frauds are becoming more complex and are perpetrated by a different class of criminal. This class is increasingly sophisticated and uses technology as part of th...

  12. Protecting food security when facing uncertain climate: Opportunities for Afghan communities

    Science.gov (United States)

    Salman, Dina; Amer, Saud A.; Ward, Frank A.

    2017-11-01

    Climate change, population growth, and weakly developed water management institutions in many of the world's dry communities have raised the importance of designing innovative water allocation methods that adapt to water supply fluctuations while respecting cultural sensitivities. For example, Afghanistan faces an ancient history of water supply fluctuations that have contributed to periodic food shortage and famine. Poorly designed and weakly enforced water allocation methods continue to result in agriculture sector underperformance and periodic food shortages when water shortfalls occur. To date, little research has examined alternative water sharing rules on a multi-basin scale to protect food security for a subsistence irrigation society when the community faces water shortage. This paper's contribution examines the economic performance of three water-sharing mechanisms for three basins in Afghanistan with the goal of protecting food security for crop irrigation under ongoing threats of drought, while meeting growing demands for food in the face of anticipated population growth. We achieved this by formulating an integrated empirical optimization model to identify water-sharing measures that minimize economic losses while protecting food security when water shortages occur. Findings show that implementation of either a water trading policy or a proportional shortage policy that respects cultural sensitivities has the potential to raise economic welfare in each basin. Such a policy can reduce food insecurity risks for all trading provinces within each basin, thus being a productive institution for adapting to water shortage when it occurs. Total economic welfare gains are highest when drought is the most severe for which suffering would otherwise be greatest. Gains would be considerably higher if water storage reservoirs were built to store wet year flows for use in dry years. Our results light a path for policy makers, donors, water administrators, and farm

  13. Cyber Security Insider Threats :: Government’s Role in Protecting India’s Critical Infrastructure Sectors

    OpenAIRE

    Vohra, Pulkit

    2014-01-01

    This research identifies the problem of insider threats in the critical infrastructure sectors of India. It is structured to answer the research question: "Why insider threats should be the primary concern for Indian government to protect its critical infrastructure sectors.” It defines the critical infrastructure sectors and portrays the cyber security scenario of India. Also, through the research study, it identifies the lack of awareness and non-seriousness of employees in the critical sec...

  14. Internet enlightens

    International Nuclear Information System (INIS)

    Figueiredo, S.

    2008-01-01

    Numerous Internet sites are given in relation with radiotherapy, nuclear activity, radiation protection,radioecology, nuclear laws. To note three sites treat the accident of radiotherapy arisen to Toulouse. (N.C.)

  15. Internet enlightens

    International Nuclear Information System (INIS)

    Anon.

    2010-01-01

    This part of the issue gives Internet addresses in relation with nuclear energy, safety, radiation protection, legislation, at the national level and European and international level. A special part is devoted to non ionizing radiation. (N.C.)

  16. A legislative history of the Social Security Protection Act of 2004.

    Science.gov (United States)

    Hansen, Erik

    2008-01-01

    Passage of the original Social Security Act in 1935, Public Law (P.L.) 74-271, represented one of the watershed achievements of social welfare reform in American history. For the first time, workers were guaranteed a basic floor of protection against the hardships of poverty. In the ensuing decades, more than 100 million beneficiaries have realized the value of this protection through the receipt of monthly Social Security payments. As this guarantee has endured and progressed, the policies and administration of such a vast and complex program have required ongoing modifications-more than 150 such revisions over the past 73 years. To some extent, these amendments can be seen as an ongoing refinement process, with the Social Security Protection Act of 2004 (SSPA) being another incremental step in the development of a social insurance program that best meets the evolving needs of American society. This article discusses the legislative history of the SSPA in detail. It includes summaries of the provisions and a chronology of the modification of these proposals as they passed through the House and Senate, and ultimately to the president's desk.

  17. The Issue of Data Protection and Data Security in the (Pre-Lisbon EU Third Pillar

    Directory of Open Access Journals (Sweden)

    Maria O'Neill

    2010-06-01

    Full Text Available The key functional operability in the pre-Lisbon PJCCM pillar of the EU is the exchange of intelligence and information amongst the law enforcement bodies of the EU. The twin issues of data protection and data security within what was the EU’s third pillar legal framework therefore come to the fore. With the Lisbon Treaty reform of the EU, and the increased role of the Commission in PJCCM policy areas, and the integration of the PJCCM provisions with what have traditionally been the pillar I activities of Frontex, the opportunity for streamlining the data protection and data security provisions of the law enforcement bodies of the post-Lisbon EU arises. This is recognised by the Commission in their drafting of an amending regulation for Frontex , when they say that they would prefer “to return to the question of personal data in the context of the overall strategy for information exchange to be presented later this year and also taking into account the reflection to be carried out on how to further develop cooperation between agencies in the justice and home affairs field as requested by the Stockholm programme.” The focus of the literature published on this topic, has for the most part, been on the data protection provisions in Pillar I, EC. While the focus of research has recently sifted to the previously Pillar III PJCCM provisions on data protection, a more focused analysis of the interlocking issues of data protection and data security needs to be made in the context of the law enforcement bodies, particularly with regard to those which were based in the pre-Lisbon third pillar. This paper will make a contribution to that debate, arguing that a review of both the data protection and security provision post-Lisbon is required, not only in order to reinforce individual rights, but also inter-agency operability in combating cross-border EU crime. The EC’s provisions on data protection, as enshrined by Directive 95/46/EC, do not apply

  18. Internet filters and entry pages do not protect children from online alcohol marketing.

    Science.gov (United States)

    Jones, Sandra C; Thom, Jeffrey A; Davoren, Sondra; Barrie, Lance

    2014-02-01

    We review programs and policies to prevent children from accessing alcohol marketing online. To update the literature, we present our recent studies that assess (i) in-built barriers to underage access to alcohol brand websites and (ii) commercial internet filters. Alcohol websites typically had poor filter systems for preventing entry of underage persons; only half of the sites required the user to provide a date of birth, and none had any means of preventing users from trying again. Even the most effective commercial internet filters allowed access to one-third of the sites we examined.

  19. Radiological protection, safety and security issues in the industrial and medical applications of radiation sources

    International Nuclear Information System (INIS)

    Vaz, Pedro

    2015-01-01

    The use of radiation sources, namely radioactive sealed or unsealed sources and particle accelerators and beams is ubiquitous in the industrial and medical applications of ionizing radiation. Besides radiological protection of the workers, members of the public and patients in routine situations, the use of radiation sources involves several aspects associated to the mitigation of radiological or nuclear accidents and associated emergency situations. On the other hand, during the last decade security issues became burning issues due to the potential malevolent uses of radioactive sources for the perpetration of terrorist acts using RDD (Radiological Dispersal Devices), RED (Radiation Exposure Devices) or IND (Improvised Nuclear Devices). A stringent set of international legally and non-legally binding instruments, regulations, conventions and treaties regulate nowadays the use of radioactive sources. In this paper, a review of the radiological protection issues associated to the use of radiation sources in the industrial and medical applications of ionizing radiation is performed. The associated radiation safety issues and the prevention and mitigation of incidents and accidents are discussed. A comprehensive discussion of the security issues associated to the global use of radiation sources for the aforementioned applications and the inherent radiation detection requirements will be presented. Scientific, technical, legal, ethical, socio-economic issues are put forward and discussed. - Highlights: • The hazards associated to the use of radioactive sources must be taken into account. • Security issues are of paramount importance in the use of radioactive sources. • Radiation sources can be used to perpetrate terrorist acts (RDDs, INDs, REDs). • DSRS and orphan sources trigger radiological protection, safety and security concerns. • Regulatory control, from cradle to grave, of radioactive sources is mandatory.

  20. 17 CFR 240.15b5-1 - Extension of registration for purposes of the Securities Investor Protection Act of 1970 after...

    Science.gov (United States)

    2010-04-01

    ... purposes of the Securities Investor Protection Act of 1970 after cancellation or revocation. 240.15b5-1... purposes of the Securities Investor Protection Act of 1970 after cancellation or revocation. Commission... member within the meaning of Section 3(a)(2) of the Securities Investor Protection Act of 1970 for...

  1. Security controls in an integrated Biobank to protect privacy in data sharing: rationale and study design.

    Science.gov (United States)

    Takai-Igarashi, Takako; Kinoshita, Kengo; Nagasaki, Masao; Ogishima, Soichi; Nakamura, Naoki; Nagase, Sachiko; Nagaie, Satoshi; Saito, Tomo; Nagami, Fuji; Minegishi, Naoko; Suzuki, Yoichi; Suzuki, Kichiya; Hashizume, Hiroaki; Kuriyama, Shinichi; Hozawa, Atsushi; Yaegashi, Nobuo; Kure, Shigeo; Tamiya, Gen; Kawaguchi, Yoshio; Tanaka, Hiroshi; Yamamoto, Masayuki

    2017-07-06

    With the goal of realizing genome-based personalized healthcare, we have developed a biobank that integrates personal health, genome, and omics data along with biospecimens donated by volunteers of 150,000. Such a large-scale of data integration involves obvious risks of privacy violation. The research use of personal genome and health information is a topic of global discussion with regard to the protection of privacy while promoting scientific advancement. The present paper reports on our plans, current attempts, and accomplishments in addressing security problems involved in data sharing to ensure donor privacy while promoting scientific advancement. Biospecimens and data have been collected in prospective cohort studies with the comprehensive agreement. The sample size of 150,000 participants was required for multiple researches including genome-wide screening of gene by environment interactions, haplotype phasing, and parametric linkage analysis. We established the T ohoku M edical M egabank (TMM) data sharing policy: a privacy protection rule that requires physical, personnel, and technological safeguards against privacy violation regarding the use and sharing of data. The proposed policy refers to that of NCBI and that of the Sanger Institute. The proposed policy classifies shared data according to the strength of re-identification risks. Local committees organized by TMM evaluate re-identification risk and assign a security category to a dataset. Every dataset is stored in an assigned segment of a supercomputer in accordance with its security category. A security manager should be designated to handle all security problems at individual data use locations. The proposed policy requires closed networks and IP-VPN remote connections. The mission of the biobank is to distribute biological resources most productively. This mission motivated us to collect biospecimens and health data and simultaneously analyze genome/omics data in-house. The biobank also has the

  2. An Examination of Individual’s Perceived Security and Privacy of the Internet in Malaysia and the Influence of This on Their Intention to Use E-Commerce: Using An Extension of the Technology Acceptance Model

    OpenAIRE

    Muniruddeen Lallmahamood

    2007-01-01

    This study explores the impact of perceived security and privacy on the intention to use Internet banking. An extended version of the technology acceptance model (TAM) is used to examine the above perception. A survey was distributed, the 187 responses mainly from the urban cities in Malaysia, hav e generally agreed that security and privacy are still the main concerns while using Internet banking. The research model explains over half of the variance of the intenti...

  3. Methodology of the Auditing Measures to Civil Airport Security and Protection

    Directory of Open Access Journals (Sweden)

    Ján Kolesár

    2016-10-01

    Full Text Available Airports similarly to other companies are certified in compliance with the International Standardization Organization (ISO standards of products and services (series of ISO 9000 Standards regarding quality management, to coordinate the technical side of standardizatioon and normalization at an international scale. In order for the airports to meet the norms and the certification requirements as by the ISO they are liable to undergo strict audits of quality, as a rule, conducted by an independent auditing organization. Focus of the audits is primarily on airport operation economics and security. The article is an analysis into the methodology of the airport security audit processes and activities. Within the framework of planning, the sequence of steps is described in line with the principles and procedures of the Security Management System (SMS and starndards established by the International Standardization Organization (ISO. The methodology of conducting airport security audit is developed in compliance with the national programme and international legislation standards (Annex 17 applicable to protection of civil aviation against acts of unlawful interference.

  4. Theater Security Cooperation Planning with Article 98: How the 2002 Servicemembers' Protection Act Fosters China's Quest for Global Influence

    National Research Council Canada - National Science Library

    Hernandez, Jaime A

    2005-01-01

    The Combatant Commander is hindered in constructing Theater Security Cooperation plans due to the restrictions placed upon foreign military aid dispersal as a result of the 2002 American Servicemembers' Protection Act...

  5. Notification: Audit of the U.S. Environmental Protection Agency’s Compliance with the Federal Information Security Management Act

    Science.gov (United States)

    Project #OA-FY14-0135, February 10, 2014. The Office of Inspector General plans to begin fieldwork for an audit of the U.S. Environmental Protection Agency's compliance with the Federal Information Security Management Act (FISMA).

  6. 33 CFR 165.1317 - Security and Safety Zone; Large Passenger Vessel Protection, Puget Sound and adjacent waters...

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Security and Safety Zone; Large Passenger Vessel Protection, Puget Sound and adjacent waters, Washington. 165.1317 Section 165.1317 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) PORTS AND WATERWAYS...

  7. 33 CFR 165.1318 - Security and Safety Zone Regulations, Large Passenger Vessel Protection, Portland, OR Captain of...

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Security and Safety Zone Regulations, Large Passenger Vessel Protection, Portland, OR Captain of the Port Zone 165.1318 Section 165.1318 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) PORTS AND...

  8. The Influence of Security Statement, Technical Protection, and Privacy on Satisfaction and Loyalty; A Structural Equation Modeling

    Science.gov (United States)

    Peikari, Hamid Reza

    Customer satisfaction and loyalty have been cited as the e-commerce critical success factors and various studies have been conducted to find the antecedent determinants of these concepts in the online transactions. One of the variables suggested by some studies is perceived security. However, these studies have referred to security from a broad general perspective and no attempts have been made to study the specific security related variables. This paper intends to study the influence on security statement and technical protection on satisfaction, loyalty and privacy. The data was collected from 337 respondents and after the reliability and validity tests, path analysis was applied to examine the hypotheses. The results suggest that loyalty is influenced by satisfaction and security statement and no empirical support was found for the influence on technical protection and privacy on loyalty. Moreover, it was found that security statement and technical protection have a positive significant influence on satisfaction while no significant effect was found for privacy. Furthermore, the analysis indicated that security statement have a positive significant influence on technical protection while technical protection was found to have a significant negative impact on perceived privacy.

  9. Domestic Labor and the Lack of Social Security Protection in Brazil: Questions for Analysis

    Directory of Open Access Journals (Sweden)

    Rita de Lourdes de Lima

    2010-01-01

    Full Text Available This article analyzes domestic labor in Brazil, considering gender, the sexual division of labor and social security, which are influenced by the social transformations of the late 20th century. To do so, a dialog was established with various theoreticians including: Boschetti, Hirata, Kergoat, Nogueira and Saffioti.A historical review of the sexual division of labor in capitalist society is conducted, utilizing the concept of gender and examining inequality between men and women in the work force. Then, looking at social security in Brazil, the  implications of counter reforms to the system for female labor and particularly for domestic work are analyzed, identifying the real lack of social protection suffered by the entire working class.

  10. Information governance and security protecting and managing your company's proprietary information

    CERN Document Server

    Iannarelli, John G

    2014-01-01

    Information Governance and Security shows managers in any size organization how to create and implement the policies, procedures and training necessary to keep their organization's most important asset-its proprietary information-safe from cyber and physical compromise. Many intrusions can be prevented if appropriate precautions are taken, and this book establishes the enterprise-level systems and disciplines necessary for managing all the information generated by an organization. In addition, the book encompasses the human element by considering proprietary information lost, damaged, or destroyed through negligence. By implementing the policies and procedures outlined in Information Governance and Security, organizations can proactively protect their reputation against the threats that most managers have never even thought of. Provides a step-by-step outline for developing an information governance policy that is appropriate for your organization Includes real-world examples and cases to help illustrate key ...

  11. Information security governance: a risk assessment approach to health information systems protection.

    Science.gov (United States)

    Williams, Patricia A H

    2013-01-01

    It is no small task to manage the protection of healthcare data and healthcare information systems. In an environment that is demanding adaptation to change for all information collection, storage and retrieval systems, including those for of e-health and information systems, it is imperative that good information security governance is in place. This includes understanding and meeting legislative and regulatory requirements. This chapter provides three models to educate and guide organisations in this complex area, and to simplify the process of information security governance and ensure appropriate and effective measures are put in place. The approach is risk based, adapted and contextualized for healthcare. In addition, specific considerations of the impact of cloud services, secondary use of data, big data and mobile health are discussed.

  12. An Examination of Organizational Information Protection in the Era of Social Media: A Study of Social Network Security and Privacy Protection

    Science.gov (United States)

    Maar, Michael C.

    2013-01-01

    This study investigates information protection for professional users of online social networks. It addresses management's desire to motivate their employees to adopt protective measures while accessing online social networks and to help their employees improve their proficiency in information security and ability to detect deceptive…

  13. Design of a cyber security awareness campaign for internet Cafés users in rural areas

    CSIR Research Space (South Africa)

    Labuschagne, WA

    2011-05-01

    Full Text Available very low cyber literacy rates. A consequence of these two factors is that many Internet users access the Internet without understanding or even realising the dangers of the cyber world. Proactive measures need to be developed to ensure that these new...

  14. Radiological Threat Reduction (RTR) program: implementing physical security to protect large radioactive sources worldwide

    International Nuclear Information System (INIS)

    Lowe, Daniel L.

    2004-01-01

    The U.S. Department of Energy's Radiological Threat Reduction (RTR) Program strives to reduce the threat of a Radiological Dispersion Device (RDD) incident that could affect U.S. interests worldwide. Sandia National Laboratories supports the RTR program on many different levels. Sandia works directly with DOE to develop strategies, including the selection of countries to receive support and the identification of radioactive materials to be protected. Sandia also works with DOE in the development of guidelines and in training DOE project managers in physical protection principles. Other support to DOE includes performing rapid assessments and providing guidance for establishing foreign regulatory and knowledge infrastructure. Sandia works directly with foreign governments to establish cooperative agreements necessary to implement the RTR Program efforts to protect radioactive sources. Once necessary agreements are in place, Sandia works with in-country organizations to implement various security related initiatives, such as installing security systems and searching for (and securing) orphaned radioactive sources. The radioactive materials of interest to the RTR program include Cobalt 60, Cesium 137, Strontium 90, Iridium 192, Radium 226, Plutonium 238, Americium 241, Californium 252, and Others. Security systems are implemented using a standardized approach that provides consistency through out the RTR program efforts at Sandia. The approach incorporates a series of major tasks that overlap in order to provide continuity. The major task sequence is to: Establish in-country contacts - integrators, Obtain material characterizations, Perform site assessments and vulnerability assessments, Develop upgrade plans, Procure and install equipment, Conduct acceptance testing and performance testing, Develop procedures, and Conduct training. Other tasks are incorporated as appropriate and commonly include such as support of reconfiguring infrastructure, and developing security

  15. Multimedia security watermarking, steganography, and forensics

    CERN Document Server

    Shih, Frank Y

    2012-01-01

    Multimedia Security: Watermarking, Steganography, and Forensics outlines essential principles, technical information, and expert insights on multimedia security technology used to prove that content is authentic and has not been altered. Illustrating the need for improved content security as the Internet and digital multimedia applications rapidly evolve, this book presents a wealth of everyday protection application examples in fields including multimedia mining and classification, digital watermarking, steganography, and digital forensics. Giving readers an in-depth overview of different asp

  16. Security Hi-tech Individual Extra-light Device Mask: a new protection for [soccer] players.

    Science.gov (United States)

    Cascone, Piero; Petrucci, Bernardino; Ramieri, Valerio; Marianetti, Titto Matteo; TitoMatteo, Marianetti

    2008-05-01

    Among professional [soccer] players, a relevant incidence of maxillofacial trauma has been reported. The main challenge in these particular patients is to give them the possibility of a very short convalescence period and to make possible their agonistic activity as soon as possible. The authors here present an innovative technique to realize this--the Security Hi-tech Individual Extra-Light Device Mask, a customizable protective shield based on the player's face cast. A completely customized mask was forged over the player's face cast to protect the injured area. This mask shortens convalescence period, and due to its realization, it is comfortable and easy fitting, thus allowing the player to perform at a professional level in his sport activity in the shortest time possible.

  17. 互联网金融消费者权益保护问题研究%The Research on Internet Financial Consumer Rights and Interests Protection

    Institute of Scientific and Technical Information of China (English)

    赵锋

    2015-01-01

    如何在支持互联网金融创新发展的同时,有效保护互联网金融消费者的合法权益,是一个亟待研究的重要课题。本文在总结互联网金融概念、模式的基础上,深入分析了互联网金融消费者权益受侵害的表现形式和当前互联网金融消费者权益保护面临的困境,提出了完善互联网金融消费者权益保护的政策建议。%It is an important subject to be studied how to support the development of Internet financial innovation, and at the same time, protect the lawful rights and interests of the Internet financial consumers effectively. The paper, on the basis of summarizing the concept and mode of the Internet finance, deeply analyzes the forms of the infraction of the Internet financial consumers’ rights and interests and the current plight of the Internet financial consumers' rights and interests protection. Finally, the paper proposes the policy suggestions on perfecting the protection of the rights and interests of the Internet financial consumers.

  18. Internet Censorship

    Science.gov (United States)

    Jyotsna; Kapil; Aayush

    2012-09-01

    Censorship on Internet has always wet its hands in the water of controversies, It is said to go in with synonym of "FILTERING THE NET" i.e. Either done to protect minors or for nationís privacy, some take it as snatching their freedom over internet and some take it as an appropriate step to protect minor, It has its supporters as well as opponents.Google has reported a whooping number of requests from Governments of U.K, China, Poland, Spain, and Canada to remove videos and search links that led to harassment, sensitive issues or suspicious people. This paper deals with the cons of censorship on internet and to make people aware of the fact that Internet is not a single body owned by an org. but an open sky of information shared equally by all. Research done has found out many unseen aspects of different people's view point.

  19. The Internet of Things ecosystem: the blockchain and data protection issues

    Directory of Open Access Journals (Sweden)

    Nicola Fabiano

    2018-03-01

    Full Text Available The IoT is innovative and important phenomenon prone to several services and applications such as the blockchain which an emerging phenomenon. We can describe the blockchain as blockchain as a service because of the opportunity to use several applications based on this technology. We, indeed, should take into account the legal issues related to the data protection and privacy law to avoid breaches of the law. In this context, it is important to consider the new European General Data Protection Regulation (GDPR that will be in force on 25 May 2018. The contribution describes the main legal issues related to data protection and privacy focusing on the Data Protection by Design approach, according to the GDPR. Furthermore, I resolutely believe that is possible to develop a global privacy standard framework that organizations can use for their data protection activities.

  20. Systems Thinking Safety Analysis: Nuclear Security Assessment of Physical Protection System in Nuclear Power Plants

    Directory of Open Access Journals (Sweden)

    Tae Ho Woo

    2013-01-01

    Full Text Available The dynamical assessment has been performed in the aspect of the nuclear power plants (NPPs security. The physical protection system (PPS is constructed by the cyber security evaluation tool (CSET for the nuclear security assessment. The systems thinking algorithm is used for the quantifications by the Vensim software package. There is a period of 60 years which is the life time of NPPs' operation. The maximum possibility happens as 3.59 in the 30th year. The minimum value is done as 1.26 in the 55th year. The difference is about 2.85 times. The results of the case with time delay have shown that the maximum possibility of terror or sabotage incident happens as 447.42 in the 58th year and the minimum value happens as 89.77 in the 51st year. The difference is about 4.98 times. Hence, if the sabotage happens, the worst case is that the intruder can attack the target of the nuclear material in about one and a half hours. The general NPPs are modeled in the study and controlled by the systematic procedures.

  1. Radiological protection, safety and security issues in the industrial and medical applications of radiation sources

    Science.gov (United States)

    Vaz, Pedro

    2015-11-01

    The use of radiation sources, namely radioactive sealed or unsealed sources and particle accelerators and beams is ubiquitous in the industrial and medical applications of ionizing radiation. Besides radiological protection of the workers, members of the public and patients in routine situations, the use of radiation sources involves several aspects associated to the mitigation of radiological or nuclear accidents and associated emergency situations. On the other hand, during the last decade security issues became burning issues due to the potential malevolent uses of radioactive sources for the perpetration of terrorist acts using RDD (Radiological Dispersal Devices), RED (Radiation Exposure Devices) or IND (Improvised Nuclear Devices). A stringent set of international legally and non-legally binding instruments, regulations, conventions and treaties regulate nowadays the use of radioactive sources. In this paper, a review of the radiological protection issues associated to the use of radiation sources in the industrial and medical applications of ionizing radiation is performed. The associated radiation safety issues and the prevention and mitigation of incidents and accidents are discussed. A comprehensive discussion of the security issues associated to the global use of radiation sources for the aforementioned applications and the inherent radiation detection requirements will be presented. Scientific, technical, legal, ethical, socio-economic issues are put forward and discussed.

  2. Outline of a future security system to provide physical protection of nuclear installations

    International Nuclear Information System (INIS)

    Rossnagel, A.

    1984-01-01

    Nuclear energy, within three or four decades, may become a main pillar of the world's energy supply. The author discusses the problems entailed by the necessity to protect nuclear facilities against assaults, and whether this can be ensured without interference with civic rights. The method applied by the author to show the significance of the problems is to explain the current situation, and to compare it with a plausible outline of the developments to be expected over the next 50 years. He shows the hazards to be taken into account due to criminal actions by persons from outside, or by persons working in nuclear facilities. A main problem is the fact that the security system to be set up has to encompass not only the nuclear installation itself, but also the surrounding area, and the measures to be taken will have an impact on the society, which necessarily will curtail personal freedom. The author presumes that the necessity to guarantee physical protection of nuclear facilities will lead to a modification of the meaning of basic rights, and states his anxiety that security for nuclear installations might affect our concept of freedom. (HSCH) [de

  3. Security measurements and radiological protection in the source panoramic irradiators and storage in pool

    International Nuclear Information System (INIS)

    Del Valle O, C.

    1996-01-01

    The aim of this paper is to investigate and to study the safety and protecting measurements that must be taken into account in the design and the use of panoramic source irradiators with wet storage or pool, concerning to category IV. The generic characteristics in plants of kind, as well as their description, are mentioned in this paper. The devices, that comply the security and control systems based on their redundancy, diversity and independence, are examined. Likewise, it describes the design requirements of the overcast, of the irradiators, of the source frame, of the transporting system of product, of the procedure access, of the security system of the irradiator shelf control, of the irradiation room, of the irradiation storage pool, of the ventilation system, for the protection in case of fire of fire, for electric energy failures, for the warning symbols and signs. It contains scope about the organization and responsibilities that must be taken into account in plants of this type. A detailed plan has been made for its operation and maintenance, enclosing instructions and registers for this reason. The statement of emergency events and their respective answers, the analysis of cases and reasons that causes accidents and its implementation and regular inspection procedures for the improvement of the plant are also studied. (author). 2 refs

  4. [Child protection network and the intersector implementation of the circle of security as alternatives to medication].

    Science.gov (United States)

    Becker, Ana Laura Martins M M; de Souza, Paulo Haddad; de Oliveira, Mônica Martins; Paraguay, Nestor Luiz Bruzzi B

    2014-09-01

    To describe the clinical history of a child with aggressive behavior and recurring death-theme speech, and report the experience of the team of authors, who proposed an alternative to medication through the establishment of a protection network and the inter-sector implementation of the circle of security concept. A 5-year-old child has a violent and aggressive behavior at the day-care. The child was diagnosed by the healthcare center with depressive disorder and behavioral disorder, and was medicated with sertraline and risperidone. Side effects were observed, and the medications were discontinued. Despite several actions, such as talks, teamwork, psychological and psychiatric follow-up, the child's behavior remained unchanged. A unique therapeutic project was developed by Universidade Estadual de Campinas' Medical School students in order to establish a connection between the entities responsible for the child's care (daycare center, healthcare center, and family). Thus, the team was able to develop a basic care protection network. The implementation of the inter-sector circle of security, as well as the communication and cooperation among the teams, produced very favorable results in this case. This initiative was shown to be a feasible and effective alternative to the use of medication for this child. Copyright © 2014 Sociedade de Pediatria de São Paulo. Publicado por Elsevier Editora Ltda. All rights reserved.

  5. Providers’ Liabilities in the New EU Data Protection Regulation: A threat to internet freedoms?

    OpenAIRE

    SARTOR, Giovanni

    2012-01-01

    In this paper I shall consider certain aspects of the Proposal for a Data Protection Regulation recently advanced by the EU Commission, which is meant to substitute the existing Data Protection Directive as well as the national laws implementing it. In particular I shall examine how the Regulation addresses host providers’ liabilities and duties with regard to user-generated content. For this purpose, I shall first highlight some developments in web and cloud services, then I shall consider h...

  6. Consumer protection in electronic commerce

    Directory of Open Access Journals (Sweden)

    Nicoleta Andreea NEACŞU

    2016-07-01

    Full Text Available Electronic commerce is one of the most important aspects of the Internet and allows people to buy instant. Fast and easy development of e-commerce has led to the necessity of consumer protection in cyberspace, where trade takes place, so as to ensure consumer safety and security matters. This article examines e-commerce in terms of consumer protection and data security, which concerns equally all stakeholders in the electronic market: buyers, sellers, banks, courier cargo and other participants.

  7. Design of the XML Security System for Electronic Commerce Application

    Institute of Scientific and Technical Information of China (English)

    2003-01-01

    The invocation of World Wide Web (www) first triggered mass adoption of the Internet for public access to digital information exchanges across the globe. To get a big market on the Web, a special security infrastructure would need to be put into place transforming the wild-and-woolly Internet into a network with end-to-end protections. XML (extensible Markup Language) is widely accepted as powerful data representation standard for electronic documents, so a security mechanism for XML documents must be provided in the first place to secure electronic commerce over Internet. In this paper the authors design and implement a secure framework that provides XML signature function, XML Element-wise Encryption function, smart card based crypto API library and Public Key Infrastructure (PKI) security functions to achieve confidentiality, integrity, message authentication, and/or signer authentication services for XML documents and existing non-XML documents that are exchanged by Internet for E-commerce application.

  8. Secure Fiberoptic Communications

    Science.gov (United States)

    Hodara, Henri

    At the heart of our current information explosion is the communication network. Networks are now an intrinsic part of our daily activities, whether they are for Internet business transactions or military communications in Future Combat Systems. Protection of this communication infrastructure is a must. In this article, we discuss two approaches for securing all-optical networks. The first is an optical encryption technique that denies the information to intruders. The second is an authentication scheme capable of detecting and identifying unauthorized users.

  9. Internet flash of lightning

    International Nuclear Information System (INIS)

    Anon.

    2005-01-01

    Seven Internet sites are given relative to European Research and IAEA; Three sites in relation with optimization of radiation protection and environment, Google scolar, medicine, radioecology, finally seventeen Internet sites are detailed in this article. (N.C.)

  10. Implementing an Information Security Program

    Energy Technology Data Exchange (ETDEWEB)

    Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.; O' Neil, Lori Ross; Leitch, Rosalyn; Johnson, Christopher; Lewis, John G.; Rodger, Robert M.

    2017-11-01

    The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to cover information security best practices, planning for an information security management system, and implementing security controls for information security.

  11. Library and Archival Security: Policies and Procedures To Protect Holdings from Theft and Damage.

    Science.gov (United States)

    Trinkaus-Randall, Gregor

    1998-01-01

    Firm policies and procedures that address the environment, patron/staff behavior, general attitude, and care and handling of materials need to be at the core of the library/archival security program. Discussion includes evaluating a repository's security needs, collections security, security in non-public areas, security in the reading room,…

  12. Privacy vs usability: a qualitative exploration of patients' experiences with secure Internet communication with their general practitioner.

    Science.gov (United States)

    Tjora, Aksel; Tran, Trung; Faxvaag, Arild

    2005-05-31

    Direct electronic communication between patients and physicians has the potential to empower patients and improve health care services. Communication by regular email is, however, considered a security threat in many countries and is not recommended. Systems which offer secure communication have now emerged. Unlike regular email, secure systems require that users authenticate themselves. However, the authentication steps per se may become barriers that reduce use. The objective was to study the experiences of patients who were using a secure electronic communication system. The focus of the study was the users' privacy versus the usability of the system. Qualitative interviews were conducted with 15 patients who used a secure communication system (MedAxess) to exchange personal health information with their primary care physician. Six main themes were identified from the interviews: (1) supporting simple questions, (2) security issues, (3) aspects of written communication, (4) trust in the physician, (5) simplicity of MedAxess, and (6) trouble using the system. By using the system, about half of the patients (8/15) experienced easier access to their physician, with whom they tended to solve minor health problems and elaborate on more complex illness experiences. Two thirds of the respondents (10/15) found that their physician quickly responded to their MedAxess requests. As a result of the security barriers, the users felt that the system was secure. However, due to the same barriers, the patients considered the log-in procedure cumbersome, which had considerable negative impact on the actual use of the system. Despite a perceived need for secure electronic patient-physician communication systems, security barriers may diminish their overall usefulness. A dual approach is necessary to improve this situation: patients need to be better informed about security issues, and, at the same time, their experiences of using secure systems must be studied and used to improve

  13. Evaluating Common Privacy Vulnerabilities in Internet Service Providers

    Science.gov (United States)

    Kotzanikolaou, Panayiotis; Maniatis, Sotirios; Nikolouzou, Eugenia; Stathopoulos, Vassilios

    Privacy in electronic communications receives increased attention in both research and industry forums, stemming from both the users' needs and from legal and regulatory requirements in national or international context. Privacy in internet-based communications heavily relies on the level of security of the Internet Service Providers (ISPs), as well as on the security awareness of the end users. This paper discusses the role of the ISP in the privacy of the communications. Based on real security audits performed in national-wide ISPs, we illustrate privacy-specific threats and vulnerabilities that many providers fail to address when implementing their security policies. We subsequently provide and discuss specific security measures that the ISPs can implement, in order to fine-tune their security policies in the context of privacy protection.

  14. Towards an automated security awareness system in a virtualized environment

    CSIR Research Space (South Africa)

    Labuschagne, WA

    2012-07-01

    Full Text Available resources. This is an efficient solution to access the Internet. However users might not be aware of the security threats that exist on using shared resources. Many companies provide security solutions to automatically protect resources on the network...

  15. Electronic Communication of Protected Health Information: Privacy, Security, and HIPAA Compliance.

    Science.gov (United States)

    Drolet, Brian C; Marwaha, Jayson S; Hyatt, Brad; Blazar, Phillip E; Lifchez, Scott D

    2017-06-01

    Technology has enhanced modern health care delivery, particularly through accessibility to health information and ease of communication with tools like mobile device messaging (texting). However, text messaging has created new risks for breach of protected health information (PHI). In the current study, we sought to evaluate hand surgeons' knowledge and compliance with privacy and security standards for electronic communication by text message. A cross-sectional survey of the American Society for Surgery of the Hand membership was conducted in March and April 2016. Descriptive and inferential statistical analyses were performed of composite results as well as relevant subgroup analyses. A total of 409 responses were obtained (11% response rate). Although 63% of surgeons reported that they believe that text messaging does not meet Health Insurance Portability and Accountability Act of 1996 security standards, only 37% reported they do not use text messages to communicate PHI. Younger surgeons and respondents who believed that their texting was compliant were statistically significantly more like to report messaging of PHI (odds ratio, 1.59 and 1.22, respectively). A majority of hand surgeons in this study reported the use of text messaging to communicate PHI. Of note, neither the Health Insurance Portability and Accountability Act of 1996 statute nor US Department of Health and Human Services specifically prohibits this form of electronic communication. To be compliant, surgeons, practices, and institutions need to take reasonable security precautions to prevent breach of privacy with electronic communication. Communication of clinical information by text message is not prohibited under Health Insurance Portability and Accountability Act of 1996, but surgeons should use appropriate safeguards to prevent breach when using this form of communication. Copyright © 2017 American Society for Surgery of the Hand. Published by Elsevier Inc. All rights reserved.

  16. THE RESPONSIBILITY OF PROTECTING (R2P HUMAN RIGHTS AND SECURITY COUNCIL

    Directory of Open Access Journals (Sweden)

    ULDARICIO FIGUEROA PLÁ

    2017-12-01

    Full Text Available The adoption in 1948 of the Convention on the Prevention and Punishment of the Crime of Genocide seemed to open a new era in the international scenario in which these kind of practices apparently are left in the historic past. Reality has shown us that this international instrument was not enough to face arbitrary measures of some Governments. Nevertheless, genocide actions continuing to be performed, and in order to decrease human suffering, “humanitarian intervention” was thought as a response to the ineffectiveness of the Security Council which also brought along arbitrary actions in its invocation, discrediting it. Before the reiterated calls of the Secretary General of the United Nations to prevent and detain massive violations to human rights, an effort has been made in order to standardizing a type of interventions that can respond to massive violations of human rights. This has been called Responsibility to Protect.

  17. Ecological security pattern construction based on ecological protection redlines in China

    Science.gov (United States)

    Zou, Changxin

    2017-04-01

    China is facing huge environmental problems with its current rapid rate of urbanization and industrialization, thus causing biodiversity loss, ecosystem service degradation on a major scale. Against this background, three previous examples (the nature reserve policy, the afforestation policy, and the zoning policy) are implemented in China. These all play important roles in protecting natural ecosystems, although they can sometimes cause new problems and lack rigorous targets for environmental outcomes. To overcome current management conflicts, China has proposed a new "ecological protection redlines" policy (EPR). EPR can be defined as the ecological baseline area needed to provide ecosystem services to guarantee and maintain ecological safety. This study analyzed the scope, objectives and technical methods of delineating EPR in China, and put forward the proposed scheme for the ecological security pattern based on EPR. We constructed three kinds of redlines in China, including key ecological function area redlines, ecological sensitive or fragile areas redlines, and forbidden development areas redlines. For the key ecological function area redlines, a total of 38 water conservation functional zones have been designated, covering a total area of 3.23 million km2; 14 soil conservation zones have been designated, covering a total area of 881700 km2; wind-prevention and sand-fixation zones across the country cover a total area of about 1.73 million km2, accounting for 57.13% of the total land area of the whole country. With respect to the ecologically vulnerable redlines, 18 ecologically vulnerable zones has been designated across the country, covering 2.19 million km2, accounting for 22.86% of the total land area of the whole country. Forbidden development areas redlines covered a total area of 3.29 million km2, accounting for 34.3% of the total land area of the whole country. We also suggest to form a complete ecological security pattern including patterns of

  18. Using virtual reality in the training of security staff and evaluation of physical protection barriers in nuclear facilities

    International Nuclear Information System (INIS)

    Augusto, Silas C.; Mol, Antonio C.A.; Mol, Pedro C.; Sales, Douglas S.

    2009-01-01

    The physical security of facilities containing radioactive objects, an already important matter, now has a new aggravating factor: the existence of groups intending to obtain radioactive materials for the purpose of intentionally induce radioactive contamination incidents, as for example the explosion of dirty bombs in populated regions, damaging both people and environment. In this context, the physical security of such facilities must be reinforced so to reduce the possibilities of such incidents. This paper presents a adapted game engine used as a virtual reality system, enabling the modeling and simulation of scenarios of nuclear facilities containing radioactive objects. In these scenarios, the physical protection barriers, as fences and walls, are simulated along with vigilance screens. Using a computer network, several users can participate simultaneously in the simulation, being represented by avatars. Users can play the roles of both invaders and security staff. The invaders have as objective to surpass the facility's physical protection barriers to steal radioactive objects and flee. The security staff have as objective to prevent and stop the theft of radioactive objects from the facility. The system can be used to analysis simulated scenarios and train vigilance/security staff. A test scenario was already developed and used, and the preliminary tests had satisfactory results, as they enabled the evaluation of the physical protection barriers of the virtual facility, and the training of those who participated in the simulations in the functions of a security staff. (author)

  19. Using virtual reality in the training of security staff and evaluation of physical protection barriers in nuclear facilities

    Energy Technology Data Exchange (ETDEWEB)

    Augusto, Silas C.; Mol, Antonio C.A.; Mol, Pedro C.; Sales, Douglas S. [Instituto de Engenharia Nuclear (IEN/CNEN-RJ), Rio de Janeiro, RJ (Brazil); Universidade do Estado do Rio de Janeiro (UERJ), RJ (Brazil)], e-mail: silas@ien.gov.br, e-mail: mol@ien.gov.br, e-mail: pedro98@gmail.com, e-mail: dsales@ien.gov.br

    2009-07-01

    The physical security of facilities containing radioactive objects, an already important matter, now has a new aggravating factor: the existence of groups intending to obtain radioactive materials for the purpose of intentionally induce radioactive contamination incidents, as for example the explosion of dirty bombs in populated regions, damaging both people and environment. In this context, the physical security of such facilities must be reinforced so to reduce the possibilities of such incidents. This paper presents a adapted game engine used as a virtual reality system, enabling the modeling and simulation of scenarios of nuclear facilities containing radioactive objects. In these scenarios, the physical protection barriers, as fences and walls, are simulated along with vigilance screens. Using a computer network, several users can participate simultaneously in the simulation, being represented by avatars. Users can play the roles of both invaders and security staff. The invaders have as objective to surpass the facility's physical protection barriers to steal radioactive objects and flee. The security staff have as objective to prevent and stop the theft of radioactive objects from the facility. The system can be used to analysis simulated scenarios and train vigilance/security staff. A test scenario was already developed and used, and the preliminary tests had satisfactory results, as they enabled the evaluation of the physical protection barriers of the virtual facility, and the training of those who participated in the simulations in the functions of a security staff. (author)

  20. Direct and Interaction Effects of Co-Existing Familial Risk Factors and Protective Factors Associated with Internet Addiction among Chinese Students in Hong Kong

    Science.gov (United States)

    Wu, Anise M. S.; Lau, Joseph T. F.; Cheng, Kit-man; Law, Rita W.; Tse, Vincent W. S.; Lau, Mason M. C.

    2018-01-01

    Internet addiction (IA) is prevalent among adolescents and imposes a serious public health threat. Familial risk and protective factors may co-exist and interact with each other to determine IA. We conducted a cross-sectional survey among 9,618 Secondary 1 to 4 students in Hong Kong, China. About 16% of the surveyed students were classified as…

  1. Privacy for the Homo digitalis : Proposal for a new regulatory framework for data protection in the light of big data and the internet of things

    NARCIS (Netherlands)

    Prins, Corien; Moerel, Lokke

    The authors analyze innovations in data processing as a result of developments such as 'big data' and the 'Internet of Things' and discuss why these developments undermine the effectiveness and legitimacy of the current as well as upcoming EU data protection regime, thereby focusing on the private

  2. The Development and Evaluation of a Peer-Training Program for Elementary School Students Teaching Secure Internet Use

    Science.gov (United States)

    Korkmaz, Murat; Esen, Binnaz Kiran

    2013-01-01

    The aim of this study is to design and evaluate a peer-training program about changing students' internet use habits. This study was conducted with students from two different elementary schools in Mersin, Turkey, who were enrolled in 7th or 8th grade in the 2009-2010 academic year. A total of 24 students participated in the program, 12 of whom…

  3. 一种分布式互联网彩票安全策略%A distributed security strategy for internet lottery

    Institute of Scientific and Technical Information of China (English)

    梅颖

    2017-01-01

    This paper proposes a distributed security strategy for internet lottery;it builds a distributed public ledger based on the blockchain technology to record all lottery transactions and provides the specific details of the strategy and the prototype architecture,analyzes the security characteristics of the strategy about anonymity,non-repudiation,tamper-resistant,transparency,which proves that the strategy can effectively solve the problems caused by the traditional centralization technology,that make operation is opaque,easy to be artificially controlled,lottery transactions in the entire process cannot be perceived by the user,so as to provide an effective solution for the construction of a secure internet lottery system.%提出了一种分布式互联网彩票安全策略,该策略基于区块链技术建立一个分布式公共账本,记录所有的彩票交易记录.详细阐述了该策略的具体细节和原型体系结构,并通过对该策略的匿名性、抗抵赖性、防篡改、透明性等安全特性进行分析,证明该策略能有效解决传统的基于中心化技术所导致运营不透明、容易被人为控制、彩票交易的整个流程中也不能被用户察觉等问题,为构建安全的互联网彩票系统提供有效的解决方案.

  4. Final report and documentation for the security enabled programmable switch for protection of distributed internetworked computers LDRD.

    Energy Technology Data Exchange (ETDEWEB)

    Van Randwyk, Jamie A.; Robertson, Perry J.; Durgin, Nancy Ann; Toole, Timothy J.; Kucera, Brent D.; Campbell, Philip LaRoche; Pierson, Lyndon George

    2010-02-01

    An increasing number of corporate security policies make it desirable to push security closer to the desktop. It is not practical or feasible to place security and monitoring software on all computing devices (e.g. printers, personal digital assistants, copy machines, legacy hardware). We have begun to prototype a hardware and software architecture that will enforce security policies by pushing security functions closer to the end user, whether in the office or home, without interfering with users' desktop environments. We are developing a specialized programmable Ethernet network switch to achieve this. Embodied in this device is the ability to detect and mitigate network attacks that would otherwise disable or compromise the end user's computing nodes. We call this device a 'Secure Programmable Switch' (SPS). The SPS is designed with the ability to be securely reprogrammed in real time to counter rapidly evolving threats such as fast moving worms, etc. This ability to remotely update the functionality of the SPS protection device is cryptographically protected from subversion. With this concept, the user cannot turn off or fail to update virus scanning and personal firewall filtering in the SPS device as he/she could if implemented on the end host. The SPS concept also provides protection to simple/dumb devices such as printers, scanners, legacy hardware, etc. This report also describes the development of a cryptographically protected processor and its internal architecture in which the SPS device is implemented. This processor executes code correctly even if an adversary holds the processor. The processor guarantees both the integrity and the confidentiality of the code: the adversary cannot determine the sequence of instructions, nor can the adversary change the instruction sequence in a goal-oriented way.

  5. Prototype system of secure VOD

    Science.gov (United States)

    Minemura, Harumi; Yamaguchi, Tomohisa

    1997-12-01

    Secure digital contents delivery systems are to realize copyright protection and charging mechanism, and aim at secure delivery service of digital contents. Encrypted contents delivery and history (log) management are means to accomplish this purpose. Our final target is to realize a video-on-demand (VOD) system that can prevent illegal usage of video data and manage user history data to achieve a secure video delivery system on the Internet or Intranet. By now, mainly targeting client-server systems connected with enterprise LAN, we have implemented and evaluated a prototype system based on the investigation into the delivery method of encrypted video contents.

  6. [Internet research methods: advantages and challenges].

    Science.gov (United States)

    Liu, Yi; Tien, Yueh-Hsuan

    2009-12-01

    Compared to traditional research methods, using the Internet to conduct research offers a number of advantages to the researcher, which include increased access to sensitive issues and vulnerable / hidden populations; decreased data entry time requirements; and enhanced data accuracy. However, Internet research also presents certain challenges to the researcher. In this article, the advantages and challenges of Internet research methods are discussed in four principle issue areas: (a) recruitment, (b) data quality, (c) practicality, and (d) ethics. Nursing researchers can overcome problems related to sampling bias and data truthfulness using creative methods; resolve technical problems through collaboration with other disciplines; and protect participant's privacy, confidentiality and data security by maintaining a high level of vigilance. Once such issues have been satisfactorily addressed, the Internet should open a new window for Taiwan nursing research.

  7. Discussion on Consumer Rights and Interests Protection in the Era of Internet Finance%互联网金融领域消费者权益保护问题探讨

    Institute of Scientific and Technical Information of China (English)

    吴朝平

    2015-01-01

    互联网金融领域消费者权益保护方面的挑战,主要集中于信息安全隐患大、资金安全难保障、消费者维权意识淡薄且维权成本高三方面。为不断加大互联网金融领域消费者权益保护力度,需加强信息安全立法,规范准入门槛,在提升风控要求基础上充分发挥市场力量提升市场主体保护消费者权益的自觉性和主动性,唤醒消费者维权意识并降低消费者维权成本。%The challenges for these problems mainly focus on huge hidden risk from information security, the safety of funds hardly to be guaranteed, weak awareness of consumer rights and high cost of rights protection. It’ s neces-sary for constantly enhancing the strength for protecting Internet financial consumer rights and interests to highlight information security legislation, to regulate access thresholds, to exert the role of market forces into full play based on promoting risk control requirement, so as to enhance the consciousness and initiative of market participants in terms of protecting consumer interests and awaken the awareness of consumers to protect their rights and reduce the cost of rights protection.

  8. The role of food-security solutions in the protection of natural resources and environment of developing countries.

    Science.gov (United States)

    Lashgarara, Farhad; Mirdamadi, Seyyed Mehdi; Hosseini, Seyyed Jamal Farajollah; Chizari, Mohammad

    2008-10-01

    The majority of the countries of the world, especially developing countries, face environmental problems. Limitations of basic resources (water and soil) and population growth have been the cause of these environmental problems that countries are confronted with. Developing countries have numerous problems, including destruction of forests, vegetable and animal species, and pollution of the environment. Damage to natural resources and the environment can influence the food-security situation. One of the main millennium development goals (MDGs) is protection of the environment and people's health. This cannot obtained unless there is ensured food security. Food security has been defined as a situation when all people, at all times, have physical and economic access to sufficient, safe, and nutritious food needed to maintain a healthy and active life. At the same time, with ensured food security, we can hope to protect the natural resources and environment. The methodology used is descriptive-analytical, and its main purpose is determining the importance and role of food-security solutions in the reduction of environmental hazards and improvement of natural resources and the environmental situation in developing countries. Therefore, some of the most important food-security solutions that can play an important role in this relation were discussed, including conventional research-based technology, biotechnology, information and communication technologies (ICTs), alternative energy sources, and food irradiation.

  9. Energy Assurance: Essential Energy Technologies for Climate Protection and Energy Security

    Energy Technology Data Exchange (ETDEWEB)

    Greene, David L [ORNL; Boudreaux, Philip R [ORNL; Dean, David Jarvis [ORNL; Fulkerson, William [University of Tennessee, Knoxville (UTK); Gaddis, Abigail [University of Tennessee, Knoxville (UTK); Graham, Robin Lambert [ORNL; Graves, Ronald L [ORNL; Hopson, Dr Janet L [University of Tennessee, Knoxville (UTK); Hughes, Patrick [ORNL; Lapsa, Melissa Voss [ORNL; Mason, Thom [ORNL; Standaert, Robert F [ORNL; Wilbanks, Thomas J [ORNL; Zucker, Alexander [ORNL

    2009-12-01

    We present and apply a new method for analyzing the significance of advanced technology for achieving two important national energy goals: climate protection and energy security. Quantitative metrics for U.S. greenhouse gas emissions in 2050 and oil independence in 2030 are specified, and the impacts of 11 sets of energy technologies are analyzed using a model that employs the Kaya identity and incorporates the uncertainty of technological breakthroughs. The goals examined are a 50% to 80% reduction in CO2 emissions from energy use by 2050 and increased domestic hydrocarbon fuels supply and decreased demand that sum to 11 mmbd by 2030. The latter is intended to insure that the economic costs of oil dependence are not more than 1% of U.S. GDP with 95% probability by 2030. Perhaps the most important implication of the analysis is that meeting both energy goals requires a high probability of success (much greater than even odds) for all 11 technologies. Two technologies appear to be indispensable for accomplishment of both goals: carbon capture and storage, and advanced fossil liquid fuels. For reducing CO2 by more than 50% by 2050, biomass energy and electric drive (fuel cell or battery powered) vehicles also appear to be necessary. Every one of the 11 technologies has a powerful influence on the probability of achieving national energy goals. From the perspective of technology policy, conflict between the CO2 mitigation and energy security is negligible. These general results appear to be robust to a wide range of technology impact estimates; they are substantially unchanged by a Monte Carlo simulation that allows the impacts of technologies to vary by 20%.

  10. Protecting America's economy, environment, health, and security against invasive species requires a strong federal program in systematic biology

    Science.gov (United States)

    Hilda Diaz-Soltero; Amy Y. Rossman

    2011-01-01

    Systematics is the science that identifies and groups organisms by understanding their origins, relationships, and distributions. It is fundamental to understanding life on earth, our crops, wildlife, and diseases, and it provides the scientific foundation to recognize and manage invasive species. Protecting America's economy, environment, health, and security...

  11. Decree of the Czechoslovak Atomic Energy Commission concerning the security protection of nuclear installations and nuclear materials

    International Nuclear Information System (INIS)

    1989-01-01

    In compliance with the Czechoslovak State Surveillance over Nuclear Safety of Nuclear Installations Act No. 28/1984, the Decree specifies requirements for assuring security protection of nuclear installations (and their parts) and of nuclear materials with the aim to prevent their abuse for jeopardizing the environment and the health and lives of people. (P.A.)

  12. About application during lectures on protection of the information and information security of the method of "the round table"

    Directory of Open Access Journals (Sweden)

    Simon Zh. Simavoryan

    2011-05-01

    Full Text Available In article the analysis of one of passive methods of transfer of knowledge – lecture is resulted. Experience of teaching of a subject on protection of the information and information security shows that students acquire a teaching material if during lecture to apply an active method of transfer of knowledge – a method of "a round table" is better.

  13. Security and health protection while working with a computer. Survey into the knowledge of users about legal and other requirements.

    OpenAIRE

    Šmejkalová, Petra

    2005-01-01

    This bachelor thesis is aimed at the knowledge of general computer users with regards to work security and health protection. It summarizes the relevant legislation and recommendations of ergonomic specialists. The practical part analyses results of a survey, which examined the computer workplaces and user habits when working with a computer.

  14. Secure Threat Information Exchange across the Internet of Things for Cyber Defense in a Fog Computing Environment

    Directory of Open Access Journals (Sweden)

    Mihai-Gabriel IONITA

    2016-01-01

    Full Text Available Threat information exchange is a critical part of any security system. Decisions regarding security are taken with more confidence and with more results when the whole security context is known. The fog computing paradigm enhances the use cases of the already used cloud computing systems by bringing all the needed resources to the end-users towards the edge of the network. While fog decentralizes the cloud, it is very important to correlate security events which happen in branch offices around the globe for correct and timely decisions. In this article, we propose an infrastructure based on custom locally installed OSSEC agents which communicate with a central AlienVault deployment for event correlation. The agents are based on a neural network which takes actions based on risk assessment inspired by the human immune system. All of the threat information is defined by STIX expressions and a TAXII server can share this information with foreign organizations. The proposed implementation can successfully be implemented in an IoT scenario, with added security for the “brownfiled” devices.

  15. Internet enlightens; Internet eclaire

    Energy Technology Data Exchange (ETDEWEB)

    Figueiredo, S. [Institut de Radioprotection et de Surete Nucleaire - IRSN, 92 - Clamart (France)

    2011-01-15

    This section gathers a selection of Internet links to online articles dealing with radiation protection issues. Below are the titles of the papers with their web site source: 1 - A mission of the European Commission verifies the proper enforcement by France of the EURATOM treaty dispositions relative to the control of radioactivity in the vicinity of uranium mines (http://www.asn.fr); 2 - tritium contamination at Saint-Maur-des-Fosses: new results from measurements performed by IRSN in the environment; 3 - status of radioactivity monitoring in French Polynesia in 2009 (http://www.irsn.fr); 4 - study of mortality and cancers impact near the Aube facility for low- and medium-activity waste storage (http://www.invs.sante.fr); 5 - Marcel Jurien de la Graviere appointed president of the guidance committee of the defense nuclear expertise of the Institute of radiation protection and nuclear safety (IRSN) (http://www.legifrance.gouv.fr); 6 - radiation protection 163: 'Childhood Leukaemia - Mechanisms and Causes'; 7- Radiation Protection 164: Radioactive effluents from nuclear power stations and nuclear fuel reprocessing sites in the European Union, 2004-08; 8 - Radiation Protection 165: Medical Effectiveness of Iodine Prophylaxis in a Nuclear Reactor Emergency Situation and Overview of European Practices Protection (http://ec.europa.eu); 9 - Report RIFE 15: Radioactivity in Food and the Environment - RIFE (SEPA - Scottish Environment Protection Agency, http://www.sepa.org.uk); 10 - HPA response statement: Advisory Group on Ionising Radiation's report on circulatory disease risk (HPA - Health Protection Agency, http://www.hpa.org.uk); 11 - launching of the national database for the voluntary registering of (quasi) incidents (AFCN - Federal agency of nuclear control, http://www.fanc.fgov.be); 12 - Radiation dose optimization in nuclear medicine (IAEA RPOP - Radiation Protection Of Patients, http://rpop.iaea.org); 13 - The government of Canada finances

  16. Intelligence and Security Standards on Industrial Facilities Protection in Case of Terrorism and Military Attack

    International Nuclear Information System (INIS)

    Stipetic, D.

    2007-01-01

    Industrial facilities, which use toxic chemicals in their production processes, are tempting targets for military and terrorist strategists. They know that these facilities when attacked could produce effects not realizable with conventional weapons. The resulting legal, policy and political consequences would be minimal as compared to that of disseminating toxic chemicals or chemical agents as weapons on enemy territory. At this time there is no clear definition of the legality or illegality of these types of actions used against specific industrial targets for the purpose of mass destruction or disruption. Without clearly defined international regulations covering these actions, we must depend solely on national defense systems. Not only are these regulation not defined, there are no implementation tools, which would be available if the various treaties (CWC/BWC) etc., were able to incorporate needed legislative action. Consequently we must depend on and put into practice defense security standards for industrial facilities for protection against both possible terrorist and military attacks. Emergency responses to incidents involving violent criminals and terrorists are extremely dangerous. Incidents involving weapons of mass destruction, firearms, and hazardous materials have resulted in the injury and death of many firefighters, police officers and medical personnel. We wish to intend display place and role of intelligence and counter intelligence system to prevention potential target and military attack. Security needs to be incorporated into the public safety culture and it must become the routine for how we operate. The recognition and identification process is an important skill that needs continual refinement. The use of transportation or facility paperwork assists in recognizing what potential hazards. A key factor in the successful command and management of a hazmat incident or terrorism event is the ability of public safety agencies to function as a

  17. APPROACH TO CYBER SECURITY ISSUES IN NIGERIA: CHALLENGES AND SOLUTION

    OpenAIRE

    Frank Ibikunle; Odunayo Eweniyi

    2013-01-01

    Cyber-space refers to the boundless space known as the internet. Cyber-security is the body of rules put in place for the protection of the cyber space. Cyber-crime refers to the series of organized crime attacking both cyber space and cyber security. The Internet is one of the fastest-growing areas of technical infrastructure development. Over the past decades, the growth of the internet and its use afforded everyone this opportunity. Google, Wikipedia and Bing to mention a few, give detaile...

  18. Mobile Detection Assessment and Response Systems (MDARS): A Force Protection, Physical Security Operational Success

    National Research Council Canada - National Science Library

    Shoop, Brian; Johnston, Michael; Goehring, Richard; Moneyhun, Jon; Skibba, Brian

    2006-01-01

    ... & barrier assessment payloads. Its functions include surveillance, security, early warning, incident first response and product and barrier status primarily focused on a depot/munitions security mission at structured/semi-structured facilities...

  19. A Discussion on Internet Security Based on the IPv6 agreement%基于IPv6协议的网络安全问题探讨

    Institute of Scientific and Technical Information of China (English)

    张贵军

    2011-01-01

    With the increase of the Internet application of next generation, our government、net service providers and consumers paid more attention to the safety of IPv6. This essay introduced the IPv6 agreement first, then analyzed some security issues. We hope these problems can be solved in the deploy process of IPv6 agreement.%随着下一代互联网应用的不断增加,国家、网络运营商和用户对于IPv6的安全问题日益重视。本文在对IPv6协议简单介绍的基础上,分析了IPv6网络目前存在的一些安全问题,希望在部署IPv6协议的过程中能够不断地解决这些问题。

  20. Toward a Robust Security Paradigm for Bluetooth Low Energy-Based Smart Objects in the Internet-of-Things

    OpenAIRE

    Shi-Cho Cha; Kuo-Hui Yeh; Jyun-Fu Chen

    2017-01-01

    Bluetooth Low Energy (BLE) has emerged as one of the most promising technologies to enable the Internet-of-Things (IoT) paradigm. In BLE-based IoT applications, e.g., wearables-oriented service applications, the Bluetooth MAC addresses of devices will be swapped for device pairings. The random address technique is adopted to prevent malicious users from tracking the victim’s devices with stationary Bluetooth MAC addresses and accordingly the device privacy can be preserved. However, there exi...

  1. Patient protection in radiotherapy (Radio neurosurgery National Service of the Social Security Mexican Institute)

    International Nuclear Information System (INIS)

    Espiritu R, R.

    2008-12-01

    The perspective of patient protection at the Radio neurosurgery National Service of the Social Security Mexican Institute is divided into three parts: the testing program for equipment acceptance, an assurance quality program based on periodic tests, an also other assurance quality based on tests during the application. Among the technical aspects that influence in the equipment acceptance tests, it is the collimation type, the characteristics of the lineal accelerator, the platform for planning and the network type. In the case of the collimation system and the accelerator characteristics, we consider the manufacturer's specifications and requirements of Mexican Official Standard NOM-033-NUCL-1999, T echnical Specifications for the Teletherapy Units Operation, Linear Accelerators . Planning for the platform takes into account the manufacturer's specifications. In the case of computed tomography as well as review the calibration according to manufacturer's specifications should be considered the standard NOM-229-SSA1-2002. In the case of the linear accelerator must be the radiological characterization of radiation beam as part of this, the absolute dose determination. As for the periodic tests is verified the dose constancy, as well as the flattening and symmetry of X-rays beam. There are also tests battery with daily, monthly and yearly frequencies, which make up the assurance quality program. (Author)

  2. Secure Mix-Zones for Privacy Protection of Road Network Location Based Services Users

    Directory of Open Access Journals (Sweden)

    Rubina S. Zuberi

    2016-01-01

    Full Text Available Privacy has been found to be the major impediment and hence the area to be worked out for the provision of Location Based Services in the wide sense. With the emergence of smart, easily portable, communicating devices, information acquisition is achieving new domains. The work presented here is an extension of the ongoing work towards achieving privacy for the present day emerging communication techniques. This work emphasizes one of the most effective real-time privacy enhancement techniques called Mix-Zones. In this paper, we have presented a model of a secure road network with Mix-Zones getting activated on the basis of spatial as well as temporal factors. The temporal factors are ascertained by the amount of traffic and its flow. The paper also discusses the importance of the number of Mix-Zones a user traverses and their mixing effectiveness. We have also shown here using our simulations which are required for the real-time treatment of the problem that the proposed transient Mix-Zones are part of a viable and robust solution towards the road network privacy protection of the communicating moving objects of the present scenario.

  3. Conceptual design of technical security systems for Russian nuclear facilities physical protection

    International Nuclear Information System (INIS)

    Izmailov, A.V.

    1995-01-01

    Conceptual design of technical security systems (TSS) used in the early stages of physical protection systems (PPS) design for Russia nuclear facilities is discussed. The importance of work carried out in the early stages was noted since the main design solutions are being made within this period (i.e. selection of a structure of TSS and its components). The methods of analysis and synthesis of TSS developed by ''Eleron'' (MINATOM of Russia) which take into account the specific conditions of Russian nuclear facilities and a scope of equipment available are described in the review. TSS effectiveness assessment is based on a probability theory and a simulation. The design procedure provides for a purposeful choice of TSS competitive options including a ''cost-benefit'' criterion and taking into account a prechosen list of design basis threats to be used for a particular facility. The attention is paid to a practical aspect of the methods application as well as to the bilateral Russian-American scientific and technical co-operation in the PPS design field

  4. Dreams that do not come true: Re-addressing social security to expand old-age social protection : The case of informal workers in El Salvador

    NARCIS (Netherlands)

    N.E.A. Joya (Nancy)

    2007-01-01

    textabstractThis paper focuses on old-age income security, with the objective to explore obstacles and opportunities to expand social protection for informal workers in El Salvador. It first introduces the main concepts and debates on social security, social protection, coverage and informality, to

  5. 77 FR 10657 - Protecting the Public and Our Employees in Our Hearing Process

    Science.gov (United States)

    2012-02-23

    ... Internet site, Social Security Online, at http://www.socialsecurity.gov . SUPPLEMENTARY INFORMATION... SOCIAL SECURITY ADMINISTRATION 20 CFR Parts 404 and 416 [Docket No. SSA-2011-0008] RIN 0960-AH29 Protecting the Public and Our Employees in Our Hearing Process AGENCY: Social Security Administration. ACTION...

  6. The Regulatory Framework for Privacy and Security

    Science.gov (United States)

    Hiller, Janine S.

    The internet enables the easy collection of massive amounts of personally identifiable information. Unregulated data collection causes distrust and conflicts with widely accepted principles of privacy. The regulatory framework in the United States for ensuring privacy and security in the online environment consists of federal, state, and self-regulatory elements. New laws have been passed to address technological and internet practices that conflict with privacy protecting policies. The United States and the European Union approaches to privacy differ significantly, and the global internet environment will likely cause regulators to face the challenge of balancing privacy interests with data collection for many years to come.

  7. Radiation protection and environmental radioactivity. A voyage to the World Wide Web for beginners; Strahlenschutz und Umweltradioaktivitaet im Internet. Eine Reise in das World Wide Web fuer Anfaenger

    Energy Technology Data Exchange (ETDEWEB)

    Weimer, S [Landesanstalt fuer Umweltschutz Baden-Wuerttemberg, Referat ' ' Umweltradioaktivitaet, Strahlenschutz' ' (Germany)

    1998-07-01

    According to the enormous growth of the Internet service 'World Wide Web' there is also a big growth in the number of web sites in connection with radiation protection. An introduction is given of some practical basis of the WWW. The structure of WWW addresses and navigating through the web with hyperlinks is explained. Further some search engines are presented. The paper lists a number of WWW addresses of interesting sites with radiological protection informations. (orig.) [German] Mit dem rasanten Wachstum des Internet-Dienstes 'World Wide Web' ist auch das Angebot von Web-Seiten im Bereich Strahlenschutz stark gewachsen. Es wird eine Einfuehrung in die wichtigsten praktischen Grundlagen des WWW gegeben. Es wird der Aufbau der WWW-Adressen erklaert und das Navigieren mit Hyperlinks. Ausserdem werden einige Suchmaschinen vorgestellt. Der Beitrag stellt eine groessere Zahl an WWW-Adressen zu interessanten Seiten mit Strahlenschutzinformationen zur Verfuegung. (orig.)

  8. Banking on the Internet.

    Science.gov (United States)

    Internet Research, 1996

    1996-01-01

    Electronic ground was broken in 1995 with the development of the completely Internet-based bank Security First Network Bank. This article discusses the need for developing online services, outlines the reasons for the formation of an Internet-based bank and argues that to remain competitive financial services providers must provide easier customer…

  9. Coverage of the Test of Memory Malingering, Victoria Symptom Validity Test, and Word Memory Test on the Internet: is test security threatened?

    Science.gov (United States)

    Bauer, Lyndsey; McCaffrey, Robert J

    2006-01-01

    In forensic neuropsychological settings, maintaining test security has become critically important, especially in regard to symptom validity tests (SVTs). Coaching, which can entail providing patients or litigants with information about the cognitive sequelae of head injury, or teaching them test-taking strategies to avoid detection of symptom dissimulation has been examined experimentally in many research studies. Emerging evidence supports that coaching strategies affect psychological and neuropsychological test performance to differing degrees depending on the coaching paradigm and the tests administered. The present study sought to examine Internet coverage of SVTs because it is potentially another source of coaching, or information that is readily available. Google searches were performed on the Test of Memory Malingering, the Victoria Symptom Validity Test, and the Word Memory Test. Results indicated that there is a variable amount of information available about each test that could threaten test security and validity should inappropriately interested parties find it. Steps that could be taken to improve this situation and limitations to this exploration are discussed.

  10. Information security foundations, technologies and applications

    CERN Document Server

    Awad, Ali Ismail; Fairhurst, Michael

    2018-01-01

    This book outlines key emerging trends in information security from the foundations and technologies in biometrics, cybersecurity, and big data security to applications in hardware and embedded systems security, computer forensics, the Internet of Things security, and network security.

  11. Information security of industrial control systems: possible attack vectors and protection methods

    Directory of Open Access Journals (Sweden)

    Ignatiy A. Grachkov

    2018-03-01

    obtaining unauthorized access to industrial control systems using the Shodan search engine is described and recommendations how to ensure information security of the industrial control system are given.

  12. INFORMATION SECURITY: Strengthened Management Needed to Protect Critical Federal Operations and Assets

    National Research Council Canada - National Science Library

    Dodaro, Gene

    1998-01-01

    .... Our most recent report, done at the request of this Committee, delineates the serious information security weaknesses placing critical operations and assets at risk and outlines actions needed...

  13. Population Protection in the 1990s: Managing Risk in the New Security Environment

    National Research Council Canada - National Science Library

    Donley, Patrick

    2003-01-01

    .... Using the protection interventions in northern Iraq, Bosnia, Rwanda, and Kosovo as case studies, this thesis demonstrates that the interveners prioritized the protection of their self-interests...

  14. 互联网众筹融资的《证券法》适用问题研究%The Legal Research on Internet-based Crowdfunding and The Security Law

    Institute of Scientific and Technical Information of China (English)

    刁文卓

    2015-01-01

    Crowdfunding ,the use of Internet to raise money through small contributions from a large number of investors ,could cause a revolution in small‐business financing .However ,crowdfunding also poses some problems under The Interpretation of the Supreme People's Court of Several Issues on the SpecificApplicationofLawintheHandlingofCriminalCasesaboutIllegalFund‐raising.Inthisarti‐cle ,the author proposed that crowdfunding sometimes involves the sale of securities ,triggering the regis‐tration requirements of T he Security L aw .As a result ,the definition of security should be enlarged under The Security Law .We need to learn overseas experience represented by the JOBS Act ,and accurately de‐fine the legal status and characteristics of crowdfunding .We also need to make the appropriate response to the legal structure and regulatory system of crowdfunding based on the proper coordination between the capital formation and investor protection .%众筹融资作为一种处于萌芽期的互联网金融模式,由于面临数量众多的投资者且融资金额较大,极易触碰非法集资的红线。通过分析,众筹融资本质是一种证券发行行为,筹资者、众筹平台、投资人这三方参与主体分别对应着发行人、证券交易所和投资者这三种《证券法》下的特定主体。但由于我国《证券法》的适用范围过窄,导致众筹融资无法适用《证券法》而被冠以“非法集资”的罪名。因此,扩大“证券”的范围是为众筹融资“正名”的直接途径,同时借鉴美国2012年JOBS法案中对众筹融资注册豁免的经验,在妥善协调资本形成与投资者保护关系的基础上,针对众筹融资的法律构造和监管制度作出相应的回应。

  15. Privacy and security of patient data in the pathology laboratory

    Directory of Open Access Journals (Sweden)

    Ioan C Cucoranu

    2013-01-01

    Full Text Available Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI. In the United States, the Health Insurance Portability and Accountability Act (HIPAA govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

  16. Privacy and security of patient data in the pathology laboratory.

    Science.gov (United States)

    Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

    2013-01-01

    Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

  17. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2005-09-01

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was

  18. Analysis and study of data security in the Internet of Things paradigm from a Blockchain technology approach

    OpenAIRE

    Rull Aixa, David

    2018-01-01

    This project is a space of information and knowledge of the IoT paradigm and Blockchain technology with the analysis of the most relevant research articles and the study of the most important threats of IoT technologies and scenarios. In addition, it offers an overview of the current state of the paradigm from the perspective of security and the opportunities that its combination with Blockchain technology can bring to our society. Aquest projecte és un espai d'informació i coneixement ...

  19. Information security with M/490 and BSI protection profile for ensuring data security and security of supply; Informationssicherheit mit M/490 und BSI-Schutzprofil zur Sicherstellung von Datenschutz und Versorgungssicherheit

    Energy Technology Data Exchange (ETDEWEB)

    Kiessling, Andreas [MVV Energie AG, Mannheim (Germany)

    2012-07-01

    The progressive distribution of decentralized energy generation plants as well as the necessary system flexibility result in an increased cross-linking of smart system components. The cross-linking of a critical infrastructure as well as the inclusion of communicative end customers in new market mechanisms and services bring new demands to guarantee data privacy and security of supply. Thus, the data privacy should be ensured already in the system design. It is also crucial to design the end-to-end process reliability in the context of complex component interactions and stakeholder interactions. Concepts in the context of the EU Smart Grid Mandate M/490 as well as the German BSI protection profile are dedicated to ensuring information security and data privacy on top-down and bottom-up approaches which indicate the analogies in the utilization of application clusters as a basis for threat analysis. Based on these concepts, a methodology for profiling of communication standards and security standards based on application descriptions and process descriptions within application case clusters as well as communication analysis and threat assessment with assignment of security levels and data protection classes is described.

  20. Multi-Level Data-Security and Data-Protection in a Distributed Search Infrastructure for Digital Medical Samples.

    Science.gov (United States)

    Witt, Michael; Krefting, Dagmar

    2016-01-01

    Human sample data is stored in biobanks with software managing digital derived sample data. When these stand-alone components are connected and a search infrastructure is employed users become able to collect required research data from different data sources. Data protection, patient rights, data heterogeneity and access control are major challenges for such an infrastructure. This dissertation will investigate concepts for a multi-level security architecture to comply with these requirements.

  1. Social Protection and Economic Security of North African Migrant Workers in France

    Directory of Open Access Journals (Sweden)

    CLAUDIA PARASCHIVESCU

    2013-05-01

    Full Text Available This essay describes and analyses the situation of Maghrebis in France, as far as social security is concerned. The paradoxical situation experienced by these immigrants is related to their eligibility for social security and their discrimination on the labour market. As such, Maghrebis form the precarious layer of French society.

  2. Populous, Precarious – Protected? The Paradox of Social Security for South Asian Agricultural Workers

    NARCIS (Netherlands)

    K.A. Siegmann (Karin Astrid)

    2012-01-01

    textabstractAbstract Social security is firmly rising on the international agenda. Discourses that depart from the assumption that societies can only afford a certain level of social expenditure give way to a recognition that social security is an important investment in development. New

  3. DQC Comments on the Posted Recommendations Regarding Data Security and Privacy Protections

    Science.gov (United States)

    Data Quality Campaign, 2010

    2010-01-01

    The U.S. Department of Education is conducting several activities to address privacy and security issues related to education data. Earlier this year a contractor for the Department convened a group of privacy and security experts and produced a report with recommendations to the Department on ways they can address emerging challenges in…

  4. Expanding Protection Motivation Theory: The Role of Individual Experience in Information Security Policy Compliance

    Science.gov (United States)

    Mutchler, Leigh Ann

    2012-01-01

    The purpose of the present study is to make contributions to the area of behavioral information security in the field of Information Systems and to assist in the improved development of Information Security Policy instructional programs to increase the policy compliance of individuals. The role of an individual's experience in the context of…

  5. Social Security Number Protection Laws: State-by-State Summary Table

    Science.gov (United States)

    Data Quality Campaign, 2011

    2011-01-01

    As state policymakers implement statewide longitudinal data systems that collect, store, link and share student-level data, it is critical that they understand applicable privacy and data security standards and laws designed to ensure the privacy, security, and confidentiality of that data. To help state policymakers navigate this complex legal…

  6. The Internet of Hackable Things

    OpenAIRE

    Giaretta, Alberto; Mazzara, Manuel; Dragoni, Nicola

    2017-01-01

    The Internet of Things makes possible to connect each everyday object to the Internet, making computing pervasive like never before. From a security and privacy perspective, this tsunami of connectivity represents a disaster, which makes each object remotely hackable. We claim that, in order to tackle this issue, we need to address a new challenge in security: education.

  7. Implementation of QoSS (Quality-of-Security Service) for NoC-Based SoC Protection

    Science.gov (United States)

    Sepúlveda, Johanna; Pires, Ricardo; Strum, Marius; Chau, Wang Jiang

    Many of the current electronic systems embedded in a SoC (System-on-Chip) are used to capture, store, manipulate and access critical data, as well as to perform other key functions. In such a scenario, security is considered as an important issue. The Network-on-chip (NoC), as the foreseen communication structure of next-generation SoC devices, can be used to efficiently incorporate security. Our work proposes the implementation of QoSS (Quality of Security Service) to overcome present SoC vulnerabilities. QoSS is a novel concept for data protection that introduces security as a dimension of QoS. In this paper, we present the implementation of two security services (access control and authentication), that may be configured to assume one from several possible levels, the implementation of a technique to avoid denial-of-service (DoS) attacks, evaluate their effectiveness and estimate their impact on NoC performance.

  8. An Energy Efficient Protocol For The Internet Of Things

    Science.gov (United States)

    Venčkauskas, Algimantas; Jusas, Nerijus; Kazanavičius, Egidijus; Štuikys, Vytautas

    2015-01-01

    The Internet of Things (IoT) is a technological revolution that represents the future of computing and communications. One of the most important challenges of IoT is security: protection of data and privacy. The SSL protocol is the de-facto standard for secure Internet communications. The extra energy cost of encrypting and authenticating of the application data with SSL is around 15%. For IoT devices, where energy resources are limited, the increase in the cost of energy is a very significant factor. In this paper we present the energy efficient SSL protocol which ensures the maximum bandwidth and the required level of security with minimum energy consumption. The proper selection of the security level and CPU multiplier, can save up to 85% of the energy required for data encryption.

  9. Assessment of the Groundwater Protection Program Y-12 National Security Complex, Oak Ridge, Tennessee

    International Nuclear Information System (INIS)

    2005-01-01

    The following report contains an assessment of the Y-12 Groundwater Protection Program (GWPP) for the Y-12 National Security Complex at the Oak Ridge Reservation, Tennessee. The GWPP is administered by BWXT Y-12, L.L.C. for the purpose of groundwater surveillance monitoring. After over 20 years of extensive site characterization and delineation efforts, groundwater in the three hydrogeologic areas that comprise the Y-12 Complex requires a long-term monitoring network strategy that will efficiently satisfy surveillance monitoring objectives set forth in DOE Order 450.1. The GWPP assessment consisted of two phases, a qualitative review of the program and a quantitative evaluation of the groundwater monitoring network using the Monitoring and Remediation Optimization System (MAROS) software methodology. The specific objective of the qualitative section of the review of the GWPP was to evaluate the methods of data collection, management, and reporting and the function of the monitoring network for the Y-12 facility using guidance from regulatory and academic sources. The results of the qualitative review are used to suggest modifications to the overall program that would be consistent with achieving objectives for long-term groundwater monitoring. While cost minimization is a consideration in the development of the monitoring program, the primary goal is to provide a comprehensive strategy to provide quality data to support site decision making during facility operations, long-term resource restoration, and property redevelopment. The MAROS software is designed to recommend an improved groundwater monitoring network by applying statistical techniques to existing historic and current site analytical data. The MAROS methodology also considers hydrogeologic factors, regulatory framework, and the location of potential receptors. The software identifies trends and suggests components for an improved monitoring plan by analyzing individual monitoring wells in the current

  10. The Future of the Internet

    National Research Council Canada - National Science Library

    Komaroff, Mitchell

    2008-01-01

    .... While the DoD no longer controls Internet decision making, its unique perspective deriving from its multiple roles as Internet user, operator, and research center is important to the development and protection of U.S. national interests...

  11. Weapons of Mass Destruction and Domestic Force Protection: Basic Response Capability for Military, Police & Security Forces

    National Research Council Canada - National Science Library

    Manto, Samuel

    1999-01-01

    ... actions to improve preparedness. This paper examines what a minimum basic response capability for all military, police and security forces should be to ensure at least some chance for their own survival and possible early warning...

  12. Main control computer security model of closed network systems protection against cyber attacks

    Science.gov (United States)

    Seymen, Bilal

    2014-06-01

    The model that brings the data input/output under control in closed network systems, that maintains the system securely, and that controls the flow of information through the Main Control Computer which also brings the network traffic under control against cyber-attacks. The network, which can be controlled single-handedly thanks to the system designed to enable the network users to make data entry into the system or to extract data from the system securely, intends to minimize the security gaps. Moreover, data input/output record can be kept by means of the user account assigned for each user, and it is also possible to carry out retroactive tracking, if requested. Because the measures that need to be taken for each computer on the network regarding cyber security, do require high cost; it has been intended to provide a cost-effective working environment with this model, only if the Main Control Computer has the updated hardware.

  13. Hospital security and patient elopement: protecting patients and your healthcare facility.

    Science.gov (United States)

    Smith, Thomas A

    2012-01-01

    Regulatory and financial consequences of adverse events associated with patient elopements are bringing new challenges to healthcare security to develop policies and procedures to prevent and respond to such incidents. This article provides an overview of the problem of elopement in healthcare and what it means to the security function; gives a working knowledge of healthcare related standards and guidelines aimed at reducing patient elopement; and reviews the elements of an elopement prevention and response plan for your organization.

  14. The internet trade of counterfeit spirits in Russia – an emerging problem undermining alcohol, public health and youth protection policies?

    Science.gov (United States)

    Neufeld, Maria; Lachenmeier, Dirk W.; Walch, Stephan G.; Rehm, Jürgen

    2017-01-01

    Counterfeit alcohol belongs to the category of unrecorded alcohol not reflected in official statistics. The internet trade of alcoholic beverages has been prohibited by the Russian Federation since 2007, but various sellers still offer counterfeit spirits (i.e., forged brand spirits) over the internet to Russian consumers, mostly in a non-deceptive fashion at prices up to 15 times lower than in regular sale. The public health issues arising from this unregulated trade include potential harm to underage drinkers, hazards due to toxic ingredients such as methanol, but most importantly alcohol harms due to potentially increased drinking volumes due to low prices and high availability on the internet. The internet sale also undermines existing alcohol policies such as restrictions of sale locations, sale times and minimum pricing. The need to enforce measures against counterfeiting of spirits, but specifically their internet trade should be implemented as key elements of alcohol policies to reduce unrecorded alcohol consumption, which is currently about 33 % of total consumption in Russia. PMID:28663784

  15. The internet trade of counterfeit spirits in Russia - an emerging problem undermining alcohol, public health and youth protection policies?

    Science.gov (United States)

    Neufeld, Maria; Lachenmeier, Dirk W; Walch, Stephan G; Rehm, Jürgen

    2017-01-01

    Counterfeit alcohol belongs to the category of unrecorded alcohol not reflected in official statistics. The internet trade of alcoholic beverages has been prohibited by the Russian Federation since 2007, but various sellers still offer counterfeit spirits (i.e., forged brand spirits) over the internet to Russian consumers, mostly in a non-deceptive fashion at prices up to 15 times lower than in regular sale. The public health issues arising from this unregulated trade include potential harm to underage drinkers, hazards due to toxic ingredients such as methanol, but most importantly alcohol harms due to potentially increased drinking volumes due to low prices and high availability on the internet. The internet sale also undermines existing alcohol policies such as restrictions of sale locations, sale times and minimum pricing. The need to enforce measures against counterfeiting of spirits, but specifically their internet trade should be implemented as key elements of alcohol policies to reduce unrecorded alcohol consumption, which is currently about 33 % of total consumption in Russia.

  16. Proposal of a system of signalling of security in occupational radiological protection for radiactives and nuclear installations

    International Nuclear Information System (INIS)

    Cambises, P.; Sanchez, A.; Almeida, C.

    2004-01-01

    After five years of implantation of a program for classification and signalling of restricted areas in the IPEN-CNEN-SP, we noticed that the applied measures of radio protection contributed for the improvement of the system of occupational radiological protection, promoting an improvement in the security of the workers, towards the planning in the execution of the activities involving the use of sources of ionizing radiation. Later, during the implantation of this program, the service of occupational radiological protection, there was great difficulty to conciliate its necessities in terms of security signalling, face the absence of existing standardisation in the country for the minimum disposals on the subject in question. Nowadays there are different interpretations of the specific criteria and many effective normative documents that exist in the country. This work presents as proposal the elaboration of a technical guide whose objective is to display the criteria and recommendations that can facilitate to the companies and the responsible ones for the safety to interpret and to apply the national laws and norms. As consequence, the specifics characteristics and the necessary disposals for the implantation for a implantation of a standardised system of signalling of security in the those areas, where labour risks for the workers involving the use of ionizing radiations are established, according to previous classification in terms of the national and international established recommendations. The noticeable aspects considered in the proposal of the technical guide try to attend to the criteria and recommendations presented in national and international laws and norms consulted and currently effective laws in our country, referring to the areas, places, ways of access, routes of circulation, and to danger carried through activities or to the proper installation of radiation sources, and theirs ways of protection. (Author)

  17. Security an introduction

    CERN Document Server

    Purpura, Philip P

    2011-01-01

    Section I The History and Profession of SecurityDefinition, Role, and History of Security Security Defined The Contexts of Security The Roles of Security The History of Security Security in an Environment of Threats, Terrorism, and All-Hazards Threats and Hazards Terrorism National Strategies The Profession and Business of Security The Business of Security Professionalism and Security Associations Ethics Regulation of the Security Industry Security Training Higher Education Careers Section II Protecting People and AssetsSecurity Methodology Methodology Defined Security Business Proposals Secur

  18. The implementation of nuclear security program and the improvement of physical protection in Indonesia: progress and challenges

    International Nuclear Information System (INIS)

    Khairul

    2009-01-01

    facilities. The nuclear material and its installation is potential target in the facilities so that they needed physical protection measures in prevention and protection of nuclear material and radioactive source against theft and sabotage. The implementation of physical protection of nuclear material and radioactive sources in Indonesia complied with the international instruments such as the Convention of the Physical Protection on Nuclear Material and Facilities, amended on July 2005, and INFCIRC/225/Rev. 4, (corrected), the physical protection of nuclear material and nuclear facilities, June 1999. The application of nuclear energy for power program generation involve in the management of nuclear materials and other radioactive substance. According to international regulation and convention, an effective physical protection system is needed to protect nuclear materials and its facilities against theft and sabotage for both non-proliferation and radiation safety purpose. Further to implementation of the IAEA nuclear security program in the region, Indonesia received two nuclear security services, IPPAS and INSServ mission. Based on the expert mission recommendation, therefore Indonesia improved their physical protection system on nuclear material and facilities against theft and sabotage. One thing that should be considered by the Government of Indonesia is human resource development programmes. So far, some effort has developed to enhance the knowledge of the employee who deals with nuclear material and radioactive substances. It still needed to increase the awareness in particular to personal and other related agencies as well. The Department of Energy's National Nuclear Security Administration discussed security assistance with Indonesia's National Nuclear Energy Agency, BATAN. These upgrades not only reduced the threat of theft at the three research reactors, but also provided local physical protection expertise to use during the concept, design, and operation of

  19. The Impact of the Internet of Things (IoT) on the IT Security Infrastructure of Traditional Colleges and Universities in the State of Utah

    Science.gov (United States)

    Campbell, Wendy

    2017-01-01

    The speed and availability of Internet-capable devices, such as computers, smartphones, gaming consoles, TVs, and tablets have made it possible for our society to be connected, and stay connected to the Internet 24 hours a day. The Internet of Things (IoT) describes a new environment where common objects are uniquely identifiable and accessible…

  20. [Changes in workers' rehabilitation procedures under the Brazilian social security system: modernization or undermining of social protection?].

    Science.gov (United States)

    Takahashi, Mara Alice Batista Conti; Iguti, Aparecida Mari

    2008-11-01

    This article describes the changes in workers' rehabilitation practices under the Brazilian National Social Security Institute (INSS) in the 1990s, in the context of neoliberal economic adjustment measures, based on an analysis of INSS documents from 1992 to 1997. The INSS plan for "modernization" of workers' rehabilitation led to: (1) dismantling of multidisciplinary teams; (2) induction of workers to accept proportional retirement pensions and voluntary layoffs; (3) under-utilization of the remaining INSS professional staff; (4) elimination of treatment programs for workers' rehabilitation; and (5) dismantling of INSS rehabilitation centers and clinics. The changes in the Brazilian social security system undermined the county's social security project and hegemony and reduced social security reform to a mere management and fiscal issue. Current "rehabilitation" falls far short of the institution's original purpose of social protection for workers, while aiming at economic regulation of the system to contain costs of workers' benefits. Workers that suffer work-related accidents are denied occupational rehabilitation, which aggravates their social disadvantage when they return to work.

  1. SecureMA: protecting participant privacy in genetic association meta-analysis.

    Science.gov (United States)

    Xie, Wei; Kantarcioglu, Murat; Bush, William S; Crawford, Dana; Denny, Joshua C; Heatherly, Raymond; Malin, Bradley A

    2014-12-01

    Sharing genomic data is crucial to support scientific investigation such as genome-wide association studies. However, recent investigations suggest the privacy of the individual participants in these studies can be compromised, leading to serious concerns and consequences, such as overly restricted access to data. We introduce a novel cryptographic strategy to securely perform meta-analysis for genetic association studies in large consortia. Our methodology is useful for supporting joint studies among disparate data sites, where privacy or confidentiality is of concern. We validate our method using three multisite association studies. Our research shows that genetic associations can be analyzed efficiently and accurately across substudy sites, without leaking information on individual participants and site-level association summaries. Our software for secure meta-analysis of genetic association studies, SecureMA, is publicly available at http://github.com/XieConnect/SecureMA. Our customized secure computation framework is also publicly available at http://github.com/XieConnect/CircuitService. © The Author 2014. Published by Oxford University Press. All rights reserved. For Permissions, please e-mail: journals.permissions@oup.com.

  2. Exploring Factors Influencing Self-Efficacy in Information Security an Empirical Analysis by Integrating Multiple Theoretical Perspectives in the Context of Using Protective Information Technologies

    Science.gov (United States)

    Reddy, Dinesh Sampangirama

    2017-01-01

    Cybersecurity threats confront the United States on a daily basis, making them one of the major national security challenges. One approach to meeting these challenges is to improve user cybersecurity behavior. End user security behavior hinges on end user acceptance and use of the protective information technologies such as anti-virus and…

  3. Cyber-physical security of Wide-Area Monitoring, Protection and Control in a smart grid environment.

    Science.gov (United States)

    Ashok, Aditya; Hahn, Adam; Govindarasu, Manimaran

    2014-07-01

    Smart grid initiatives will produce a grid that is increasingly dependent on its cyber infrastructure in order to support the numerous power applications necessary to provide improved grid monitoring and control capabilities. However, recent findings documented in government reports and other literature, indicate the growing threat of cyber-based attacks in numbers and sophistication targeting the nation's electric grid and other critical infrastructures. Specifically, this paper discusses cyber-physical security of Wide-Area Monitoring, Protection and Control (WAMPAC) from a coordinated cyber attack perspective and introduces a game-theoretic approach to address the issue. Finally, the paper briefly describes how cyber-physical testbeds can be used to evaluate the security research and perform realistic attack-defense studies for smart grid type environments.

  4. Cyber-physical security of Wide-Area Monitoring, Protection and Control in a smart grid environment

    Science.gov (United States)

    Ashok, Aditya; Hahn, Adam; Govindarasu, Manimaran

    2013-01-01

    Smart grid initiatives will produce a grid that is increasingly dependent on its cyber infrastructure in order to support the numerous power applications necessary to provide improved grid monitoring and control capabilities. However, recent findings documented in government reports and other literature, indicate the growing threat of cyber-based attacks in numbers and sophistication targeting the nation’s electric grid and other critical infrastructures. Specifically, this paper discusses cyber-physical security of Wide-Area Monitoring, Protection and Control (WAMPAC) from a coordinated cyber attack perspective and introduces a game-theoretic approach to address the issue. Finally, the paper briefly describes how cyber-physical testbeds can be used to evaluate the security research and perform realistic attack-defense studies for smart grid type environments. PMID:25685516

  5. Course on Radiological Protection and Quality Assurance in Medical Radiodiagnostic Practices (4th Ed.) : Tel educational through Internet on Health Science

    International Nuclear Information System (INIS)

    Alcaraz, M.; Chico, P.; Armero, D.; Saura Iniesta, A. M.; Fernandez, H.; Vicente, V.

    2006-01-01

    The creation of an interdepartmental project subsidised by the Spanish Ministry of Education has made possible the elaboration of a series of specific didactic materials on Radiological Protection and Quality Assurance in Medical Radiodiagnostic Practices, which has led to the publication of a specific manual and practical notebook. As a consequence, this material now constitutes the working base for those professionals exposed to ionising radiation who are following the first Tel educational continuous formation course in Spanish via the Internet on this subject. (Author)

  6. Routing architecture and security for airborne networks

    Science.gov (United States)

    Deng, Hongmei; Xie, Peng; Li, Jason; Xu, Roger; Levy, Renato

    2009-05-01

    Airborne networks are envisioned to provide interconnectivity for terrestial and space networks by interconnecting highly mobile airborne platforms. A number of military applications are expected to be used by the operator, and all these applications require proper routing security support to establish correct route between communicating platforms in a timely manner. As airborne networks somewhat different from traditional wired and wireless networks (e.g., Internet, LAN, WLAN, MANET, etc), security aspects valid in these networks are not fully applicable to airborne networks. Designing an efficient security scheme to protect airborne networks is confronted with new requirements. In this paper, we first identify a candidate routing architecture, which works as an underlying structure for our proposed security scheme. And then we investigate the vulnerabilities and attack models against routing protocols in airborne networks. Based on these studies, we propose an integrated security solution to address routing security issues in airborne networks.

  7. Metric-Aware Secure Service Orchestration

    Directory of Open Access Journals (Sweden)

    Gabriele Costa

    2012-12-01

    Full Text Available Secure orchestration is an important concern in the internet of service. Next to providing the required functionality the composite services must also provide a reasonable level of security in order to protect sensitive data. Thus, the orchestrator has a need to check whether the complex service is able to satisfy certain properties. Some properties are expressed with metrics for precise definition of requirements. Thus, the problem is to analyse the values of metrics for a complex business process. In this paper we extend our previous work on analysis of secure orchestration with quantifiable properties. We show how to define, verify and enforce quantitative security requirements in one framework with other security properties. The proposed approach should help to select the most suitable service architecture and guarantee fulfilment of the declared security requirements.

  8. Grid Security

    CERN Multimedia

    CERN. Geneva

    2004-01-01

    The aim of Grid computing is to enable the easy and open sharing of resources between large and highly distributed communities of scientists and institutes across many independent administrative domains. Convincing site security officers and computer centre managers to allow this to happen in view of today's ever-increasing Internet security problems is a major challenge. Convincing users and application developers to take security seriously is equally difficult. This paper will describe the main Grid security issues, both in terms of technology and policy, that have been tackled over recent years in LCG and related Grid projects. Achievements to date will be described and opportunities for future improvements will be addressed.

  9. A Security Audit Framework to Manage Information System Security

    Science.gov (United States)

    Pereira, Teresa; Santos, Henrique

    The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

  10. United States Seaport Security: Protection Against a Nuclear Device Attack Delivered in a Shipping Cargo Container

    Science.gov (United States)

    2014-06-13

    off a radioactive dirty bomb, and on 29 June Moldavian undercover security agents posing as a North African buyer arrested six men trying to sell...military targets in various countries, including the 11 September 2001 attacks, 1998 U.S. Embassy bombings, USS Cole bombings, and 2002 Bali bombings

  11. Learning Perfectly Secure Cryptography to Protect Communications with Adversarial Neural Cryptography

    Directory of Open Access Journals (Sweden)

    Murilo Coutinho

    2018-04-01

    Full Text Available Researches in Artificial Intelligence (AI have achieved many important breakthroughs, especially in recent years. In some cases, AI learns alone from scratch and performs human tasks faster and better than humans. With the recent advances in AI, it is natural to wonder whether Artificial Neural Networks will be used to successfully create or break cryptographic algorithms. Bibliographic review shows the main approach to this problem have been addressed throughout complex Neural Networks, but without understanding or proving the security of the generated model. This paper presents an analysis of the security of cryptographic algorithms generated by a new technique called Adversarial Neural Cryptography (ANC. Using the proposed network, we show limitations and directions to improve the current approach of ANC. Training the proposed Artificial Neural Network with the improved model of ANC, we show that artificially intelligent agents can learn the unbreakable One-Time Pad (OTP algorithm, without human knowledge, to communicate securely through an insecure communication channel. This paper shows in which conditions an AI agent can learn a secure encryption scheme. However, it also shows that, without a stronger adversary, it is more likely to obtain an insecure one.

  12. Learning Perfectly Secure Cryptography to Protect Communications with Adversarial Neural Cryptography.

    Science.gov (United States)

    Coutinho, Murilo; de Oliveira Albuquerque, Robson; Borges, Fábio; García Villalba, Luis Javier; Kim, Tai-Hoon

    2018-04-24

    Researches in Artificial Intelligence (AI) have achieved many important breakthroughs, especially in recent years. In some cases, AI learns alone from scratch and performs human tasks faster and better than humans. With the recent advances in AI, it is natural to wonder whether Artificial Neural Networks will be used to successfully create or break cryptographic algorithms. Bibliographic review shows the main approach to this problem have been addressed throughout complex Neural Networks, but without understanding or proving the security of the generated model. This paper presents an analysis of the security of cryptographic algorithms generated by a new technique called Adversarial Neural Cryptography (ANC). Using the proposed network, we show limitations and directions to improve the current approach of ANC. Training the proposed Artificial Neural Network with the improved model of ANC, we show that artificially intelligent agents can learn the unbreakable One-Time Pad (OTP) algorithm, without human knowledge, to communicate securely through an insecure communication channel. This paper shows in which conditions an AI agent can learn a secure encryption scheme. However, it also shows that, without a stronger adversary, it is more likely to obtain an insecure one.

  13. 75 FR 75432 - Protection of Collateral of Counterparties to Uncleared Swaps; Treatment of Securities in a...

    Science.gov (United States)

    2010-12-03

    ... security-based swaps. The legislation was enacted to reduce risk, increase transparency, and promote market... that turnover of control shall be made promptly upon presentation of a statement in writing, signed by an authorized person under penalty of perjury, that one party is entitled to such turnover pursuant...

  14. Using a security requirements engineering methodology in practice: The compliance with the Italian data protection legislation

    NARCIS (Netherlands)

    Massacci, F.; Prest, M.; Zannone, N.

    2005-01-01

    Extending Requirements Engineering modelling and formal analysis methodologies to cope with Security Requirements has been a major effort in the past decade. Yet, only few works describe complex case studies that show the ability of the informal and formal approaches to cope with the level

  15. SOCIAL SECURITY SYSTEM-A SPECIAL FORM OF PROTECTION OF ROMANIAN SOCIETY

    OpenAIRE

    Maria Mirabela Ianc Florea

    2012-01-01

    In a democratic State, social protection is a fundamental element of State policy, because the implementation is carried out prevention, reduction or elimination of the consequences of events which are regarded as "social risk" on the level of living of the population. Social protection is designed to ensure a basic standard of living for all people, irrespective of the means by which they have.

  16. Common Criteria for Information Technology Security Evaluation: Department of Defense Public Key Infrastructure and Key Management Infrastructure Token Protection Profile (Medium Robustness)

    Science.gov (United States)

    2002-03-22

    may be derived from detailed inspection of the IC itself or from illicit appropriation of design information. Counterfeit smart cards can be mass...Infrastructure (PKI) as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair...interference devices (SQDIS), electrical testing, and electron beam testing. • Other attacks, such as UV or X-rays or high temperatures, could cause erasure

  17. Retailing and Shopping on the Internet.

    Science.gov (United States)

    Rowley, Jennifer

    1996-01-01

    Internet advertising and commercial activity are increasing. This article examines challenges facing the retail industry on the Internet: location; comparison shopping; security, especially financial transactions; customer base and profile; nature of the shopping experience; and legal and marketplace controls. (PEN)

  18. Cybersecurity in European Union and In Mercosur: Big Data and Surveillance Versus Privacy and Data Protection On the Internet

    OpenAIRE

    Favera, Rafaela Bolson Dalla; Silva, Rosane Leal da

    2016-01-01

    This paper aims to discuss the surveillance practices, with the help of big data, especially after the revelations of Edward Snowden in 2013. It aims to analyze the acting of European Union in relation to the cybersecurity, besides to expose and discuss any existing strategies in Mercosur to face these problems, which will culminate with the analysis of the Internet Civil Mark in Brazil. It was found the need for the same block members act of transnational and cooperative manner, as recommend...

  19. Potential impact of internet addiction and protective psychosocial factors onto depression among Hong Kong Chinese adolescents - direct, mediation and moderation effects.

    Science.gov (United States)

    Wu, Anise M S; Li, Jibin; Lau, Joseph T F; Mo, Phoenix K H; Lau, Mason M C

    2016-10-01

    Internet addiction (IA) is a risk factor while some psychosocial factors can be protective against depression among adolescents. Mechanisms of IA onto depression in terms of mediations and moderations involving protective factors are unknown and were investigated in this study. A representative cross-sectional study was conducted among Hong Kong Chinese secondary school students (n=9518). Among males and females, prevalence of depression at moderate or severe level (CES-D≥21) was 38.36% and 46.13%, and that of IA (CIAS>63) was 17.64% and 14.01%, respectively. Adjusted for socio-demographics, depression was positively associated with IA [males: adjusted odds ratio (AOR)=4.22, 95% CI=3.61-4.94; females: AOR=4.79, 95% CI=3.91-5.87] and negatively associated with psychosocial factors including self-esteem, positive affect, family support, and self-efficacy (males: AOR=0.76-0.94; females: AOR=0.72-0.92, pmoderations, IA also reduced magnitude of protective effects of self-efficacy and family support among males and that of positive affect among both sexes against depression. The high IA prevalence contributes to increased risk of prevalent depression through its direct effect, mediation (reduced level of protective factors) and moderation (reduced magnitude of protective effects) effects. Understanding to mechanisms between IA and depression through protective factors is enhanced. Screening and interventions for IA and depression are warranted, and should cultivate protective factors, and unlink negative impact of IA onto levels and effects of protective factors. Copyright © 2016. Published by Elsevier Inc.

  20. Optimisation of Critical Infrastructure Protection: The SiVe Project on Airport Security

    Science.gov (United States)

    Breiing, Marcus; Cole, Mara; D'Avanzo, John; Geiger, Gebhard; Goldner, Sascha; Kuhlmann, Andreas; Lorenz, Claudia; Papproth, Alf; Petzel, Erhard; Schwetje, Oliver

    This paper outlines the scientific goals, ongoing work and first results of the SiVe research project on critical infrastructure security. The methodology is generic while pilot studies are chosen from airport security. The outline proceeds in three major steps, (1) building a threat scenario, (2) development of simulation models as scenario refinements, and (3) assessment of alternatives. Advanced techniques of systems analysis and simulation are employed to model relevant airport structures and processes as well as offences. Computer experiments are carried out to compare and optimise alternative solutions. The optimality analyses draw on approaches to quantitative risk assessment recently developed in the operational sciences. To exploit the advantages of the various techniques, an integrated simulation workbench is build up in the project.