WorldWideScience

Sample records for modelling security requirements

  1. Security requirements engineering : the SI* modeling language and the Secure Tropos methodology

    NARCIS (Netherlands)

    Massacci, F.; Mylopoulos, J.; Zannone, N.; Ras, Z.W.; Tsay, L.-S.

    2010-01-01

    Security Requirements Engineering is an emerging field which lies at the crossroads of Security and Software Engineering. Much research has focused on this field in recent years, spurred by the realization that security must be dealt with in the earliest phases of the software development process as

  2. Requirements model generation to support requirements elicitation: The Secure Tropos experience

    NARCIS (Netherlands)

    Kiyavitskaya, N.; Zannone, N.

    2008-01-01

    In recent years several efforts have been devoted by researchers in the Requirements Engineering community to the development of methodologies for supporting designers during requirements elicitation, modeling, and analysis. However, these methodologies often lack tool support to facilitate their

  3. Capturing security requirements for software systems.

    Science.gov (United States)

    El-Hadary, Hassan; El-Kassas, Sherif

    2014-07-01

    Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.

  4. Capturing security requirements for software systems

    Directory of Open Access Journals (Sweden)

    Hassan El-Hadary

    2014-07-01

    Full Text Available Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.

  5. Capturing security requirements for software systems

    Science.gov (United States)

    El-Hadary, Hassan; El-Kassas, Sherif

    2014-01-01

    Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way. PMID:25685514

  6. Windows Security patch required

    CERN Multimedia

    3004-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables,... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  7. Teaching Case: IS Security Requirements Identification from Conceptual Models in Systems Analysis and Design: The Fun & Fitness, Inc. Case

    Science.gov (United States)

    Spears, Janine L.; Parrish, James L., Jr.

    2013-01-01

    This teaching case introduces students to a relatively simple approach to identifying and documenting security requirements within conceptual models that are commonly taught in systems analysis and design courses. An introduction to information security is provided, followed by a classroom example of a fictitious company, "Fun &…

  8. Modeling the Non-functional Requirements in the Context of Usability, Performance, Safety and Security

    OpenAIRE

    Sadiq, Mazhar

    2007-01-01

    Requirement engineering is the most significant part of the software development life cycle. Until now great emphasis has been put on the maturity of the functional requirements. But with the passage of time it reveals that the success of software development does not only pertain to the functional requirements rather non-functional requirements should also be taken into consideration. Among the non-functional requirements usability, performance, safety and security are considered important. ...

  9. Proposing a Holistic Model for Formulating the Security Requirements of e-learning based on Stakeholders’ Point of Veiw

    Directory of Open Access Journals (Sweden)

    Abouzar Arabsorkhi Mishabi

    2016-03-01

    Full Text Available Development of e-learning applications and services in the context of information and communication networks –beside qualitative and quantitative improvement in the scope and range of services they provide – has increased veriety of threats which are emerged from these networks and telecommunications infrastructure. This kind of issue have mad the effective and accurate analysing of security issues nessesary to managers and decision makers. Accordingly, in this study, using findings of other studies in the field of e-learning security, using methasyntesis, attempted to define a holistic model for classification and organization of security requirements. A structure that defines the origin of security requirements of e-learning and rolplays as a reference for formulating security requirements for this area.

  10. Getting Grip on Security Requirements Elicitation by Structuring and Reusing Security Requirements Sources

    Directory of Open Access Journals (Sweden)

    Christian Schmitt

    2015-07-01

    Full Text Available This paper presents a model for structuring and reusing security requirements sources. The model serves as blueprint for the development of an organization-specific repository, which provides relevant security requirements sources, such as security information and knowledge sources and relevant compliance obligations, in a structured and reusable form. The resulting repository is intended to be used by development teams during the elicitation and analysis of security requirements with the goal to understand the security problem space, incorporate all relevant requirements sources, and to avoid unnecessary effort for identifying, understanding, and correlating applicable security requirements sources on a project-wise basis. We start with an overview and categorization of important security requirements sources, followed by the description of the generic model. To demonstrate the applicability and benefits of the model, the instantiation approach and details of the resulting repository of security requirements sources are presented.

  11. Security and trust requirements engineering

    NARCIS (Netherlands)

    Giorgini, P.; Massacci, F.; Zannone, N.; Aldini, A.; Gorrieri, R.; Martinelli, F.

    2005-01-01

    Integrating security concerns throughout the whole software development process is one of today’s challenges in software and requirements engineering research. A challenge that so far has proved difficult to meet. The major difficulty is that providing security does not only require to solve

  12. Towards security requirements: Iconicity as a feature of an informal modeling language

    NARCIS (Netherlands)

    Vasenev, Alexandr; Ionita, Dan; Zoppi, Tomasso; Ceccarelli, Andrea; Wieringa, Roelf J.

    2017-01-01

    Self-adaptive systems need to be designed with respect to threats within their operating conditions. Identifying such threats during the design phase can benefit from the involvement of stakeholders. Using a system model, the stakeholders, who may neither be IT experts nor security experts, can

  13. Incorporating Security Quality Requirements Engineering (SQUARE) into Standard Life-Cycle Models

    National Research Council Canada - National Science Library

    Mead, Nancy R; Viswanathan, Venkatesh; Padmanabhan, Deepa; Raveendran, Anusha

    2008-01-01

    ...). This report is for information technology managers and security professionals, management personnel with technical and information security knowledge, and any personnel who manage security-critical...

  14. A modeling ontology for integrating vulnerabilities into security requirements conceptual foundations

    NARCIS (Netherlands)

    Elahi, G.; Yu, E.; Zannone, N.; Laender, A.H.F.; Castano, S.; Dayal, U.; Casati, F.; Palazzo Moreira de Oliveira, J.

    2009-01-01

    Vulnerabilities are weaknesses in the requirements, design, and implementation, which attackers exploit to compromise the system. This paper proposes a vulnerability-centric modeling ontology, which aims to integrate empirical knowledge of vulnerabilities into the system development process. In

  15. Security Requirements Management in Software Product Line Engineering

    Science.gov (United States)

    Mellado, Daniel; Fernández-Medina, Eduardo; Piattini, Mario

    Security requirements engineering is both a central task and a critical success factor in product line development due to the complexity and extensive nature of product lines. However, most of the current product line practices in requirements engineering do not adequately address security requirements engineering. Therefore, in this chapter we will propose a security requirements engineering process (SREPPLine) driven by security standards and based on a security requirements decision model along with a security variability model to manage the variability of the artefacts related to security requirements. The aim of this approach is to deal with security requirements from the early stages of the product line development in a systematic way, in order to facilitate conformance with the most relevant security standards with regard to the management of security requirements, such as ISO/IEC 27001 and ISO/IEC 15408.

  16. Information Security Maturity Model

    OpenAIRE

    Information Security Maturity Model

    2011-01-01

    To ensure security, it is important to build-in security in both the planning and the design phases andadapt a security architecture which makes sure that regular and security related tasks, are deployedcorrectly. Security requirements must be linked to the business goals. We identified four domains thataffect security at an organization namely, organization governance, organizational culture, thearchitecture of the systems, and service management. In order to identify and explore the strengt...

  17. Model-based security testing

    OpenAIRE

    Schieferdecker, Ina; Großmann, Jürgen; Schneider, Martin

    2012-01-01

    Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security...

  18. 42 CFR 3.106 - Security requirements.

    Science.gov (United States)

    2010-10-01

    ... ORGANIZATIONS AND PATIENT SAFETY WORK PRODUCT PSO Requirements and Agency Procedures § 3.106 Security requirements. (a) Application. A PSO must secure patient safety work product in conformance with the security... the confidentiality and security of patient safety work product. (2) Distinguishing patient safety...

  19. Security measures required for HIPAA privacy.

    Science.gov (United States)

    Amatayakul, M

    2000-01-01

    HIPAA security requirements include administrative, physical, and technical services and mechanisms to safeguard confidentiality, availability, and integrity of health information. Security measures, however, must be implemented in the context of an organization's privacy policies. Because HIPAA's proposed privacy rules are flexible and scalable to account for the nature of each organization's business, size, and resources, each organization will be determining its own privacy policies within the context of the HIPAA requirements and its security capabilities. Security measures cannot be implemented in a vacuum.

  20. Model-Based Security Testing

    Directory of Open Access Journals (Sweden)

    Ina Schieferdecker

    2012-02-01

    Full Text Available Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.

  1. Information technology - Security techniques - Information security management systems - Requirements

    CERN Document Server

    International Organization for Standardization. Geneva

    2005-01-01

    ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

  2. Cloud Security Requirements - A checklist with security and privacy requirements for public cloud services

    OpenAIRE

    Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje

    2015-01-01

    - This document contains a checklist that can be used to develop or evaluate security and privacy requirements for Cloud computing services. The content has been gathered from established industry standards and best practices, supplemented with requirements from European data protection legislation, and taking into account security issues identified in recent research on Cloud security. The document is intended to be used by potential cloud customers that need to assess the security of a c...

  3. Quantum secure communication models comparison

    Directory of Open Access Journals (Sweden)

    Georgi Petrov Bebrov

    2017-12-01

    Full Text Available The paper concerns the quantum cryptography, more specifically, the quantum secure communication type of schemes. The main focus here is on making a comparison between the distinct secure quantum communication models – quantum secure direct communication and deterministic secure quantum communication, in terms of three parameters: resource efficiency, eavesdropping check efficiency, and security (degree of preserving the confidentiality.

  4. Security Requirements – Analysis of the Issue

    Directory of Open Access Journals (Sweden)

    Jhon Vincent

    2013-12-01

    Full Text Available Needs about security are matters little taken into account when managing requirements engineering , and when considered in the life cycle of the system , they tend to become a general list of functions, as password of protection , firewalls , virus detection tools , and other similar. But in fact, they cannot be considered as requirements of security, because they are implementation mechanisms to try to meet unspecified requirements, as an authenticated access. As a result, the security requirements for the system are ignored, which are required to protect essential services and assets, besides, when are specified, is not considered the prospect of future attacks. This paper describes the need for a systematic approach to managing security requirements engineering, in order to help avoid the problem of generic lists and take into account the future perspective. Several related approaches are described and also are provided references additional material that can help requirements engineers to ensure that their products be taken into account, effectively , the security requirements.

  5. Security and Privacy in Video Surveillance: Requirements and Challenges

    DEFF Research Database (Denmark)

    Mahmood Rajpoot, Qasim; Jensen, Christian D.

    2014-01-01

    observed by the system. Several techniques to protect the privacy of individuals have therefore been proposed, but very little research work has focused on the specific security requirements of video surveillance data (in transit or in storage) and on authorizing access to this data. In this paper, we...... present a general model of video surveillance systems that will help identify the major security and privacy requirements for a video surveillance system and we use this model to identify practical challenges in ensuring the security of video surveillance data in all stages (in transit and at rest). Our...... study shows a gap between the identified security requirements and the proposed security solutions where future research efforts may focus in this domain....

  6. Cloud computing security requirements: a systematic review

    NARCIS (Netherlands)

    Iankoulova, Iliana; Daneva, Maia; Rolland, C; Castro, J.; Pastor, O

    Many publications have dealt with various types of security requirements in cloud computing but not all types have been explored in sufficient depth. It is also hard to understand which types of requirements have been under-researched and which are most investigated. This paper's goal is to provide

  7. Presentation of various types of electronic business available on the Internet, Advantages, Disadvantages, Key Requirements and Security, Implementation Model of an Electronic Business

    OpenAIRE

    Andreea A.S. Ionescu; Raul Serban

    2012-01-01

    This paper speaks about the advantages, disadvantages, key requirements necessary of an electronic business, the infrastructure of the Internet, the existing main networks on the Internet, standards used to develop electronic business and the security of an e-business environment. As we know in an organization the information is an asset that has value and should be protected and diversified. We also propose an implementation model of an electronic business that interconnects two concepts: ER...

  8. Argumentation-Based Security Requirements Elicitation: The Next Round

    NARCIS (Netherlands)

    Ionita, Dan; Bullee, Jan-Willem; Wieringa, Roelf J.

    2014-01-01

    Information Security Risk Assessment can be viewed as part of requirements engineering because it is used to translate security goals into security requirements, where security requirements are the desired system properties that mitigate threats to security goals. To improve the defensibility of

  9. Keystone Business Models for Network Security Processors

    OpenAIRE

    Arthur Low; Steven Muegge

    2013-01-01

    Network security processors are critical components of high-performance systems built for cybersecurity. Development of a network security processor requires multi-domain experience in semiconductors and complex software security applications, and multiple iterations of both software and hardware implementations. Limited by the business models in use today, such an arduous task can be undertaken only by large incumbent companies and government organizations. Neither the “fabless semiconductor...

  10. Information risk and security modeling

    Science.gov (United States)

    Zivic, Predrag

    2005-03-01

    This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

  11. Security model for VM in cloud

    Science.gov (United States)

    Kanaparti, Venkataramana; Naveen K., R.; Rajani, S.; Padmvathamma, M.; Anitha, C.

    2013-03-01

    Cloud computing is a new approach emerged to meet ever-increasing demand for computing resources and to reduce operational costs and Capital Expenditure for IT services. As this new way of computation allows data and applications to be stored away from own corporate server, it brings more issues in security such as virtualization security, distributed computing, application security, identity management, access control and authentication. Even though Virtualization forms the basis for cloud computing it poses many threats in securing cloud. As most of Security threats lies at Virtualization layer in cloud we proposed this new Security Model for Virtual Machine in Cloud (SMVC) in which every process is authenticated by Trusted-Agent (TA) in Hypervisor as well as in VM. Our proposed model is designed to with-stand attacks by unauthorized process that pose threat to applications related to Data Mining, OLAP systems, Image processing which requires huge resources in cloud deployed on one or more VM's.

  12. 48 CFR 52.204-2 - Security Requirements.

    Science.gov (United States)

    2010-10-01

    ... Agreement (DD Form 441), including the National Industrial Security Program Operating Manual (DOD 5220.22-M... 48 Federal Acquisition Regulations System 2 2010-10-01 2010-10-01 false Security Requirements. 52....204-2 Security Requirements. As prescribed in 4.404(a), insert the following clauses: Security...

  13. 49 CFR 236.1033 - Communications and security requirements.

    Science.gov (United States)

    2010-10-01

    ... Train Control Systems § 236.1033 Communications and security requirements. (a) All wireless... 49 Transportation 4 2010-10-01 2010-10-01 false Communications and security requirements. 236.1033... exceeding the security strength required to protect the data as defined in the railroad's PTCSP and required...

  14. 49 CFR 659.21 - System security plan: general requirements.

    Science.gov (United States)

    2010-10-01

    ... 49 Transportation 7 2010-10-01 2010-10-01 false System security plan: general requirements. 659.21... State Oversight Agency § 659.21 System security plan: general requirements. (a) The oversight agency shall require the rail transit agency to implement a system security plan that, at a minimum, complies...

  15. Campus network security model study

    Science.gov (United States)

    Zhang, Yong-ku; Song, Li-ren

    2011-12-01

    Campus network security is growing importance, Design a very effective defense hacker attacks, viruses, data theft, and internal defense system, is the focus of the study in this paper. This paper compared the firewall; IDS based on the integrated, then design of a campus network security model, and detail the specific implementation principle.

  16. Threat modeling designing for security

    CERN Document Server

    Shostack, Adam

    2014-01-01

    Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies. Systems secur

  17. Design and realization of a network security model

    OpenAIRE

    WANG, Jiahai; HAN, Fangxi; Tang, Zheng; TAMURA, Hiroki; Ishii, Masahiro

    2002-01-01

    The security of information is a key problem in the development of network technology. The basic requirements of security of information clearly include confidentiality, integrity, authentication and non-repudiation. This paper proposes a network security model that is composed of security system, security connection and communication, and key management. The model carries out encrypting, decrypting, signature and ensures confidentiality, integrity, authentication and non-repudiation. Finally...

  18. Pattern and security requirements engineering-based establishment of security standards

    CERN Document Server

    Beckers, Kristian

    2015-01-01

    Security threats are a significant problem for information technology companies today. This book focuses on how to mitigate these threats by using security standards and provides ways to address associated problems faced by engineers caused by ambiguities in the standards. The security standards are analysed, fundamental concepts of the security standards presented, and the relations to the elementary concepts of security requirements engineering (SRE) methods explored. Using this knowledge, engineers can build customised methods that support the establishment of security standards. Standard

  19. Process Models for Security Architectures

    Directory of Open Access Journals (Sweden)

    Floarea NASTASE

    2006-01-01

    Full Text Available This paper presents a model for an integrated security system, which can be implemented in any organization. It is based on security-specific standards and taxonomies as ISO 7498-2 and Common Criteria. The functionalities are derived from the classes proposed in the Common Criteria document. In the paper we present the process model for each functionality and also we focus on the specific components.

  20. Modelling security and trust with Secure Tropos

    NARCIS (Netherlands)

    Giorgini, P.; Mouratidis, H.; Zannone, N.; Mouratidis, H.; Giorgini, P.

    2006-01-01

    Although the concepts of security and trust play an important issue in the development of information systems, they have been mainly neglected by software engineering methodologies. In this chapter we present an approach that considers security and trust throughout the software development process.

  1. 20 CFR 209.3 - Social security number required.

    Science.gov (United States)

    2010-04-01

    ... 20 Employees' Benefits 1 2010-04-01 2010-04-01 false Social security number required. 209.3... RAILROAD EMPLOYERS' REPORTS AND RESPONSIBILITIES § 209.3 Social security number required. Each employer shall furnish to the Board a social security number for each employee for whom any report is submitted...

  2. Generating WS-SecurityPolicy documents via security model transformation

    DEFF Research Database (Denmark)

    Jensen, Meiko

    2009-01-01

    When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriat...... security model definition and transformation approach, targeting the WS-SecurityPolicy and WS-BPEL specifications, in order to enable a Web-Service-based secure business process development.......When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriate...

  3. SecureCore Software Architecture: Trusted Path Application (TPA) Requirements

    National Research Council Canada - National Science Library

    Clark, Paul C; Irvine, Cynthia E; Levin, Timothy E; Nguyen, Thuy D; Vidas, Timothy M

    2007-01-01

    .... The purpose of the SecureCore research project is to investigate fundamental architectural features required for the trusted operation of mobile computing devices so the security is built-in, transparent and flexible...

  4. 48 CFR 1352.237-72 - Security processing requirements-national security contracts.

    Science.gov (United States)

    2010-10-01

    ... requirements-national security contracts. 1352.237-72 Section 1352.237-72 Federal Acquisition Regulations... Provisions and Clauses 1352.237-72 Security processing requirements—national security contracts. As prescribed in 48 CFR 1337.110-70(d), use the following clause: Security Processing Requirements—National...

  5. Validity of information security policy models

    Directory of Open Access Journals (Sweden)

    Joshua Onome Imoniana

    Full Text Available Validity is concerned with establishing evidence for the use of a method to be used with a particular set of population. Thus, when we address the issue of application of security policy models, we are concerned with the implementation of a certain policy, taking into consideration the standards required, through attribution of scores to every item in the research instrument. En today's globalized economic scenarios, the implementation of information security policy, in an information technology environment, is a condition sine qua non for the strategic management process of any organization. Regarding this topic, various studies present evidences that, the responsibility for maintaining a policy rests primarily with the Chief Security Officer. The Chief Security Officer, in doing so, strives to enhance the updating of technologies, in order to meet all-inclusive business continuity planning policies. Therefore, for such policy to be effective, it has to be entirely embraced by the Chief Executive Officer. This study was developed with the purpose of validating specific theoretical models, whose designs were based on literature review, by sampling 10 of the Automobile Industries located in the ABC region of Metropolitan São Paulo City. This sampling was based on the representativeness of such industries, particularly with regards to each one's implementation of information technology in the region. The current study concludes, presenting evidence of the discriminating validity of four key dimensions of the security policy, being such: the Physical Security, the Logical Access Security, the Administrative Security, and the Legal & Environmental Security. On analyzing the Alpha of Crombach structure of these security items, results not only attest that the capacity of those industries to implement security policies is indisputable, but also, the items involved, homogeneously correlate to each other.

  6. Modeling Security Aspects of Network

    Science.gov (United States)

    Schoch, Elmar

    With more and more widespread usage of computer systems and networks, dependability becomes a paramount requirement. Dependability typically denotes tolerance or protection against all kinds of failures, errors and faults. Sources of failures can basically be accidental, e.g., in case of hardware errors or software bugs, or intentional due to some kind of malicious behavior. These intentional, malicious actions are subject of security. A more complete overview on the relations between dependability and security can be found in [31]. In parallel to the increased use of technology, misuse also has grown significantly, requiring measures to deal with it.

  7. Future consumer mobile phone security: A case study using the data-centric security model

    NARCIS (Netherlands)

    van Cleeff, A.

    Consumer mobile phone security requires more attention, now that their data storage capacity is increasing. At the same time, much effort is spent on data-centric security for large enterprises. In this article we try to apply data-centric security to consumer mobile phones. We show a maturity model

  8. 7 CFR 764.355 - Security requirements.

    Science.gov (United States)

    2010-01-01

    ... through the use of marketing contracts, hedging, options, or other revenue protection mechanisms, and includes a marketing plan or similar risk management practice; (3) The applicant has had positive net cash... applicant has pledged as security for the loan all available personal and business security, except as...

  9. Formal Analysis of Graphical Security Models

    DEFF Research Database (Denmark)

    Aslanyan, Zaruhi

    , software components and human actors interacting with each other to form so-called socio-technical systems. The importance of socio-technical systems to modern societies requires verifying their security properties formally, while their inherent complexity makes manual analyses impracticable. Graphical...... models for security offer an unrivalled opportunity to describe socio-technical systems, for they allow to represent different aspects like human behaviour, computation and physical phenomena in an abstract yet uniform manner. Moreover, these models can be assigned a formal semantics, thereby allowing...... formal verification of their properties. Finally, their appealing graphical notations enable to communicate security concerns in an understandable way also to non-experts, often in charge of the decision making. This dissertation argues that automated techniques can be developed on graphical security...

  10. Keystone Business Models for Network Security Processors

    Directory of Open Access Journals (Sweden)

    Arthur Low

    2013-07-01

    Full Text Available Network security processors are critical components of high-performance systems built for cybersecurity. Development of a network security processor requires multi-domain experience in semiconductors and complex software security applications, and multiple iterations of both software and hardware implementations. Limited by the business models in use today, such an arduous task can be undertaken only by large incumbent companies and government organizations. Neither the “fabless semiconductor” models nor the silicon intellectual-property licensing (“IP-licensing” models allow small technology companies to successfully compete. This article describes an alternative approach that produces an ongoing stream of novel network security processors for niche markets through continuous innovation by both large and small companies. This approach, referred to here as the "business ecosystem model for network security processors", includes a flexible and reconfigurable technology platform, a “keystone” business model for the company that maintains the platform architecture, and an extended ecosystem of companies that both contribute and share in the value created by innovation. New opportunities for business model innovation by participating companies are made possible by the ecosystem model. This ecosystem model builds on: i the lessons learned from the experience of the first author as a senior integrated circuit architect for providers of public-key cryptography solutions and as the owner of a semiconductor startup, and ii the latest scholarly research on technology entrepreneurship, business models, platforms, and business ecosystems. This article will be of interest to all technology entrepreneurs, but it will be of particular interest to owners of small companies that provide security solutions and to specialized security professionals seeking to launch their own companies.

  11. 48 CFR 1337.110-70 - Personnel security processing requirements.

    Science.gov (United States)

    2010-10-01

    ... information technology (IT) system, as required by the Department of Commerce Security Manual and Department of Commerce Security Program Policy and Minimum Implementation Standards. (b) Insert clause 1352.237... as National Security Contracts that will be performed on or within a Department of Commerce facility...

  12. A vulnerability-centric requirements engineering framework : Analyzing security attacks, countermeasures, and requirements based on vulnerabilities

    NARCIS (Netherlands)

    Elahi, G.; Yu, E.; Zannone, N.

    2010-01-01

    Many security breaches occur because of exploitation of vulnerabilities within the system. Vulnerabilities are weaknesses in the requirements, design, and implementation, which attackers exploit to compromise the system. This paper proposes a methodological framework for security requirements

  13. 77 FR 61771 - Facility Security Officer Training Requirements

    Science.gov (United States)

    2012-10-11

    ... following: (1) Draft model FSO training course; (2) Computer-based training and distance learning; (3... DEPARTMENT OF HOMELAND SECURITY Coast Guard [Docket No. USCG-2012-0908] Facility Security Officer... Security Officer training program, with the primary focus on developing the curriculum for such a program...

  14. Core security requirements of DRM systems

    NARCIS (Netherlands)

    Jonker, H.L.; Mauw, S.; Satish, D.

    2008-01-01

    The use of Digital Rights Management (DRM) systems involves several stakeholders, such as the content provider, the license provider and the user, each having their own incentives to use the system. Proper use of the system implies that these incentives can only be met if certain security

  15. 7 CFR 3550.108 - Security requirements (loans only).

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 15 2010-01-01 2010-01-01 false Security requirements (loans only). 3550.108 Section..., DEPARTMENT OF AGRICULTURE DIRECT SINGLE FAMILY HOUSING LOANS AND GRANTS Section 504 Origination and Section 306C Water and Waste Disposal Grants § 3550.108 Security requirements (loans only). When the total...

  16. Development of a cyber security risk model using Bayesian networks

    International Nuclear Information System (INIS)

    Shin, Jinsoo; Son, Hanseong; Khalil ur, Rahman; Heo, Gyunyoung

    2015-01-01

    Cyber security is an emerging safety issue in the nuclear industry, especially in the instrumentation and control (I and C) field. To address the cyber security issue systematically, a model that can be used for cyber security evaluation is required. In this work, a cyber security risk model based on a Bayesian network is suggested for evaluating cyber security for nuclear facilities in an integrated manner. The suggested model enables the evaluation of both the procedural and technical aspects of cyber security, which are related to compliance with regulatory guides and system architectures, respectively. The activity-quality analysis model was developed to evaluate how well people and/or organizations comply with the regulatory guidance associated with cyber security. The architecture analysis model was created to evaluate vulnerabilities and mitigation measures with respect to their effect on cyber security. The two models are integrated into a single model, which is called the cyber security risk model, so that cyber security can be evaluated from procedural and technical viewpoints at the same time. The model was applied to evaluate the cyber security risk of the reactor protection system (RPS) of a research reactor and to demonstrate its usefulness and feasibility. - Highlights: • We developed the cyber security risk model can be find the weak point of cyber security integrated two cyber analysis models by using Bayesian Network. • One is the activity-quality model signifies how people and/or organization comply with the cyber security regulatory guide. • Other is the architecture model represents the probability of cyber-attack on RPS architecture. • The cyber security risk model can provide evidence that is able to determine the key element for cyber security for RPS of a research reactor

  17. MODEL-BASED SECURITY ENGINEERING OF SOA SYSTEM USING SECURITY INTENT DSL

    OpenAIRE

    Muhammad Qaiser Saleem; Jafreezal Jaafar; Mohd Fadzil Hassan

    2011-01-01

    Currently most of the enterprises are using SOA and web services technologies to build their web information system. They are using MDA principles for design and development of WIS and using UML as a modelling language for business process modelling. Along with the increased connectivity in SOA environment, security risks rise exponentially. Security is not defined during the early phases of development and left onto developer. Properly configuring security requirements in SOA applications is...

  18. A model based security testing method for protocol implementation.

    Science.gov (United States)

    Fu, Yu Long; Xin, Xiao Long

    2014-01-01

    The security of protocol implementation is important and hard to be verified. Since the penetration testing is usually based on the experience of the security tester and the specific protocol specifications, a formal and automatic verification method is always required. In this paper, we propose an extended model of IOLTS to describe the legal roles and intruders of security protocol implementations, and then combine them together to generate the suitable test cases to verify the security of protocol implementation.

  19. Deployment Models: Towards Eliminating Security Concerns From Cloud Computing

    OpenAIRE

    Zhao, Gansen; Chunming, Rong; Jaatun, Martin Gilje; Sandnes, Frode Eika

    2010-01-01

    Cloud computing has become a popular choice as an alternative to investing new IT systems. When making decisions on adopting cloud computing related solutions, security has always been a major concern. This article summarizes security concerns in cloud computing and proposes five service deployment models to ease these concerns. The proposed models provide different security related features to address different requirements and scenarios and can serve as reference models for deployment. D...

  20. Analyzing and Specifying Reusable Security Requirements

    Science.gov (United States)

    2003-09-01

    avionics applications and ecommerce applications need to specify levels of identification, authentication, authorization, integrity, privacy , etc. At...sections specifying functional requirements. Thus, the functional requirements for an embedded avionics application and an ecommerce website may have... Privacy (a.k.a., confidentiality), which is the degree to which sensitive data and communications are kept private from unauthorized individuals and

  1. Security Theorems via Model Theory

    Directory of Open Access Journals (Sweden)

    Joshua Guttman

    2009-11-01

    Full Text Available A model-theoretic approach can establish security theorems for cryptographic protocols. Formulas expressing authentication and non-disclosure properties of protocols have a special form. They are quantified implications for all xs . (phi implies for some ys . psi. Models (interpretations for these formulas are *skeletons*, partially ordered structures consisting of a number of local protocol behaviors. *Realized* skeletons contain enough local sessions to explain all the behavior, when combined with some possible adversary behaviors. We show two results. (1 If phi is the antecedent of a security goal, then there is a skeleton A_phi such that, for every skeleton B, phi is satisfied in B iff there is a homomorphism from A_phi to B. (2 A protocol enforces for all xs . (phi implies for some ys . psi iff every realized homomorphic image of A_phi satisfies psi. Hence, to verify a security goal, one can use the Cryptographic Protocol Shapes Analyzer CPSA (TACAS, 2007 to identify minimal realized skeletons, or "shapes," that are homomorphic images of A_phi. If psi holds in each of these shapes, then the goal holds.

  2. Enforcing a security pattern in stakeholder goal models

    OpenAIRE

    Yu, Yijun; Kaiya, Haruhiko; Washizaki, Hironori; Xiong, Yingfei; Hu, Zhenjiang; Yoshioka, Nobukazu

    2008-01-01

    Patterns are useful knowledge about recurring problems and solutions. Detecting a security problem using patterns in requirements models may lead to its early solution. In order to facilitate early detection and resolution of security problems, in this paper, we formally describe a role-based access control (RBAC) as a pattern that may occur in stakeholder requirements models. We also implemented in our goal-oriented modeling tool the formally described pattern using model-driven queries and ...

  3. Information security requirements in patient-centred healthcare support systems.

    Science.gov (United States)

    Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

    2013-01-01

    Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

  4. A Novel Model for Security Evaluation for Compliance

    DEFF Research Database (Denmark)

    Hald, Sara Ligaard; Pedersen, Jens Myrup; Prasad, Neeli R.

    2011-01-01

    for Compliance (SEC) model offers a lightweight alternative for use by decision makers to get a quick overview of the security attributes of different technologies for easy comparison and requirement compliance evaluation. The scientific contribution is this new approach to security modelling as well...

  5. Network model of security system

    Directory of Open Access Journals (Sweden)

    Adamczyk Piotr

    2016-01-01

    Full Text Available The article presents the concept of building a network security model and its application in the process of risk analysis. It indicates the possibility of a new definition of the role of the network models in the safety analysis. Special attention was paid to the development of the use of an algorithm describing the process of identifying the assets, vulnerability and threats in a given context. The aim of the article is to present how this algorithm reduced the complexity of the problem by eliminating from the base model these components that have no links with others component and as a result and it was possible to build a real network model corresponding to reality.

  6. Functional Security Model: Managers Engineers Working Together

    Science.gov (United States)

    Guillen, Edward Paul; Quintero, Rulfo

    2008-05-01

    Information security has a wide variety of solutions including security policies, network architectures and technological applications, they are usually designed and implemented by security architects, but in its own complexity this solutions are difficult to understand by company managers and they are who finally fund the security project. The main goal of the functional security model is to achieve a solid security platform reliable and understandable in the whole company without leaving of side the rigor of the recommendations and the laws compliance in a single frame. This paper shows a general scheme of the model with the use of important standards and tries to give an integrated solution.

  7. Security Management Model in Cloud Computing Environment

    OpenAIRE

    Ahmadpanah, Seyed Hossein

    2016-01-01

    In the cloud computing environment, cloud virtual machine (VM) will be more and more the number of virtual machine security and management faced giant Challenge. In order to address security issues cloud computing virtualization environment, this paper presents a virtual machine based on efficient and dynamic deployment VM security management model state migration and scheduling, study of which virtual machine security architecture, based on AHP (Analytic Hierarchy Process) virtual machine de...

  8. How to Compare the Security Quality Requirements Engineering (SQUARE) Method with Other Methods

    National Research Council Canada - National Science Library

    Mead, Nancy R

    2007-01-01

    The Security Quality Requirements Engineering (SQUARE) method, developed at the Carnegie Mellon Software Engineering Institute, provides a systematic way to identify security requirements in a software development project...

  9. CRISP. Information Security Models and Their Economics

    International Nuclear Information System (INIS)

    Gustavsson, R.; Mellstrand, P.; Tornqvist, B.

    2005-03-01

    The deliverable D1.6 includes background material and specifications of a CRISP Framework on protection of information assets related to power net management and management of business operations related to energy services. During the project it was discovered by the CRISP consortium that the original description of WP 1.6 was not adequate for the project as such. The main insight was that the original emphasis on cost-benefit analysis of security protection measures was to early to address in the project. This issue is of course crucial in itself but requires new models of consequence analysis that still remains to be developed, especially for the new business models we are investigated in the CRISP project. The updated and approved version of the WP1.6 description, together with the also updated WP2.4 focus on Dependable ICT support of Power Grid Operations constitutes an integrated approach towards dependable and secure future utilities and their business processes. This document (D1.6) is a background to deliverable D2.4. Together they provide a dependability and security framework to the three CRISP experiments in WP3

  10. Information Security Policy Modeling for Network Security Systems

    Directory of Open Access Journals (Sweden)

    Dmitry Sergeevich Chernyavskiy

    2014-12-01

    Full Text Available Policy management for network security systems (NSSs is one of the most topical issues of network security management. Incorrect configurations of NSSs lead to system outages and appearance of vulnerabilities. Moreover, policy management process is a time-consuming task, which includes significant amount of manual work. These factors reduce efficiency of NSSs’ utilization. The paper discusses peculiarities of policy management process and existing approaches to policy modeling, presents a model aimed to formalize policies for NSSs independently on NSSs’ platforms and select the most effective NSSs for implementation of the policies.

  11. Critically Important Object Security System Element Model

    Directory of Open Access Journals (Sweden)

    I. V. Khomyackov

    2012-03-01

    Full Text Available A stochastic model of critically important object security system element has been developed. The model includes mathematical description of the security system element properties and external influences. The state evolution of the security system element is described by the semi-Markov process with finite states number, the semi-Markov matrix and the initial semi-Markov process states probabilities distribution. External influences are set with the intensity of the Poisson thread.

  12. 21 CFR 1301.71 - Security requirements generally.

    Science.gov (United States)

    2010-04-01

    ... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Security requirements generally. 1301.71 Section 1301.71 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF..., cooperative buying, etc.); (2) The type and form of controlled substances handled (e.g., bulk liquids or...

  13. 31 CFR 203.21 - Collateral security requirements.

    Science.gov (United States)

    2010-07-01

    ... 31 Money and Finance: Treasury 2 2010-07-01 2010-07-01 false Collateral security requirements. 203.21 Section 203.21 Money and Finance: Treasury Regulations Relating to Money and Finance (Continued... hereunder; or (iv) The depositary is closed for business by regulatory action or by proper corporate action...

  14. Security Requirements for New Threats at International Airports

    Directory of Open Access Journals (Sweden)

    Gabriel Nowacki

    2018-03-01

    Full Text Available The paper refers to security requirements for new threats international airports, taking specifically into consideration current challenges within processing of passengers, in light of types of current major threats, in a way ensuring positive passenger experience within their journey. In addition, within the scope of this paper, presented initial outcome of study research among professional aviation stakeholder?s environment, on current threats in the area of security and protection of airport infrastructure. The airports are a very demanding environment: seasonal traffic, fluctuating passenger volumes and last minute changes mean there is a lot of flexibility required in order to meet specific needs of airport authorities and their clients or the passengers (Dolnik, 2009. Therefore, security in aviation sector has been a big issue for civil aviation authorities, as airports are susceptible targets for terrorist attacks. The list of incidents is extensive and gets longer every year despite strict security measures. Within decades, aviation has become the backbone of our global economy bringing people to business, tourists to vacation destinations and products to markets. Statistically flying remains the safest mode of travelling compared to other modes of transportation. However, simultaneously terrorists and criminals continue in their quest to explore new ways of disrupting air transportation and the challenge to secure airports and airline assets remain real. This calls for greater awareness of security concerns in the aviation sector. The key element, how to protects against terrorist modus operandi, is to stay ahead of recent threats, incidents and breaches occurring worldwide. It requires implementation of effective data sharing systems, in order to proactively monitor potential risks and vulnerabilities within different type of aviation ecosystems.

  15. Using a security requirements engineering methodology in practice: The compliance with the Italian data protection legislation

    NARCIS (Netherlands)

    Massacci, F.; Prest, M.; Zannone, N.

    2005-01-01

    Extending Requirements Engineering modelling and formal analysis methodologies to cope with Security Requirements has been a major effort in the past decade. Yet, only few works describe complex case studies that show the ability of the informal and formal approaches to cope with the level

  16. Mathematical Modeling Applied to Maritime Security

    OpenAIRE

    Center for Homeland Defense and Security

    2010-01-01

    Center for Homeland Defense and Security, OUT OF THE CLASSROOM Download the paper: Layered Defense: Modeling Terrorist Transfer Threat Networks and Optimizing Network Risk Reduction” Students in Ted Lewis’ Critical Infrastructure Protection course are taught how mathematic modeling can provide...

  17. AVIATION SECURITY AS AN OBJECT OF MATHEMATICAL MODELING

    Directory of Open Access Journals (Sweden)

    N. Elisov Lev

    2017-01-01

    Full Text Available The paper presents a mathematical formulation of the problem formalization of the subject area related to aviation security in civil aviation. The formalization task is determined by the modern issue of providing aviation security. Aviationsecurity in modern systems is based upon organizational standard of security control. This standard doesn’t require calcu- lating the security level. It allows solving the aviation security task without estimating the solution and evaluating the per- formance of security facilities. The issue of acceptable aviation security level stays unsolved, because its control lies in inspections that determine whether the object security facilities meet the requirements or not. The pending problem is also in whether the requirements are calculable and the evaluation is subjective.Lately, there has been determined quite a certain tendency to consider aviation security issues from the perspective of its level optimal control with the following identification, calculation and evaluation problems solving and decision mak- ing. The obtained results analysis in this direction shows that it’s strongly recommended to move to object formalization problem, which provides a mathematical modeling for aviation security control optimization.In this case, the authors assume to find the answer in the process of object formalization. Therefore aviation secu- rity is presented as some security environment condition, which defines the parameters associated with the object protec-tion system quality that depends on the use of protective equipment in conditions of counteraction to factors of external andinternal threats. It is shown that the proposed model belongs to a class of boundary value problems described by differential equations in partial derivatives. The classification of boundary value problems is presented.

  18. On Protocol Security in the Cryptographic Model

    DEFF Research Database (Denmark)

    Nielsen, Jesper Buus

    you as possible. This is the general problem of secure multiparty computation. The usual way of formalizing the problem is to say that a number of parties who do not trust each other wish to compute some function of their local inputs, while keeping their inputs as secret as possible and guaranteeing...... the channels by which they communicate. A general solution to the secure multiparty computation problem is a compiler which given any feasible function describes an efficient protocol which allows the parties to compute the function securely on their local inputs over an open network. Over the past twenty...... years the secure multiparty computation problem has been the subject of a large body of research, both research into the models of multiparty computation and research aimed at realizing general secure multiparty computation. The main approach to realizing secure multiparty computation has been based...

  19. Computational Intelligence, Cyber Security and Computational Models

    CERN Document Server

    Anitha, R; Lekshmi, R; Kumar, M; Bonato, Anthony; Graña, Manuel

    2014-01-01

    This book contains cutting-edge research material presented by researchers, engineers, developers, and practitioners from academia and industry at the International Conference on Computational Intelligence, Cyber Security and Computational Models (ICC3) organized by PSG College of Technology, Coimbatore, India during December 19–21, 2013. The materials in the book include theory and applications for design, analysis, and modeling of computational intelligence and security. The book will be useful material for students, researchers, professionals, and academicians. It will help in understanding current research trends and findings and future scope of research in computational intelligence, cyber security, and computational models.

  20. A Model of Social Security?

    DEFF Research Database (Denmark)

    Rom-Jensen, Byron Zachary

    2017-01-01

    of Scandinavian achievements were variable in their ideological outlook and sometimes deliberately challenged the existence and goals of New Deal policies. Moreover, this essay explores the usage of Scandinavia in New Deal social legislation by examining the policymaking rhetoric of the Social Security Act...... and its 1939 amendments. The surprising plasticity of the Scandinavian image amongst policymakers ultimately reveals the fluid nature of both New Deal-era politics and the Scandinavian images it appropriated....

  1. Intelligent Model for Video Survillance Security System

    Directory of Open Access Journals (Sweden)

    J. Vidhya

    2013-12-01

    Full Text Available Video surveillance system senses and trails out all the threatening issues in the real time environment. It prevents from security threats with the help of visual devices which gather the information related to videos like CCTV’S and IP (Internet Protocol cameras. Video surveillance system has become a key for addressing problems in the public security. They are mostly deployed on the IP based network. So, all the possible security threats exist in the IP based application might also be the threats available for the reliable application which is available for video surveillance. In result, it may increase cybercrime, illegal video access, mishandling videos and so on. Hence, in this paper an intelligent model is used to propose security for video surveillance system which ensures safety and it provides secured access on video.

  2. Comparison of the Force Required for Dislodgement Between Secured and Unsecured Airways.

    Science.gov (United States)

    Davenport, Curtis; Martin-Gill, Christian; Wang, Henry E; Mayrose, James; Carlson, Jestin N

    2018-05-01

    Airway device placement and maintenance are of utmost importance when managing critically ill patients. The best method to secure airway devices is currently unknown. We sought to determine the force required to dislodge 4 types of airways with and without airway securing devices. We performed a prospective study using 4 commonly used airway devices (endotracheal tube [ETT], laryngeal mask airway [LMA], King laryngeal tube [King], and iGel) performed on 5 different mannequin models. All devices were removed twice per mannequin in random order, once unsecured and once secured as per manufacturers' recommendations; Thomas Tube Holder (Laerdal, Stavanger, Norway) for ETT, LMA, and King; custom tube holder for iGel. A digital force measuring device was attached to the exposed end of the airway device and gradually pulled vertically and perpendicular to the mannequin until the tube had been dislodged, defined as at least 4 cm of movement. Dislodgement force was reported as the maximum force recorded during dislodgement. We compared the relative difference in the secured and unsecured force for each device and between devices using a random-effects regression model accounting for variability in the manikins. The median dislodgment forces (interquartile range [IQR]) in pounds for each secured device were: ETT 13.3 (11.6, 14.1), LMA 16.6 (13.9, 18.3), King 21.7 (16.9, 25.1), and iGel 8 (6.8, 8.3). The median dislodgement forces for each unsecured device were: ETT 4.5 (4.3, 5), LMA 8.4 (6.8, 10.7), King 10.6 (8.2, 11.5), and iGel 3.9 (3.2, 4.2). The relative difference in dislodgement forces (95% confidence intervals) were higher for each device when secured: ETT 8.6 (6.2 to 11), LMA 8.8 (4.6 to 13), King 12.1 (7.2 to 16.6), iGel 4 (1.1 to 6.9). When compared to secured ETT, the King required greater dislodgement force (relative difference 8.6 [4.5-12.7]). The secured iGel required less force than the secured ETT (relative difference -4.8 [-8.9 to -0.8]). Compared with a

  3. Leadership in organizations with high security and reliability requirements

    International Nuclear Information System (INIS)

    Gonzalez, F.

    2013-01-01

    Developing leadership skills in organizations is the key to ensure the sustainability of excellent results in industries with high requirements safety and reliability. In order to have a model of leadership development specific to this type of organizations, Tecnatom in 2011, we initiated a project internal, to find and adapt a competency model to these requirements.

  4. Information Governance: A Model for Security in Medical Practice

    Directory of Open Access Journals (Sweden)

    Patricia A.H. Williams

    2007-03-01

    Full Text Available Information governance is becoming an important aspect of organisational accountability. In consideration that information is an integral asset of most organisations, the protection of this asset will increasingly rely on organisational capabilities in security.  In the medical arena this information is primarily sensitive patient-based information. Previous research has shown that application of security measures is a low priority for primary care medical practice and that awareness of the risks are seriously underestimated. Consequently, information security governance will be a key issue for medical practice in the future. Information security governance is a relatively new term and there is little existing research into how to meet governance requirements. The limited research that exists describes information security governance frameworks at a strategic level. However, since medical practice is already lagging in the implementation of appropriate security, such definition may not be practical although it is obviously desirable. This paper describes an on-going action research project undertaken in the area of medical information security, and presents a tactical approach model aimed at addressing information security governance and the protection of medical data. 

  5. Security Modeling on the Supply Chain Networks

    Directory of Open Access Journals (Sweden)

    Marn-Ling Shing

    2007-10-01

    Full Text Available In order to keep the price down, a purchaser sends out the request for quotation to a group of suppliers in a supply chain network. The purchaser will then choose a supplier with the best combination of price and quality. A potential supplier will try to collect the related information about other suppliers so he/she can offer the best bid to the purchaser. Therefore, confidentiality becomes an important consideration for the design of a supply chain network. Chen et al. have proposed the application of the Bell-LaPadula model in the design of a secured supply chain network. In the Bell-LaPadula model, a subject can be in one of different security clearances and an object can be in one of various security classifications. All the possible combinations of (Security Clearance, Classification pair in the Bell-LaPadula model can be thought as different states in the Markov Chain model. This paper extends the work done by Chen et al., provides more details on the Markov Chain model and illustrates how to use it to monitor the security state transition in the supply chain network.

  6. Modelling security properties in a grid-based operating system with anti-goals

    OpenAIRE

    Arenas, A.; Aziz, Benjamin; Bicarregui, J.; Matthews, B.; Yang, E.

    2008-01-01

    In this paper, we discuss the use of formal requirements-engineering techniques in capturing security requirements for a Grid-based operating system. We use KAOS goal model to represent two security goals for Grid systems, namely authorisation and single-sign on authentication. We apply goal-refinement to derive security requirements for these two security goals and we develop a model of antigoals and show how system vulnerabilities and threats to the security goals can arise from such anti-m...

  7. Detecting conflicts between functional and security requirements with Secure Tropos: John Rusnak and the Allied Irish Bank (Chapter 9)

    NARCIS (Netherlands)

    Massacci, F.; Zannone, N.; Giorgini, P.; Maiden, N.; Mylopoulos, J.; Yu, E.

    2011-01-01

    The last years have seen a growing concern on the security of information systems and, consequently, a call to arms for including security aspects during the entire development process. Unfortunately, most proposals treat security in system-oriented terms and model information systems through the

  8. FS-OpenSecurity: A Taxonomic Modeling of Security Threats in SDN for Future Sustainable Computing

    Directory of Open Access Journals (Sweden)

    Yunsick Sung

    2016-09-01

    Full Text Available Software Defined Networking (SDN has brought many changes in terms of the interaction processes between systems and humans. It has become the key enabler of software defined architecture, which allows enterprises to build a highly agile Information Technology (IT infrastructure. For Future Sustainability Computing (FSC, SDN needs to deliver on many information technology commitments—more automation, simplified design, increased agility, policy-based management, and network management bond to more liberal IT workflow systems. To address the sustainability problems, SDN needs to provide greater collaboration and tighter integration with networks, servers, and security teams that will have an impact on how enterprises design, plan, deploy and manage networks. In this paper, we propose FS-OpenSecurity, which is a new and pragmatic security architecture model. It consists of two novel methodologies, Software Defined Orchestrator (SDO and SQUEAK, which offer a robust and secure architecture. The secure architecture is required for protection from diverse threats. Usually, security administrators need to handle each threat individually. However, handling threats automatically by adapting to the threat landscape is a critical demand. Therefore, the architecture must handle defensive processes automatically that are collaboratively based on intelligent external and internal information.

  9. Using a Prediction Model to Manage Cyber Security Threats

    Directory of Open Access Journals (Sweden)

    Venkatesh Jaganathan

    2015-01-01

    Full Text Available Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

  10. Using a Prediction Model to Manage Cyber Security Threats.

    Science.gov (United States)

    Jaganathan, Venkatesh; Cherurveettil, Priyesh; Muthu Sivashanmugam, Premapriya

    2015-01-01

    Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

  11. Using a Prediction Model to Manage Cyber Security Threats

    Science.gov (United States)

    Muthu Sivashanmugam, Premapriya

    2015-01-01

    Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization. PMID:26065024

  12. A security modeling approach for web-service-based business processes

    DEFF Research Database (Denmark)

    Jensen, Meiko; Feja, Sven

    2009-01-01

    a transformation that automatically derives WS-SecurityPolicy-conformant security policies from the process model, which in conjunction with the generated WS-BPEL processes and WSDL documents provides the ability to deploy and run the complete security-enhanced process based on Web Service technology.......The rising need for security in SOA applications requires better support for management of non-functional properties in web-based business processes. Here, the model-driven approach may provide valuable benefits in terms of maintainability and deployment. Apart from modeling the pure functionality...... of a process, the consideration of security properties at the level of a process model is a promising approach. In this work-in-progress paper we present an extension to the ARIS SOA Architect that is capable of modeling security requirements as a separate security model view. Further we provide...

  13. User Modelling Validation over the Security Awareness of Digital Natives

    Directory of Open Access Journals (Sweden)

    Vasileios Gkioulos

    2017-07-01

    Full Text Available Young generations make extensive use of mobile devices, such as smart-phones, tablets and laptops, for a variety of daily tasks with potentially critical impact, while the number of security breaches via portable devices increases exponentially. A plethora of security risks associated with these devices are induced by design shortcomings and vulnerabilities related to user behavior. Therefore, deploying suitable risk treatments requires the investigation of how security experts perceive the digital natives (young people, born in the digital era, when utilizing their user behavior models in the design and analysis of related systems. In this article, we present the results of a survey performed across a multinational sample of security professionals, in comparison to our earlier study over the security awareness of digital natives. Through this study, we seek to identify divergences between user behavior and the conceptual user-models that security experts utilise in their professional tasks. Our results indicate that the experts understanding over the user behaviour does not follow a solidified user-model, while influences from personal perceptions and randomness are also noticeable.

  14. Nuclear security assessment with Markov model approach

    International Nuclear Information System (INIS)

    Suzuki, Mitsutoshi; Terao, Norichika

    2013-01-01

    Nuclear security risk assessment with the Markov model based on random event is performed to explore evaluation methodology for physical protection in nuclear facilities. Because the security incidences are initiated by malicious and intentional acts, expert judgment and Bayes updating are used to estimate scenario and initiation likelihood, and it is assumed that the Markov model derived from stochastic process can be applied to incidence sequence. Both an unauthorized intrusion as Design Based Threat (DBT) and a stand-off attack as beyond-DBT are assumed to hypothetical facilities, and performance of physical protection and mitigation and minimization of consequence are investigated to develop the assessment methodology in a semi-quantitative manner. It is shown that cooperation between facility operator and security authority is important to respond to the beyond-DBT incidence. (author)

  15. Software Security and the "Building Security in Maturity" Model

    CERN Document Server

    CERN. Geneva

    2011-01-01

    Using the framework described in my book "Software Security: Building Security In" I will discuss and describe the state of the practice in software security. This talk is peppered with real data from the field, based on my work with several large companies as a Cigital consultant. As a discipline, software security has made great progress over the last decade. Of the sixty large-scale software security initiatives we are aware of, thirty-two---all household names---are currently included in the BSIMM study. Those companies among the thirty-two who graciously agreed to be identified include: Adobe, Aon, Bank of America, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, Google, Intel, Intuit, McKesson, Microsoft, Nokia, QUALCOMM, Sallie Mae, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, VMware, and Wells Fargo. The BSIMM was created by observing and analyzing real-world data from thirty-two leading software security initiatives. The BSIMM can...

  16. 77 FR 63849 - Facility Security Officer Training Requirements; Correction

    Science.gov (United States)

    2012-10-17

    ... DEPARTMENT OF HOMELAND SECURITY Coast Guard [Docket No. USCG-2012-0908] Facility Security Officer... comments on the development of a Facility Security Officer training program. The notice contains an inaccurate Internet link to RSVP for the public meeting. DATES: The notice of public meeting; request for...

  17. 17 CFR 41.21 - Requirements for underlying securities.

    Science.gov (United States)

    2010-04-01

    ... underlying security is: (i) Common stock, (ii) Such other equity security as the Commission and the SEC jointly deem appropriate, or (iii) A note, bond, debenture, or evidence of indebtedness; and (3) The... Exchange Act of 1934; (3) The securities in the index are: (i) Common stock, (ii) Such other equity...

  18. Probabilistic reasoning with graphical security models

    NARCIS (Netherlands)

    Kordy, Barbara; Pouly, Marc; Schweitzer, Patrick

    This work provides a computational framework for meaningful probabilistic evaluation of attack–defense scenarios involving dependent actions. We combine the graphical security modeling technique of attack–defense trees with probabilistic information expressed in terms of Bayesian networks. In order

  19. Modelling mobility aspects of security policies

    NARCIS (Netherlands)

    Hartel, Pieter H.; van Eck, Pascal; Etalle, Sandro; Wieringa, Roelf J.; Barthe, G.; Burdy, L.; Huisman, Marieke; Lanet, J.-L.; Muntean, T.

    Security policies are rules that constrain the behaviour of a system. Different, largely unrelated sets of rules typically govern the physical and logical worlds. However, increased hardware and software mobility forces us to consider those rules in an integrated fashion. We present SPIN models of

  20. Security model for picture archiving and communication systems.

    Science.gov (United States)

    Harding, D B; Gac, R J; Reynolds, C T; Romlein, J; Chacko, A K

    2000-05-01

    The modern information revolution has facilitated a metamorphosis of health care delivery wrought with the challenges of securing patient sensitive data. To accommodate this reality, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). While final guidance has not fully been resolved at this time, it is up to the health care community to develop and implement comprehensive security strategies founded on procedural, hardware and software solutions in preparation for future controls. The Virtual Radiology Environment (VRE) Project, a landmark US Army picture archiving and communications system (PACS) implemented across 10 geographically dispersed medical facilities, has addressed that challenge by planning for the secure transmission of medical images and reports over their local (LAN) and wide area network (WAN) infrastructure. Their model, which is transferable to general PACS implementations, encompasses a strategy of application risk and dataflow identification, data auditing, security policy definition, and procedural controls. When combined with hardware and software solutions that are both non-performance limiting and scalable, the comprehensive approach will not only sufficiently address the current security requirements, but also accommodate the natural evolution of the enterprise security model.

  1. A improved Network Security Situation Awareness Model

    Directory of Open Access Journals (Sweden)

    Li Fangwei

    2015-08-01

    Full Text Available In order to reflect the situation of network security assessment performance fully and accurately, a new network security situation awareness model based on information fusion was proposed. Network security situation is the result of fusion three aspects evaluation. In terms of attack, to improve the accuracy of evaluation, a situation assessment method of DDoS attack based on the information of data packet was proposed. In terms of vulnerability, a improved Common Vulnerability Scoring System (CVSS was raised and maked the assessment more comprehensive. In terms of node weights, the method of calculating the combined weights and optimizing the result by Sequence Quadratic Program (SQP algorithm which reduced the uncertainty of fusion was raised. To verify the validity and necessity of the method, a testing platform was built and used to test through evaluating 2000 DAPRA data sets. Experiments show that the method can improve the accuracy of evaluation results.

  2. What Isn't Working and New Requirements. The Need to Harmonize Safety and Security Requirements

    International Nuclear Information System (INIS)

    Flory, D.

    2011-01-01

    The year 2011 marks the 50th anniversary of the first IAEA regulations governing the transport of radioactive material. However transport safety at the IAEA obviously predates this, since the regulations took time to develop. In 1957, GC. 1/1 already states: 'The Agency should undertake studies with a view to the establishment of regulations relating to the international transportation of radioactive materials. ...'. And goes further: 'The transport of radioisotopes and radiation sources has brought to light many problems and involves the need for uniform packaging and shipping regulations ... facilitate the acceptance of such materials by sea and air carriers'. This conference reiterates the challenge given then through the sub-title 'The next fifty years - Creating a Safe, Secure and Sustainable Framework'. Looking back, we can see that the sustainable framework was a goal in 1957, where radioactive material could be transported should it be desired. Since these early days we have added to safety the need to ensure security. However we still see the same calls today to eradicate denial of shipment, which might suggest we have not progressed. But the picture today is very different - we have today well established requirements for safe transport of radioactive material, and the recommendations for security in transport are coming of age for all radioactive materials. The outstanding issue would seem to be harmonisation, not just between safety and security in IAEA documents, but also harmonisation between Member States.

  3. A Business Goal Driven Approach for Understanding and Specifying Information Security Requirements

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most

  4. 19 CFR 113.1 - Authority to require security or execution of bond.

    Science.gov (United States)

    2010-04-01

    ... 19 Customs Duties 1 2010-04-01 2010-04-01 false Authority to require security or execution of bond. 113.1 Section 113.1 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY CUSTOMS BONDS General Provisions § 113.1 Authority to require security or...

  5. What Isn’t Working and New Requirements. The Need to Harmonize Safety and Security Requirements

    International Nuclear Information System (INIS)

    Flory, D.

    2016-01-01

    This paper sets out the key issues for consideration at the transport conference. It will introduce each of the aspects of the framework for safe, secure and sustainable transport, building on the description of the existing situation presented in Session 1A. It will discuss purpose of the IAEA framework, and examine the scientific basis, the IAEA recommendations and requirements, the UN interface, the use of conventions, national implementation, industry compliance, communication and information, response and restoration. It will also look at the activities and related requirements outside of transport which could influence the transport frameworks either in a positive or negative manner. (author)

  6. Systems Security Engineering Capability Maturity Model SSE-CMM Model Description Document

    National Research Council Canada - National Science Library

    1999-01-01

    The Systems Security Engineering Capability Maturity Model (SSE-CMM) describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering...

  7. Adaptable Authentication Model: Exploring Security with Weaker Attacker Models

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    suffer because of the identified vulnerabilities. Therefore, we may need to analyze a protocol for weaker notions of security. In this paper, we present a security model that supports such weaker notions. In this model, the overall goals of an authentication protocol are broken into a finer granularity......; for each fine level authentication goal, we determine the “least strongest-attacker” for which the authentication goal can be satisfied. We demonstrate that this model can be used to reason about the security of supposedly insecure protocols. Such adaptability is particularly useful in those applications...

  8. Research on network information security model and system construction

    OpenAIRE

    Wang Haijun

    2016-01-01

    It briefly describes the impact of large data era on China’s network policy, but also brings more opportunities and challenges to the network information security. This paper reviews for the internationally accepted basic model and characteristics of network information security, and analyses the characteristics of network information security and their relationship. On the basis of the NIST security model, this paper describes three security control schemes in safety management model and the...

  9. On Business-Driven IT Security Management and Mismatches between Security Requirements in Firms, Industry Standards and Research Work

    Science.gov (United States)

    Frühwirth, Christian

    Industry managers have long recognized the vital importance of information security for their businesses, but at the same time they perceived security as a technology-driven rather then a business-driven field. Today, this notion is changing and security management is shifting from technology- to business-oriented approaches. Whereas there is evidence of this shift in the literature, this paper argues that security standards and academic work have not yet taken it fully into account. We examine whether this disconnect has lead to a misalignment of IT security requirements in businesses versus industry standards and academic research. We conducted 13 interviews with practitioners from 9 different firms to investigate this question. The results present evidence for a significant gap between security requirements in industry standards and actually reported security vulnerabilities. We further find mismatches between the prioritization of security factors in businesses, standards and real-world threats. We conclude that security in companies serves the business need of protecting information availability to keep the business running at all times.

  10. Risk and business goal based security requirement and countermeasure prioritization

    NARCIS (Netherlands)

    Herrmann, A.; Morali, A.; Etalle, S.; Wieringa, R.J.; Niedrite, L.; Strazdina, R.; Wangler, B.

    2012-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement "good-enough security" but need to be able to justify their security investment plans. Currently companies achieve this by means of

  11. 33 CFR 105.305 - Facility Security Assessment (FSA) requirements.

    Science.gov (United States)

    2010-07-01

    ... evacuation routes and assembly stations; and (viii) Existing security and safety equipment for protection of... protection systems; (iv) Procedural policies; (v) Radio and telecommunication systems, including computer... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Facility Security Assessment (FSA...

  12. Mission Assurance Modeling and Simulation: A Cyber Security Roadmap

    Science.gov (United States)

    Gendron, Gerald; Roberts, David; Poole, Donold; Aquino, Anna

    2012-01-01

    This paper proposes a cyber security modeling and simulation roadmap to enhance mission assurance governance and establish risk reduction processes within constrained budgets. The term mission assurance stems from risk management work by Carnegie Mellon's Software Engineering Institute in the late 19905. By 2010, the Defense Information Systems Agency revised its cyber strategy and established the Program Executive Officer-Mission Assurance. This highlights a shift from simply protecting data to balancing risk and begins a necessary dialogue to establish a cyber security roadmap. The Military Operations Research Society has recommended a cyber community of practice, recognizing there are too few professionals having both cyber and analytic experience. The authors characterize the limited body of knowledge in this symbiotic relationship. This paper identifies operational and research requirements for mission assurance M&S supporting defense and homeland security. M&S techniques are needed for enterprise oversight of cyber investments, test and evaluation, policy, training, and analysis.

  13. 78 FR 77606 - Security Requirements for Facilities Storing Spent Nuclear Fuel

    Science.gov (United States)

    2013-12-24

    ... NUCLEAR REGULATORY COMMISSION 10 CFR Parts 72 and 73 [NRC-2009-0558] RIN 3150-AI78 Security... rulemaking that would revise the security requirements for storing spent nuclear fuel (SNF) in an independent... Nuclear Security and Incident Response, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001...

  14. 75 FR 65881 - Ownership Limitations and Governance Requirements for Security-Based Swap Clearing Agencies...

    Science.gov (United States)

    2010-10-26

    ... it determines they are necessary or appropriate to improve the governance of, or to mitigate systemic... Part IV Securities and Exchange Commission 17 CFR Part 242 Ownership Limitations and Governance... Ownership Limitations and Governance Requirements for Security- Based Swap Clearing Agencies, Security-Based...

  15. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization (extended version)

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.

    2010-01-01

    Today, companies are required to be in control of the security of their IT assets. This is especially challenging in the presence of limited budgets and conflicting requirements. Here, we present Risk-Based Requirements Elicitation and Prioritization (RiskREP), a method for managing IT security

  16. A Secure Operational Model for Mobile Payments

    Directory of Open Access Journals (Sweden)

    Tao-Ku Chang

    2014-01-01

    Full Text Available Instead of paying by cash, check, or credit cards, customers can now also use their mobile devices to pay for a wide range of services and both digital and physical goods. However, customers’ security concerns are a major barrier to the broad adoption and use of mobile payments. In this paper we present the design of a secure operational model for mobile payments in which access control is based on a service-oriented architecture. A customer uses his/her mobile device to get authorization from a remote server and generate a two-dimensional barcode as the payment certificate. This payment certificate has a time limit and can be used once only. The system also provides the ability to remotely lock and disable the mobile payment service.

  17. Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

    OpenAIRE

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    2012-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. Currently companies achieve this by means of checklist-based security assessments, but these methods are a way to achieve consensus without being able to provide justifications of countermeasures in terms of business goals. But such justificat...

  18. The Arctic Region: A Requirement for New Security Architecture?

    Science.gov (United States)

    2013-03-01

    cooperation and mutually beneficial partnerships . Denmark’s security policy states that existing international law and established forums of cooperation...increase leadership in multinational forum and, develop comprehensive partnerships without the need to create a new security organization. Figure 3...Arctic region. Endnotes 1 Government of Canada, “Canada’s Arctic foreign policy” (Ottawa, Canada, 2007), 2. 2 WWF Global, “Arctic oil and gas”, http

  19. Modeling and Security in Cloud Ecosystems

    Directory of Open Access Journals (Sweden)

    Eduardo B. Fernandez

    2016-04-01

    Full Text Available Clouds do not work in isolation but interact with other clouds and with a variety of systems either developed by the same provider or by external entities with the purpose to interact with them; forming then an ecosystem. A software ecosystem is a collection of software systems that have been developed to coexist and evolve together. The stakeholders of such a system need a variety of models to give them a perspective of the possibilities of the system, to evaluate specific quality attributes, and to extend the system. A powerful representation when building or using software ecosystems is the use of architectural models, which describe the structural aspects of such a system. These models have value for security and compliance, are useful to build new systems, can be used to define service contracts, find where quality factors can be monitored, and to plan further expansion. We have described a cloud ecosystem in the form of a pattern diagram where its components are patterns and reference architectures. A pattern is an encapsulated solution to a recurrent problem. We have recently expanded these models to cover fog systems and containers. Fog Computing is a highly-virtualized platform that provides compute, storage, and networking services between end devices and Cloud Computing Data Centers; a Software Container provides an execution environment for applications sharing a host operating system, binaries, and libraries with other containers. We intend to use this architecture to answer a variety of questions about the security of this system as well as a reference to design interacting combinations of heterogeneous components. We defined a metamodel to relate security concepts which is being expanded.

  20. Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users

    OpenAIRE

    Vladislav D. Veksler; Norbou Buchler; Blaine E. Hoffman; Daniel N. Cassenti; Char Sample; Shridat Sugrim

    2018-01-01

    Computational models of cognitive processes may be employed in cyber-security tools, experiments, and simulations to address human agency and effective decision-making in keeping computational networks secure. Cognitive modeling can addresses multi-disciplinary cyber-security challenges requiring cross-cutting approaches over the human and computational sciences such as the following: (a) adversarial reasoning and behavioral game theory to predict attacker subjective utilities and decision li...

  1. How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns

    NARCIS (Netherlands)

    Compagna, L.; El Khoury, P.; Krausová, A.; Massacci, F.; Zannone, N.

    2009-01-01

    Laws set requirements that force organizations to assess the security and privacy of their IT systems and impose them to implement minimal precautionary security measures. Several IT solutions (e.g., Privacy Enhancing Technologies, Access Control Infrastructure, etc.) have been proposed to address

  2. Reputation based security model for android applications

    OpenAIRE

    Tesfay, Welderufael Berhane; Booth, Todd; Andersson, Karl

    2012-01-01

    The market for smart phones has been booming in the past few years. There are now over 400,000 applications on the Android market. Over 10 billion Android applications have been downloaded from the Android market. Due to the Android popularity, there are now a large number of malicious vendors targeting the platform. Many honest end users are being successfully hacked on a regular basis. In this work, a cloud based reputation security model has been proposed as a solution which greatly mitiga...

  3. Requirements Modeling with Agent Programming

    Science.gov (United States)

    Dasgupta, Aniruddha; Krishna, Aneesh; Ghose, Aditya K.

    Agent-oriented conceptual modeling notations are highly effective in representing requirements from an intentional stance and answering questions such as what goals exist, how key actors depend on each other, and what alternatives must be considered. In this chapter, we review an approach to executing i* models by translating these into set of interacting agents implemented in the CASO language and suggest how we can perform reasoning with requirements modeled (both functional and non-functional) using i* models. In this chapter we particularly incorporate deliberation into the agent design. This allows us to benefit from the complementary representational capabilities of the two frameworks.

  4. Automated analysis of security requirements through risk-based argumentation

    NARCIS (Netherlands)

    Yu, Yijun; Nunes Leal Franqueira, V.; Tun, Thein Tan; Wieringa, Roelf J.; Nuseibeh, Bashar

    2015-01-01

    Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about

  5. Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. Currently companies achieve this by means of

  6. 21 CFR 1309.71 - General security requirements.

    Science.gov (United States)

    2010-04-01

    ... I chemicals handled; (2) The location of the premises and the relationship such location bears on... employees having access to List I chemicals; (7) The procedures for handling business guests, visitors... materials and plans regarding the proposed security controls and procedures either to the Special Agent in...

  7. Security in transnational interoperable PPDR communications: Threats and requirements

    NARCIS (Netherlands)

    Ferrús, R.; Sallent, O.; Verkoelen, C.; Fransen, F.; Saijonmaa, J.; Olivieri, C.; Duits, M.; Galin, A.; Pangallo, F.; Modi, D.P.

    2015-01-01

    The relevance of cross border security operations has been identified as a priority at European level for a long time. A European network where Public Protection and Disaster Relief (PPDR) forces share communications processes and a legal framework would greatly enforce response to disaster recovery

  8. WIRELESS SENSOR NETWORKS – ARCHITECTURE, SECURITY REQUIREMENTS, SECURITY THREATS AND ITS COUNTERMEASURES

    OpenAIRE

    Ranjit Panigrahi; Kalpana Sharma; M.K. Ghose

    2013-01-01

    Wireless Sensor Network (WSN) has a huge range of applications such as battlefield, surveillance, emergency rescue operation and smart home technology etc. Apart from its inherent constraints such as limited memory and energy resources, when deployed in hostile environmental conditions, the sensor nodes are vulnerable to physical capture and other security constraints. These constraints put security as a major challenge for the researchers in the field of computer networking. T...

  9. 14 CFR 1274.937 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-01-01

    ... information technology resources. 1274.937 Section 1274.937 Aeronautics and Space NATIONAL AERONAUTICS AND... Conditions § 1274.937 Security requirements for unclassified information technology resources. Security Requirements for Unclassified Information Technology Resources July 2002 (a) The Recipient shall be responsible...

  10. 48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Security requirements for unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information technology...

  11. 7 CFR 771.9 - Interest rates, terms, security requirements, and repayment.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 7 2010-01-01 2010-01-01 false Interest rates, terms, security requirements, and... Interest rates, terms, security requirements, and repayment. (a) Interest rate. The interest rate will be fixed for the term of the loan. The rate will be established by FSA, based upon the cost of Government...

  12. 7 CFR 773.19 - Interest rate, terms, security requirements, and repayment.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 7 2010-01-01 2010-01-01 false Interest rate, terms, security requirements, and... SERVICE AGENCY, DEPARTMENT OF AGRICULTURE SPECIAL PROGRAMS SPECIAL APPLE LOAN PROGRAM § 773.19 Interest rate, terms, security requirements, and repayment. (a) Interest rate. The interest rate will be fixed...

  13. 7 CFR 774.18 - Interest rate, terms and security requirements.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 7 2010-01-01 2010-01-01 false Interest rate, terms and security requirements. 774.18..., DEPARTMENT OF AGRICULTURE SPECIAL PROGRAMS EMERGENCY LOAN FOR SEED PRODUCERS PROGRAM § 774.18 Interest rate, terms and security requirements. (a) Interest rate. (1) The interest rate on the loan will be zero...

  14. 28 CFR 105.11 - Individuals not requiring a security risk assessment.

    Science.gov (United States)

    2010-07-01

    ... requiring a security risk assessment. (a) Citizens and nationals of the United States. A citizen or national... 28 Judicial Administration 2 2010-07-01 2010-07-01 false Individuals not requiring a security risk assessment. 105.11 Section 105.11 Judicial Administration DEPARTMENT OF JUSTICE (CONTINUED) CRIMINAL HISTORY...

  15. 12 CFR 208.35 - Qualification requirements for transactions in certain securities. [Reserved

    Science.gov (United States)

    2010-01-01

    ... requirements for transactions in certain securities. [Reserved] ... 12 Banks and Banking 2 2010-01-01 2010-01-01 false Qualification requirements for transactions in certain securities. [Reserved] 208.35 Section 208.35 Banks and Banking FEDERAL RESERVE SYSTEM BOARD OF...

  16. E-learning stakeholders information security vulnerability model

    OpenAIRE

    Mohd Alwi, Najwa Hayaati

    2012-01-01

    The motivation to conduct this research has come from awareness that the Internet exposes the e-learning environment to information security threats and vulnerabilities. Information security management as practised as a top down approach in many organisations tend to detach of people’s responsibility in ensuring the security of e-learning. Literature has pointed out that people’s behaviour required to be addressed to control the information security threats. This research proposes an ISM huma...

  17. Bayesian Network Models in Cyber Security: A Systematic Review

    OpenAIRE

    Chockalingam, S.; Pieters, W.; Herdeiro Teixeira, A.M.; van Gelder, P.H.A.J.M.; Lipmaa, Helger; Mitrokotsa, Aikaterini; Matulevicius, Raimundas

    2017-01-01

    Bayesian Networks (BNs) are an increasingly popular modelling technique in cyber security especially due to their capability to overcome data limitations. This is also instantiated by the growth of BN models development in cyber security. However, a comprehensive comparison and analysis of these models is missing. In this paper, we conduct a systematic review of the scientific literature and identify 17 standard BN models in cyber security. We analyse these models based on 9 different criteri...

  18. Implementing Cyber Security Requirements and Mechanisms in Microgrids

    OpenAIRE

    Mohan , Apurva; Khurana , Himanshu

    2015-01-01

    Part 4: INFRASTRUCTURE SECURITY; International audience; A microgrid is a collection of distributed energy resources, storage and loads under common coordination and control that provides a single functional interface to enable its management as a single unit. Microgrids provide several advantages such as power quality control, uninterrupted power supply and integration of renewable resources. However, microgrids are increasingly connected to the Internet for remote control and management, wh...

  19. On the Need for Relaxed Security Models

    DEFF Research Database (Denmark)

    Slides for the opening panel on "Issues in the Security of Wireless Network systems" at ICETE 2008.......Slides for the opening panel on "Issues in the Security of Wireless Network systems" at ICETE 2008....

  20. OPNET Modeler Simulation Testing of the New Model Used to Cooperation Between QoS and Security Mechanisms

    Directory of Open Access Journals (Sweden)

    Jan Papaj

    2012-01-01

    Full Text Available In this article the performance analysis of the new model, used to integration between QoS and Security, is introduced. OPNET modeler simulation testing of the new model with comparation with the standard model is presented. This new model enables the process of cooperation between QoS and Security in MANET. The introduction how the model is implemented to the simulation OPNET modeler is also showed. Model provides possibilities to integration and cooperation of QoS and security by the cross layer design (CLD with modified security service vector (SSV. An overview of the simulation tested of the new model, comparative study in mobile ad-hoc networks, describe requirements and directions for adapted solutions are presented. Main idea of the testing is to show how QoS and Security related services could be provided simultaneously with using minimal interfering with each service.

  1. A study of the security technology and a new security model for WiFi network

    Science.gov (United States)

    Huang, Jing

    2013-07-01

    The WiFi network is one of the most rapidly developing wireless communication networks, which makes wireless office and wireless life possible and greatly expands the application form and scope of the internet. At the same time, the WiFi network security has received wide attention, and this is also the key factor of WiFi network development. This paper makes a systematic introduction to the WiFi network and WiFi network security problems, and the WiFi network security technology are reviewed and compared. In order to solve the security problems in WiFi network, this paper presents a new WiFi network security model and the key exchange algorithm. Experiments are performed to test the performance of the model, the results show that the new security model can withstand external network attack and ensure stable and safe operation of WiFi network.

  2. The IEA Model of Short-term Energy Security

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    2011-07-01

    Ensuring energy security has been at the centre of the IEA mission since its inception, following the oil crises of the early 1970s. While the security of oil supplies remains important, contemporary energy security policies must address all energy sources and cover a comprehensive range of natural, economic and political risks that affect energy sources, infrastructures and services. In response to this challenge, the IEA is currently developing a Model Of Short-term Energy Security (MOSES) to evaluate the energy security risks and resilience capacities of its member countries. The current version of MOSES covers short-term security of supply for primary energy sources and secondary fuels among IEA countries. It also lays the foundation for analysis of vulnerabilities of electricity and end-use energy sectors. MOSES contains a novel approach to analysing energy security, which can be used to identify energy security priorities, as a starting point for national energy security assessments and to track the evolution of a country's energy security profile. By grouping together countries with similar 'energy security profiles', MOSES depicts the energy security landscape of IEA countries. By extending the MOSES methodology to electricity security and energy services in the future, the IEA aims to develop a comprehensive policy-relevant perspective on global energy security. This Working Paper is intended for readers who wish to explore the MOSES methodology in depth; there is also a brochure which provides an overview of the analysis and results.

  3. Model-based security engineering for the internet of things

    OpenAIRE

    NEISSE RICARDO; STERI GARY; NAI FOVINO Igor; BALDINI Gianmarco; VAN HOESEL Lodewijk

    2015-01-01

    We propose in this chapter a Model-based Security Toolkit (SecKit) and methodology to address the control and protection of user data in the deployment of the Internet of Things (IoT). This toolkit takes a more general approach for security engineering including risk analysis, establishment of aspect-specific trust relationships, and enforceable security policies. We describe the integrated metamodels used in the toolkit and the accompanying security engineering methodology for IoT systems...

  4. The National Security Education Program and Its Service Requirement: An Exploratory Study of What Areas of Government and for What Duration National Security Education Program Recipients Have Worked

    Science.gov (United States)

    Comp, David J.

    2013-01-01

    The National Security Education Program, established under the National Security Education Act of 1991, has had a post-funding service requirement in the Federal Government for undergraduate scholarship and graduate fellowship recipients since its inception. The service requirement, along with the concern that the National Security Education…

  5. Secure OpenID Authentication Model by Using Trusted Computing

    Directory of Open Access Journals (Sweden)

    E. Ghazizadeh

    2014-01-01

    Full Text Available The growth of Internet online services has been very quick in recent years. Each online service requires Internet users to create a new account to use the service. The problem can be seen when each user usually needs more than one service and, consequently, has numerous accounts. These numerous accounts have to be managed in a secure and simple way to be protected against identity theft. Single sign-on (SSO and OpenID have been used to decrease the complexity of managing numerous accounts required in the Internet identity environment. Trusted Platform Module (TPM and Trust Multitenancy are great trusted computing-based technologies to solve security concerns in the Internet identity environment. Since trust is one of the pillars of security in the cloud, this paper analyzes the existing cloud identity techniques in order to investigate their strengths and weaknesses. This paper proposes a model in which One Time Password (OTP, TPM, and OpenID are used to provide a solution against phishing as a common identity theft in cloud environment.

  6. Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production

    DEFF Research Database (Denmark)

    Coles, Graeme D; Wratten, Stephen D; Porter, John Roy

    2016-01-01

    Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively...... and nutritional security will largely be an outcome of national or regional agroeconomies addressing their own food needs. We hope that our model will be used for similar analyses of food production systems in other countries, agroecological zones and economies....

  7. THE MODEL FOR RISK ASSESSMENT ERP-SYSTEMS INFORMATION SECURITY

    Directory of Open Access Journals (Sweden)

    V. S. Oladko

    2016-12-01

    Full Text Available The article deals with the problem assessment of information security risks in the ERP-system. ERP-system functions and architecture are studied. The model malicious impacts on levels of ERP-system architecture are composed. Model-based risk assessment, which is the quantitative and qualitative approach to risk assessment, built on the partial unification 3 methods for studying the risks of information security - security models with full overlapping technique CRAMM and FRAP techniques developed.

  8. Critical water requirements for food, methodology and policy consequences for food security

    NARCIS (Netherlands)

    Gerbens-Leenes, P.W.; Nonhebel, S.

    2004-01-01

    Food security and increasing water scarcity have a dominant place on the food policy agenda. Food security requires sufficient water of adequate quality because water is a prerequisite for plant growth. Nowadays, agriculture accounts for 70% of the worldwide human fresh water use. The expected

  9. SOME QUESTIONS OF THE GRID AND NEURAL NETWORK MODELING OF AIRPORT AVIATION SECURITY CONTROL TASKS

    Directory of Open Access Journals (Sweden)

    N. Elisov Lev

    2017-01-01

    Full Text Available The authors’ original problem-solution-approach concerning aviation security management in civil aviation apply- ing parallel calculation processes method and the usage of neural computers is considered in this work. The statement of secure environment modeling problems for grid models and with the use of neural networks is presented. The research sub- ject area of this article is airport activity in the field of civil aviation, considered in the context of aviation security, defined as the state of aviation security against unlawful interference with the aviation field. The key issue in this subject area is aviation safety provision at an acceptable level. In this case, airport security level management becomes one of the main objectives of aviation security. Aviation security management is organizational-regulation in modern systems that can no longer correspond to changing requirements, increasingly getting complex and determined by external and internal envi- ronment factors, associated with a set of potential threats to airport activity. Optimal control requires the most accurate identification of management parameters and their quantitative assessment. The authors examine the possibility of applica- tion of mathematical methods for the modeling of security management processes and procedures in their latest works. Par- allel computing methods and network neurocomputing for modeling of airport security control processes are examined in this work. It is shown that the methods’ practical application of the methods is possible along with the decision support system, where the decision maker plays the leading role.

  10. Safeguards and security modeling for electrochemical plants

    International Nuclear Information System (INIS)

    Cipiti, B.B.; Duran, F.A.; Mendoza, L.A.; Parks, M.J.; Dominguez, D.; Le, T.D.

    2013-01-01

    Safeguards and security design for reprocessing plants can lead to excessive costs if not incorporated early in the design process. The design for electrochemical plants is somewhat uncertain since these plants have not been built at a commercial scale in the past. The Separation and Safeguards Performance Model (SSPM), developed at Sandia National Laboratories, has been used for safeguards design and evaluation for multiple reprocessing plant types. The SSPM includes the following capabilities: -) spent fuel source term library, -) mass tracking of elements 1-99 and bulk solid/liquids, -) tracking of heat load and activity, -) customisable measurement points, -) automated calculation of ID and error propagation, -) alarm conditions and statistical tests, and -) user-defined diversion scenarios. Materials accountancy and process monitoring data can provide more timely detection of material loss specifically to protect against the insider threat. While the SSPM is capable of determining detection probabilities and examining detection times for material loss scenarios, it does not model the operations or spatial effects for a plant design. The STAGE software was chosen to model the physical protection system. STAGE provides a framework to create end-to-end scalable force-on-force combat simulations. It allows for a complete 3D model of a facility to be designed along with the design of physical protection elements. This software, then, can be used to model operations and response for various material loss scenarios. The future integration of the SSPM model data with the STAGE software will provide a more complete analysis of diversion scenarios to assist plant designers

  11. Safeguards and security modeling for electrochemical plants

    Energy Technology Data Exchange (ETDEWEB)

    Cipiti, B.B.; Duran, F.A.; Mendoza, L.A.; Parks, M.J.; Dominguez, D.; Le, T.D. [Sandia National Laboratories, PO Box 5800 MS 0747, Albuquerque, NM 87185 (United States)

    2013-07-01

    Safeguards and security design for reprocessing plants can lead to excessive costs if not incorporated early in the design process. The design for electrochemical plants is somewhat uncertain since these plants have not been built at a commercial scale in the past. The Separation and Safeguards Performance Model (SSPM), developed at Sandia National Laboratories, has been used for safeguards design and evaluation for multiple reprocessing plant types. The SSPM includes the following capabilities: -) spent fuel source term library, -) mass tracking of elements 1-99 and bulk solid/liquids, -) tracking of heat load and activity, -) customisable measurement points, -) automated calculation of ID and error propagation, -) alarm conditions and statistical tests, and -) user-defined diversion scenarios. Materials accountancy and process monitoring data can provide more timely detection of material loss specifically to protect against the insider threat. While the SSPM is capable of determining detection probabilities and examining detection times for material loss scenarios, it does not model the operations or spatial effects for a plant design. The STAGE software was chosen to model the physical protection system. STAGE provides a framework to create end-to-end scalable force-on-force combat simulations. It allows for a complete 3D model of a facility to be designed along with the design of physical protection elements. This software, then, can be used to model operations and response for various material loss scenarios. The future integration of the SSPM model data with the STAGE software will provide a more complete analysis of diversion scenarios to assist plant designers.

  12. Modelling the System of Ensuring the Investment Security

    Directory of Open Access Journals (Sweden)

    Moroz Maxim O.

    2017-11-01

    Full Text Available The article explores approaches to modelling the system of ensuring the investment security. Necessity of observance of investment security of Ukraine has been substantiated. The author’s own vision of the modelling essentials has been provided. The eligibility for consideration of the system of ensuring the investment security of Ukraine in the functional, structural, process, formative, and factor aspects has been proved. The target setting and tasks of a functional model of the system of ensuring the investment security have been defined. The functions, subjects, organizational-economic mechanisms of the system of ensuring the investment security of Ukraine have been characterized. A structural model of the system of ensuring the investment security has been presented. Special attention has been given to the definition of objects of direct and indirect influence, control and controlled subsystems, aggregate of indicators, safe levels, principles of formation of the investment security system. The process and formative models of the system of ensuring the investment security, as well as the algorithm of the complex assessment of the level of investment security, were analyzed in detail. Measures to ensure the investment security of Ukraine have been defined.

  13. METHOD FOR SECURITY SPECIFICATION SOFTWARE REQUIREMENTS AS A MEANS FOR IMPLEMENTING A SOFTWARE DEVELOPMENT PROCESS SECURE - MERSEC

    Directory of Open Access Journals (Sweden)

    Castro Mecías, L.T.

    2015-06-01

    Full Text Available Often security incidents that have the object or use the software as a means of causing serious damage and legal, economic consequences, etc. Results of a survey by Kaspersky Lab reflectvulnerabilities in software are the main cause of security incidents in enterprises, the report shows that 85% of them have reported security incidents and vulnerabilities in software are the main reason is further estimated that incidents can cause significant losses estimated from 50,000 to $ 649.000. (1 In this regard academic and industry research focuses on proposals based on reducing vulnerabilities and failures of technology, with a positive influence on how the software is developed. A development process for improved safety practices and should include activities from the initial phases of the software; so that security needs are identified, manage risk and appropriate measures are implemented. This article discusses a method of analysis, acquisition and requirements specification of the software safety analysis on the basis of various proposals and deficiencies identified from participant observation in software development teams. Experiments performed using the proposed yields positive results regarding the reduction of security vulnerabilities and compliance with the safety objectives of the software.

  14. High Assurance Models for Secure Systems

    Science.gov (United States)

    Almohri, Hussain M. J.

    2013-01-01

    Despite the recent advances in systems and network security, attacks on large enterprise networks consistently impose serious challenges to maintaining data privacy and software service integrity. We identify two main problems that contribute to increasing the security risk in a networked environment: (i) vulnerable servers, workstations, and…

  15. Aspect-oriented security hardening of UML design models

    CERN Document Server

    Mouheb, Djedjiga; Pourzandi, Makan; Wang, Lingyu; Nouh, Mariam; Ziarati, Raha; Alhadidi, Dima; Talhi, Chamseddine; Lima, Vitor

    2015-01-01

    This book comprehensively presents a novel approach to the systematic security hardening of software design models expressed in the standard UML language. It combines model-driven engineering and the aspect-oriented paradigm to integrate security practices into the early phases of the software development process. To this end, a UML profile has been developed for the specification of security hardening aspects on UML diagrams. In addition, a weaving framework, with the underlying theoretical foundations, has been designed for the systematic injection of security aspects into UML models. The

  16. Re-designing the PhEDEx Security Model

    Science.gov (United States)

    C-H, Huang; Wildish, T.; X, Zhang

    2014-06-01

    PhEDEx, the data-placement tool used by the CMS experiment at the LHC, was conceived in a more trusting time. The security model provided a safe environment for site agents and operators, but offerred little more protection than that. Data was not sufficiently protected against loss caused by operator error or software bugs or by deliberate manipulation of the database. Operators were given high levels of access to the database, beyond what was actually needed to accomplish their tasks. This exposed them to the risk of suspicion should an incident occur. Multiple implementations of the security model led to difficulties maintaining code, which can lead to degredation of security over time. In order to meet the simultaneous goals of protecting CMS data, protecting the operators from undue exposure to risk, increasing monitoring capabilities and improving maintainability of the security model, the PhEDEx security model was redesigned and re-implemented. Security was moved from the application layer into the database itself, fine-grained access roles were established, and tools and procedures created to control the evolution of the security model over time. In this paper we describe this work, we describe the deployment of the new security model, and we show how these enhancements improve security on several fronts simultaneously.

  17. Re-designing the PhEDEx security model

    International Nuclear Information System (INIS)

    Huang C-H; Wildish, T; Zhang X

    2014-01-01

    PhEDEx, the data-placement tool used by the CMS experiment at the LHC, was conceived in a more trusting time. The security model provided a safe environment for site agents and operators, but offerred little more protection than that. Data was not sufficiently protected against loss caused by operator error or software bugs or by deliberate manipulation of the database. Operators were given high levels of access to the database, beyond what was actually needed to accomplish their tasks. This exposed them to the risk of suspicion should an incident occur. Multiple implementations of the security model led to difficulties maintaining code, which can lead to degredation of security over time. In order to meet the simultaneous goals of protecting CMS data, protecting the operators from undue exposure to risk, increasing monitoring capabilities and improving maintainability of the security model, the PhEDEx security model was redesigned and re-implemented. Security was moved from the application layer into the database itself, fine-grained access roles were established, and tools and procedures created to control the evolution of the security model over time. In this paper we describe this work, we describe the deployment of the new security model, and we show how these enhancements improve security on several fronts simultaneously.

  18. SecureCore Software Architecture: Trusted Path Application (TPA) Requirements

    National Research Council Canada - National Science Library

    Clark, Paul C; Irvine, Cynthia E; Levin, Timothy E; Nguyen, Thuy D; Vidas, Timothy M

    2007-01-01

    .... A high-level architecture is described to provide such features. In addition, a usage scenario is described for a potential use of the architecture, with emphasis on the trusted path, a non-spoofable user interface to the trusted components of the system. Detailed requirements for the trusted path are provided.

  19. Bayesian Network Models in Cyber Security: A Systematic Review

    NARCIS (Netherlands)

    Chockalingam, S.; Pieters, W.; Herdeiro Teixeira, A.M.; van Gelder, P.H.A.J.M.; Lipmaa, Helger; Mitrokotsa, Aikaterini; Matulevicius, Raimundas

    2017-01-01

    Bayesian Networks (BNs) are an increasingly popular modelling technique in cyber security especially due to their capability to overcome data limitations. This is also instantiated by the growth of BN models development in cyber security. However, a comprehensive comparison and analysis of these

  20. A security model for saas in cloud computing

    International Nuclear Information System (INIS)

    Abbas, R.; Farooq, A.

    2016-01-01

    Cloud computing is a type of computing that relies on sharing computing resources rather than having local servers or personal devices to handle applications. It has many service modes like Software as-a-Service (SaaS), Platform-as-a-Service (PaaS), Infrastructure-as-a-Service (IaaS). In SaaS model, service providers install and activate the applications in cloud and cloud customers access the software from cloud. So, the user does not have the need to purchase and install a particular software on his/her machine. While using SaaS model, there are multiple security issues and problems like Data security, Data breaches, Network security, Authentication and authorization, Data integrity, Availability, Web application security and Backup which are faced by users. Many researchers minimize these security problems by putting in hard work. A large work has been done to resolve these problems but there are a lot of issues that persist and need to overcome. In this research work, we have developed a security model that improves the security of data according to the desire of the End-user. The proposed model for different data security options can be helpful to increase the data security through which trade-off between functionalities can be optimized for private and public data. (author)

  1. Human resources requirements for diabetic patients healthcare in primary care clinics of the Mexican Institute of Social Security

    Directory of Open Access Journals (Sweden)

    Svetlana V Doubova

    2013-11-01

    Full Text Available Objective. To estimate the requirements of human resources (HR of two models of care for diabetes patients: conventional and specific, also called DiabetIMSS, which are provided in primary care clinics of the Mexican Institute of Social Security (IMSS. Materials and methods. An evaluative research was conducted. An expert group identified the HR activities and time required to provide healthcare consistent with the best clinical practices for diabetic patients. HR were estimated by using the evidence-based adjusted service target approach for health workforce planning; then, comparisons between existing and estimated HRs were made. Results. To provide healthcare in accordance with the patients’ metabolic control, the conventional model required increasing the number of family doctors (1.2 times nutritionists (4.2 times and social workers (4.1 times. The DiabetIMSS model requires greater increase than the conventional model. Conclusions. Increasing HR is required to provide evidence-based healthcare to diabetes patients.

  2. A model-driven approach to information security compliance

    Science.gov (United States)

    Correia, Anacleto; Gonçalves, António; Teodoro, M. Filomena

    2017-06-01

    The availability, integrity and confidentiality of information are fundamental to the long-term survival of any organization. Information security is a complex issue that must be holistically approached, combining assets that support corporate systems, in an extended network of business partners, vendors, customers and other stakeholders. This paper addresses the conception and implementation of information security systems, conform the ISO/IEC 27000 set of standards, using the model-driven approach. The process begins with the conception of a domain level model (computation independent model) based on information security vocabulary present in the ISO/IEC 27001 standard. Based on this model, after embedding in the model mandatory rules for attaining ISO/IEC 27001 conformance, a platform independent model is derived. Finally, a platform specific model serves the base for testing the compliance of information security systems with the ISO/IEC 27000 set of standards.

  3. Lowering social security's duration-of-marriage requirement: distributional effects for future female retirees.

    Science.gov (United States)

    Tamborini, Christopher R; Whitman, Kevin

    2010-01-01

    A number of alternatives to Social Security's auxiliary benefit system have been proposed in the context of changes in American family and work patterns. This article focuses on one modification therein-lowering the 10-year duration-of-marriage requirement for divorced spouses. Using a powerful microsimulation model (MINT), we examine the distributional effects of extending spouse and survivor benefit eligibility to 5- and 7-year marriages ending in divorce among female retirees in 2030, a population largely comprised of baby boomers. Results show that the options would increase benefits for a small share of female retirees, around 2 to 4%, and would not affect the vast majority of low-income divorced older women. However, of those affected, the options would substantially increase benefits and lower incidence of poverty and near poor. Low-income divorced retirees with marriages between 5 and 9 years in length and a deceased former spouse face the greatest potential gains.

  4. Privacy and data security in E-health: requirements from the user's perspective.

    Science.gov (United States)

    Wilkowska, Wiktoria; Ziefle, Martina

    2012-09-01

    In this study two currently relevant aspects of using medical assistive technologies were addressed-security and privacy. In a two-step empirical approach that used focus groups (n = 19) and a survey (n = 104), users' requirements for the use of medical technologies were collected and evaluated. Specifically, we focused on the perceived importance of data security and privacy issues. Outcomes showed that both security and privacy aspects play an important role in the successful adoption of medical assistive technologies in the home environment. In particular, analysis of data with respect to gender, health-status and age (young, middle-aged and old users) revealed that females and healthy adults require, and insist on, the highest security and privacy standards compared with males and the ailing elderly.

  5. Meeting the security requirements of electronic medical records in the ERA of high-speed computing.

    Science.gov (United States)

    Alanazi, H O; Zaidan, A A; Zaidan, B B; Kiah, M L Mat; Al-Bakri, S H

    2015-01-01

    This study has two objectives. First, it aims to develop a system with a highly secured approach to transmitting electronic medical records (EMRs), and second, it aims to identify entities that transmit private patient information without permission. The NTRU and the Advanced Encryption Standard (AES) cryptosystems are secured encryption methods. The AES is a tested technology that has already been utilized in several systems to secure sensitive data. The United States government has been using AES since June 2003 to protect sensitive and essential information. Meanwhile, NTRU protects sensitive data against attacks through the use of quantum computers, which can break the RSA cryptosystem and elliptic curve cryptography algorithms. A hybrid of AES and NTRU is developed in this work to improve EMR security. The proposed hybrid cryptography technique is implemented to secure the data transmission process of EMRs. The proposed security solution can provide protection for over 40 years and is resistant to quantum computers. Moreover, the technique provides the necessary evidence required by law to identify disclosure or misuse of patient records. The proposed solution can effectively secure EMR transmission and protect patient rights. It also identifies the source responsible for disclosing confidential patient records. The proposed hybrid technique for securing data managed by institutional websites must be improved in the future.

  6. A model to secure a stable iodine concentration in milk

    Directory of Open Access Journals (Sweden)

    Gisken Trøan

    2015-12-01

    Full Text Available Background: Dairy products account for approximately 60% of the iodine intake in the Norwegian population. The iodine concentration in cow's milk varies considerably, depending on feeding practices, season, and amount of iodine and rapeseed products in cow fodder. The variation in iodine in milk affects the risk of iodine deficiency or excess in the population. Objective: The first goal of this study was to develop a model to predict the iodine concentration in milk based on the concentration of iodine and rapeseed or glucosinolate in feed, as a tool to securing stable iodine concentration in milk. A second aim was to estimate the impact of different iodine levels in milk on iodine nutrition in the Norwegian population. Design: Two models were developed on the basis of results from eight published and two unpublished studies from the past 20 years. The models were based on different iodine concentrations in the fodder combined with either glucosinolate (Model 1 or rapeseed cake/meal (Model 2. To illustrate the impact of different iodine concentrations in milk on iodine intake, we simulated the iodine contribution from dairy products in different population groups based on food intake data in the most recent dietary surveys in Norway. Results: The models developed could predict iodine concentration in milk. Cross-validation showed good fit and confirmed the explanatory power of the models. Our calculations showed that dairy products with current iodine level in milk (200 µg/kg cover 68, 49, 108 and 56% of the daily iodine requirements for men, women, 2-year-old children, and pregnant women, respectively. Conclusions: Securing a stable level of iodine in milk by adjusting iodine concentration in different cow feeds is thus important for preventing excess intake in small children and iodine deficiency in pregnant and non-pregnant women.

  7. Context aware adaptive security service model

    Science.gov (United States)

    Tunia, Marcin A.

    2015-09-01

    Present systems and devices are usually protected against different threats concerning digital data processing. The protection mechanisms consume resources, which are either highly limited or intensively utilized by many entities. The optimization of these resources usage is advantageous. The resources that are saved performing optimization may be utilized by other mechanisms or may be sufficient for longer time. It is usually assumed that protection has to provide specific quality and attack resistance. By interpreting context situation of business services - users and services themselves, it is possible to adapt security services parameters to countermeasure threats associated with current situation. This approach leads to optimization of used resources and maintains sufficient security level. This paper presents architecture of adaptive security service, which is context-aware and exploits quality of context data issue.

  8. 10 CFR 73.58 - Safety/security interface requirements for nuclear power reactors.

    Science.gov (United States)

    2010-01-01

    ... requirements for nuclear power reactors. (a) Each operating nuclear power reactor licensee with a license... 10 Energy 2 2010-01-01 2010-01-01 false Safety/security interface requirements for nuclear power reactors. 73.58 Section 73.58 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) PHYSICAL PROTECTION OF...

  9. Analysis of impact of noncompliance with physical-security requirements at nuclear facilities

    International Nuclear Information System (INIS)

    Green, J.N.

    1982-03-01

    Inspectors are required to analyze the impact of instances of noncompliance with physical security requirements at licensed nuclear facilities. A scoring procedure for components and a method for evaluating the effectiveness of the subsystems involved are proposed to reinforce an inspector's judgment about the remaining level of safeguards

  10. 78 FR 78470 - Registration and Financial Security Requirements for Freight Forwarders; International...

    Science.gov (United States)

    2013-12-26

    ...). See, e.g., Motor Carrier Financial Information Reporting Requirements-Request for Public Comments, 68...] Registration and Financial Security Requirements for Freight Forwarders; International Association of Movers... FURTHER INFORMATION CONTACT: Mr. Thomas Yager, Chief of Driver and Carrier Operations, (202) 366-4001 or...

  11. 13 CFR 107.1505 - Liquidity requirements for Licensees issuing Participating Securities.

    Science.gov (United States)

    2010-01-01

    ... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Liquidity requirements for... (Leverage) Participating Securities Leverage § 107.1505 Liquidity requirements for Licensees issuing... liquidity to avoid a condition of Liquidity Impairment. Such a condition will constitute noncompliance with...

  12. Nuclear security culture: a generic model for universal application

    International Nuclear Information System (INIS)

    Khripunov, I.

    2005-01-01

    Full text: Nuclear security culture found its way into professional parlance several years ago, but still lacks an agreed-upon definition and description. The February 2005 U.S.-Russian Joint Statement, issued at the presidential summit meeting in Bratislava, referred specifically to security culture, focusing renewed attention on the concept. Numerous speakers at the March 2005 International Atomic Energy Agency's (IAEA) international conference on nuclear security referred to security culture, but their visions and interpretations were often at odds with one another. Clearly, there is a need for a generic model of nuclear security culture with universal applicability. Internationally acceptable standards in this area would be invaluable for evaluation, comparison, cooperation, and assistance. They would also help international bodies better manage their relations with the nuclear sectors in various countries. This paper will develop such a model. It will use the IAEA definition of nuclear security, and then apply Edgar Schein's model of organizational culture to security culture at a generic nuclear facility. A cultural approach to physical protection involves determining what attitudes and beliefs need to be established in an organization, how these attitudes and beliefs manifest themselves in the behavior of assigned personnel, and how desirable attitudes and beliefs can be transcribed into formal working methods to produce good outcomes, i.e., effective protection. The security-culture mechanism I will propose is broken into four major units: facility leadership, proactive policies and procedures, personnel performance, and learning and professional improvement. The paper will amplify on the specific traits characteristic of each of these units. Security culture is not a panacea. In a time of mounting terrorist threats, it should nonetheless be looked upon as a necessary organizational tool that enhances the skills of nuclear personnel and ensures that

  13. ONTOLOGICAL MODEL OF STRATEGIC ECONOMIC SECURITY OF ENTERPRISE

    Directory of Open Access Journals (Sweden)

    L. A. Zaporozhtseva

    2014-01-01

    Full Text Available Article explains the necessity the application of the ontological approach to modeling the strategic economic security in the formalization of the basic categories of domain company recognized its benefits. Among the advantages of the model distinguishes its versatility and ability to describe various aspects of strategic security - the system strategies and goals of the organization and business processes; possibility of its use at different levels of detail - from the top-level description of the basic categories of management, to design-level analytic applications; as well as the adaptability of the model, with depth on particular aspects determined by practical necessity and not regulated methodology. The model integrates various aspects of the concept of enterprise architecture and organizes conceptual apparatus. Ontological model easy to understand and adjust as business architects and specialists in designing systems of economic security and offers many categories of verbal representation of the domain of the enterprise. Proved the feasibility of using process-functional approach in providing strategic economic security, according to which the components of such a security company proposed as business processes, finance, staff and contractors. The article presents the author's ontological model of strategic economic security, including endangered sites, the presence of factors that threaten the security of the object and the subject of providing security. Further, it is proved that in the subjects of security impact on the object using the tools, measures and activities within the strategy formed the mechanism is implemented managerial decisions to strengthen the strategic economic security. The process of diagnosis, detection, identification of threats of economic security, and the development of enterprise development strategies, taking into account its level of economic security must be under the constant supervision of the process of

  14. Econometric modeling of the balance of social security Brazil

    OpenAIRE

    Isaac Figueiredo de Sousa

    2009-01-01

    This work aims to build models using econometrics techniques to explain the components of the balance of Social Security System, or in other words, the net value of tax revenues and the benefit values of the General Regime of Social Security. These models were subjected to statistic validations indicated in the theoretical reference of econometrics, to apply the method of ordinary least square from the classic model of linear regression. From an increasing longevity and the gradual decr...

  15. A Novel Computer Virus Propagation Model under Security Classification

    Directory of Open Access Journals (Sweden)

    Qingyi Zhu

    2017-01-01

    Full Text Available In reality, some computers have specific security classification. For the sake of safety and cost, the security level of computers will be upgraded with increasing of threats in networks. Here we assume that there exists a threshold value which determines when countermeasures should be taken to level up the security of a fraction of computers with low security level. And in some specific realistic environments the propagation network can be regarded as fully interconnected. Inspired by these facts, this paper presents a novel computer virus dynamics model considering the impact brought by security classification in full interconnection network. By using the theory of dynamic stability, the existence of equilibria and stability conditions is analysed and proved. And the above optimal threshold value is given analytically. Then, some numerical experiments are made to justify the model. Besides, some discussions and antivirus measures are given.

  16. Border Security: A Conceptual Model of Complexity

    Science.gov (United States)

    2013-12-01

    law , constitutional powers, environmental regulations, and civil rights, http://tpplegal.files.wordpress.com/2012/05/isds-domestic-legal-process...Violation NAFTA North American Free Trade Agreement NII Non-Intrusive Inspection POE Port of Entry PPD-8 Presidential Policy Directive 8...security measured? What constitutes a measure of effectiveness for protection? These are all questions presented to representatives of the Department of

  17. Energy security, energy modelling and uncertainty

    Energy Technology Data Exchange (ETDEWEB)

    Markandya, Anil [Basque Centre for Climate Change (Spain); University of Bath (United Kingdom); Pemberton, Malcolm [University College London (United Kingdom)

    2010-04-15

    The paper develops a framework to analyze energy security in an expected utility framework, where there is a risk of disruption of imported energy. The analysis shows the importance of an energy tax as a tool in maximizing expected utility, and how the level of that tax varies according to the key parameters of the system: risk aversion, probability of disruption, demand elasticity and cost of disruption. (author)

  18. Energy security, energy modelling and uncertainty

    International Nuclear Information System (INIS)

    Markandya, Anil; Pemberton, Malcolm

    2010-01-01

    The paper develops a framework to analyze energy security in an expected utility framework, where there is a risk of disruption of imported energy. The analysis shows the importance of an energy tax as a tool in maximizing expected utility, and how the level of that tax varies according to the key parameters of the system: risk aversion, probability of disruption, demand elasticity and cost of disruption. (author)

  19. Adaptable Authentication Model - for Exploring the Weaker Notions of Security

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    achieve only a subset of all fine level goals. We believe that these flexible choices of attackers and security goals are more practical in many real world scenarios. An applications may require the protection against a weaker attacker and may require to achieve fewer security goals....... of communication security. One potent argument often presented is we keep designing new protocols due the demand of new type of applications and due to the discovery of flaws in existing protocols. While designing new protocols for new type of applications, such as RFID, is definitely an important driving factor....... In fact, the most of the published protocols are considered insecure from this point of view. In practice, however, this approach has a side effect, namely, we rarely bother to explore how much insecure is the protocol. This question asks us to explore the area between security and insecurity; after all...

  20. Analysis of the security and privacy requirements of cloud-based electronic health records systems.

    Science.gov (United States)

    Rodrigues, Joel J P C; de la Torre, Isabel; Fernández, Gonzalo; López-Coronado, Miguel

    2013-08-21

    The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients' medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access

  1. Optimizing ZigBee Security using Stochastic Model Checking

    DEFF Research Database (Denmark)

    Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

    , we identify an important gap in the specification on key updates, and present a methodology for determining optimal key update policies and security parameters. We exploit the stochastic model checking approach using the probabilistic model checker PRISM, and assess the security needs for realistic......ZigBee is a fairly new but promising wireless sensor network standard that offers the advantages of simple and low resource communication. Nevertheless, security is of great concern to ZigBee, and enhancements are prescribed in the latest ZigBee specication: ZigBee-2007. In this technical report...

  2. Secure Certificateless Signature with Revocation in the Standard Model

    Directory of Open Access Journals (Sweden)

    Tung-Tso Tsai

    2014-01-01

    previously proposed certificateless signature schemes were insecure under a considerably strong security model in the sense that they suffered from outsiders’ key replacement attacks or the attacks from the key generation center (KGC. In this paper, we propose a certificateless signature scheme without random oracles. Moreover, our scheme is secure under the strong security model and provides a public revocation mechanism, called revocable certificateless signature (RCLS. Under the standard computational Diffie-Hellman assumption, we formally demonstrate that our scheme possesses existential unforgeability against adaptive chosen-message attacks.

  3. General Approaches and Requirements on Safety and Security of Radioactive Materials Transport in Russian Federation

    International Nuclear Information System (INIS)

    Ershov, V.N.; Buchel'nikov, A.E.; Komarov, S.V.

    2016-01-01

    Development and implementation of safety and security requirements for transport of radioactive materials in the Russian Federation are addressed. At the outset it is worth noting that the transport safety requirements implemented are in full accordance with the IAEA's ''Regulations for the Safe Transport of Radioactive Material (2009 Edition)''. However, with respect to security requirements for radioactive material transport in some cases the Russian Federation requirements for nuclear material are more stringent compared to IAEA recommendations. The fundamental principles of safety and security of RM managements, recommended by IAEA documents (publications No. SF-1 and GOV/41/2001) are compared. Its correlation and differences concerning transport matters, the current level and the possibility of harmonization are analysed. In addition a reflection of the general approaches and concrete transport requirements is being evaluated. Problems of compliance assessment, including administrative and state control problems for safety and security provided at internal and international shipments are considered and compared. (author)

  4. Econometric modelling of economic security in business operations management

    OpenAIRE

    Chagovets, L. О.; Nevezhin, V. P.; Zakharova, О. V.

    2014-01-01

    The article deals with econometric modeling of economic security. The model of evaluating transaction costs effect on the level of enterprise economic security is provided. The econometric models of evaluating economic security that are used in research are based on panel data. According to the results, the reserves for increasing the general level of economic security due to transaction costs reduction are revealed. Розглянуто питання економетричного моделювання економічної безпеки. Предс...

  5. Security Process Capability Model Based on ISO/IEC 15504 Conformant Enterprise SPICE

    Directory of Open Access Journals (Sweden)

    Mitasiunas Antanas

    2014-07-01

    Full Text Available In the context of modern information systems, security has become one of the most critical quality attributes. The purpose of this paper is to address the problem of quality of information security. An approach to solve this problem is based on the main assumption that security is a process oriented activity. According to this approach, product quality can be achieved by means of process quality - process capability. Introduced in the paper, SPICE conformant information security process capability model is based on process capability modeling elaborated by world-wide software engineering community during the last 25 years, namely ISO/IEC 15504 that defines the capability dimension and the requirements for process definition and domain independent integrated model for enterprise-wide assessment and Enterprise SPICE improvement

  6. A Secure Network Coding-based Data Gathering Model and Its Protocol in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Qian Xiao

    2012-09-01

    Full Text Available To provide security for data gathering based on network coding in wireless sensor networks (WSNs, a secure network coding-based data gathering model is proposed, and a data-privacy preserving and pollution preventing (DPPaamp;PP protocol using network coding is designed. DPPaamp;PP makes use of a new proposed pollution symbol selection and pollution (PSSP scheme based on a new obfuscation idea to pollute existing symbols. Analyses of DPPaamp;PP show that it not only requires low overhead on computation and communication, but also provides high security on resisting brute-force attacks.

  7. The study and implementation of the wireless network data security model

    Science.gov (United States)

    Lin, Haifeng

    2013-03-01

    In recent years, the rapid development of Internet technology and the advent of information age, people are increasing the strong demand for the information products and the market for information technology. Particularly, the network security requirements have become more sophisticated. This paper analyzes the wireless network in the data security vulnerabilities. And a list of wireless networks in the framework is the serious defects with the related problems. It has proposed the virtual private network technology and wireless network security defense structure; and it also given the wireless networks and related network intrusion detection model for the detection strategies.

  8. Effective Electronic Security: Process for the Development and Validation from Requirements to Testing

    Science.gov (United States)

    2013-06-01

    ABBREVIATIONS ANSI American National Standards Institute ASIS American Society of Industrial Security CCTV Closed Circuit Television CONOPS...is globally recognized for the development and maintenance of standards. ASTM defines a specification as an explicit set of requirements...www.rkb.us/saver/. One of the SAVER reports titled CCTV Technology Handbook has a chapter on system design. The report uses terms like functional

  9. 77 FR 52692 - NIST Federal Information Processing Standard (FIPS) 140-3 (Second Draft), Security Requirements...

    Science.gov (United States)

    2012-08-30

    ...-03] NIST Federal Information Processing Standard (FIPS) 140-3 (Second Draft), Security Requirements....'' Authority: Federal Information Processing Standards (FIPS) are issued by the National Institute of Standards... Standards and Technology (NIST) seeks additional comments on specific sections of Federal Information...

  10. 48 CFR 1252.239-70 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-10-01

    ... unclassified information technology resources. 1252.239-70 Section 1252.239-70 Federal Acquisition Regulations... of Provisions and Clauses 1252.239-70 Security requirements for unclassified information technology... Unclassified Information Technology Resources (APR 2005) (a) The Contractor shall be responsible for...

  11. 48 CFR 3052.204-70 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-10-01

    ... unclassified information technology resources. 3052.204-70 Section 3052.204-70 Federal Acquisition Regulations... for unclassified information technology resources. As prescribed in (HSAR) 48 CFR 3004.470-3, insert a clause substantially the same as follows: Security Requirements for Unclassified Information Technology...

  12. Requirements for Secure Logging of Decentralized Cross-Organizational Workflow Executions

    NARCIS (Netherlands)

    Wombacher, Andreas; Wieringa, Roelf J.; Jonker, Willem; Knezevic, P.; Pokraev, S.; meersman, R; Tari, Z; herrero, p; Méndez, G.; Cavedon, L.; Martin, D.; Hinze, A.; Buchanan, G.

    2005-01-01

    The control of actions performed by parties involved in a decentralized cross-organizational workflow is done by several independent workflow engines. Due to the lack of a centralized coordination control, an auditing is required which supports a reliable and secure detection of malicious actions

  13. 20 CFR 703.203 - Application for security deposit determination; information to be submitted; other requirements.

    Science.gov (United States)

    2010-04-01

    ... 20 Employees' Benefits 3 2010-04-01 2010-04-01 false Application for security deposit determination; information to be submitted; other requirements. 703.203 Section 703.203 Employees' Benefits... each insurance rating service designated by the Branch and posted on the Internet at http://www.dol.gov...

  14. 75 FR 10973 - Hazardous Materials: Risk-Based Adjustment of Transportation Security Plan Requirements

    Science.gov (United States)

    2010-03-09

    ... (explosive) material; (3) More than 1 L (1.06 qt.) per package of a material poisonous by inhalation in... controlled; and 6.1 materials poisonous by inhalation. We also proposed to require security plans for any... happens very rapidly, and in the process, the propane combines readily with air to form fuel air mixtures...

  15. 76 FR 12645 - Ownership Limitations and Governance Requirements for Security-Based Swap Clearing Agencies...

    Science.gov (United States)

    2011-03-08

    ... 3235-AK74 Ownership Limitations and Governance Requirements for Security- Based Swap Clearing Agencies... the Dodd-Frank Act, the Commission shall adopt such rules if it determines that they are necessary or appropriate to improve the governance of, or to mitigate systemic risk, promote competition or mitigate...

  16. Spent fuel reprocessing system security engineering capability maturity model

    International Nuclear Information System (INIS)

    Liu Yachun; Zou Shuliang; Yang Xiaohua; Ouyang Zigen; Dai Jianyong

    2011-01-01

    In the field of nuclear safety, traditional work places extra emphasis on risk assessment related to technical skills, production operations, accident consequences through deterministic or probabilistic analysis, and on the basis of which risk management and control are implemented. However, high quality of product does not necessarily mean good safety quality, which implies a predictable degree of uniformity and dependability suited to the specific security needs. In this paper, we make use of the system security engineering - capability maturity model (SSE-CMM) in the field of spent fuel reprocessing, establish a spent fuel reprocessing systems security engineering capability maturity model (SFR-SSE-CMM). The base practices in the model are collected from the materials of the practice of the nuclear safety engineering, which represent the best security implementation activities, reflect the regular and basic work of the implementation of the security engineering in the spent fuel reprocessing plant, the general practices reveal the management, measurement and institutional characteristics of all process activities. The basic principles that should be followed in the course of implementation of safety engineering activities are indicated from 'what' and 'how' aspects. The model provides a standardized framework and evaluation system for the safety engineering of the spent fuel reprocessing system. As a supplement to traditional methods, this new assessment technique with property of repeatability and predictability with respect to cost, procedure and quality control, can make or improve the activities of security engineering to become a serial of mature, measurable and standard activities. (author)

  17. Activity Modelling and Comparative Evaluation of WSN MAC Security Attacks

    DEFF Research Database (Denmark)

    Pawar, Pranav M.; Nielsen, Rasmus Hjorth; Prasad, Neeli R.

    2012-01-01

    and initiate security attacks that disturb the normal functioning of the network in a severe manner. Such attacks affect the performance of the network by increasing the energy consumption, by reducing throughput and by inducing long delays. Of all existing WSN attacks, MAC layer attacks are considered...... the most harmful as they directly affect the available resources and thus the nodes’ energy consumption. The first endeavour of this paper is to model the activities of MAC layer security attacks to understand the flow of activities taking place when mounting the attack and when actually executing it....... The second aim of the paper is to simulate these attacks on hybrid MAC mechanisms, which shows the performance degradation of aWSN under the considered attacks. The modelling and implementation of the security attacks give an actual view of the network which can be useful in further investigating secure...

  18. 76 FR 34579 - Beneficial Ownership Reporting Requirements and Security-Based Swaps

    Science.gov (United States)

    2011-06-14

    ... beneficial ownership of the equity securities underlying derivative securities exercisable or convertible... exercise or conversion of any derivative security, whether or not presently exercisable.'' \\40\\ ``Derivative securities'' are ``any option, warrant, convertible security, stock appreciation right, or similar...

  19. POLICE OFFICE MODEL IMPROVEMENT FOR SECURITY OF SWARM ROBOTIC SYSTEMS

    Directory of Open Access Journals (Sweden)

    I. A. Zikratov

    2014-09-01

    Full Text Available This paper focuses on aspects of information security for group of mobile robotic systems with swarm intellect. The ways for hidden attacks realization by the opposing party on swarm algorithm are discussed. We have fulfilled numerical modeling of potentially destructive information influence on the ant shortest path algorithm. We have demonstrated the consequences of attacks on the ant algorithm with different concentration in a swarm of subversive robots. Approaches are suggested for information security mechanisms in swarm robotic systems, based on the principles of centralized security management for mobile agents. We have developed the method of forming a self-organizing information security management system for robotic agents in swarm groups implementing POM (Police Office Model – a security model based on police offices, to provide information security in multi-agent systems. The method is based on the usage of police station network in the graph nodes, which have functions of identification and authentication of agents, identifying subversive robots by both their formal characteristics and their behavior in the swarm. We have suggested a list of software and hardware components for police stations, consisting of: communication channels between the robots in police office, nodes register, a database of robotic agents, a database of encryption and decryption module. We have suggested the variants of logic for the mechanism of information security in swarm systems with different temporary diagrams of data communication between police stations. We present comparative analysis of implementation of protected swarm systems depending on the functioning logic of police offices, integrated in swarm system. It is shown that the security model saves the ability to operate in noisy environments, when the duration of the interference is comparable to the time necessary for the agent to overcome the path between police stations.

  20. Main control computer security model of closed network systems protection against cyber attacks

    Science.gov (United States)

    Seymen, Bilal

    2014-06-01

    The model that brings the data input/output under control in closed network systems, that maintains the system securely, and that controls the flow of information through the Main Control Computer which also brings the network traffic under control against cyber-attacks. The network, which can be controlled single-handedly thanks to the system designed to enable the network users to make data entry into the system or to extract data from the system securely, intends to minimize the security gaps. Moreover, data input/output record can be kept by means of the user account assigned for each user, and it is also possible to carry out retroactive tracking, if requested. Because the measures that need to be taken for each computer on the network regarding cyber security, do require high cost; it has been intended to provide a cost-effective working environment with this model, only if the Main Control Computer has the updated hardware.

  1. Methodology for Applying Cyber Security Risk Evaluation from BN Model to PSA Model

    Energy Technology Data Exchange (ETDEWEB)

    Shin, Jin Soo; Heo, Gyun Young [Kyung Hee University, Youngin (Korea, Republic of); Kang, Hyun Gook [KAIST, Dajeon (Korea, Republic of); Son, Han Seong [Joongbu University, Chubu (Korea, Republic of)

    2014-08-15

    There are several advantages to use digital equipment such as cost, convenience, and availability. It is inevitable to use the digital I and C equipment replaced analog. Nuclear facilities have already started applying the digital system to I and C system. However, the nuclear facilities also have to change I and C system even though it is difficult to use digital equipment due to high level of safety, irradiation embrittlement, and cyber security. A cyber security which is one of important concerns to use digital equipment can affect the whole integrity of nuclear facilities. For instance, cyber-attack occurred to nuclear facilities such as the SQL slammer worm, stuxnet, DUQU, and flame. The regulatory authorities have published many regulatory requirement documents such as U.S. NRC Regulatory Guide 5.71, 1.152, IAEA guide NSS-17, IEEE Standard, and KINS Regulatory Guide. One of the important problem of cyber security research for nuclear facilities is difficulty to obtain the data through the penetration experiments. Therefore, we make cyber security risk evaluation model with Bayesian network (BN) for nuclear reactor protection system (RPS), which is one of the safety-critical systems to trip the reactor when the accident is happened to the facilities. BN can be used for overcoming these problems. We propose a method to apply BN cyber security model to probabilistic safety assessment (PSA) model, which had been used for safety assessment of system, structure and components of facility. The proposed method will be able to provide the insight of safety as well as cyber risk to the facility.

  2. Methodology for Applying Cyber Security Risk Evaluation from BN Model to PSA Model

    International Nuclear Information System (INIS)

    Shin, Jin Soo; Heo, Gyun Young; Kang, Hyun Gook; Son, Han Seong

    2014-01-01

    There are several advantages to use digital equipment such as cost, convenience, and availability. It is inevitable to use the digital I and C equipment replaced analog. Nuclear facilities have already started applying the digital system to I and C system. However, the nuclear facilities also have to change I and C system even though it is difficult to use digital equipment due to high level of safety, irradiation embrittlement, and cyber security. A cyber security which is one of important concerns to use digital equipment can affect the whole integrity of nuclear facilities. For instance, cyber-attack occurred to nuclear facilities such as the SQL slammer worm, stuxnet, DUQU, and flame. The regulatory authorities have published many regulatory requirement documents such as U.S. NRC Regulatory Guide 5.71, 1.152, IAEA guide NSS-17, IEEE Standard, and KINS Regulatory Guide. One of the important problem of cyber security research for nuclear facilities is difficulty to obtain the data through the penetration experiments. Therefore, we make cyber security risk evaluation model with Bayesian network (BN) for nuclear reactor protection system (RPS), which is one of the safety-critical systems to trip the reactor when the accident is happened to the facilities. BN can be used for overcoming these problems. We propose a method to apply BN cyber security model to probabilistic safety assessment (PSA) model, which had been used for safety assessment of system, structure and components of facility. The proposed method will be able to provide the insight of safety as well as cyber risk to the facility

  3. Modelling operations and security of cloud systems using Z-notation and Chinese Wall security policy

    Science.gov (United States)

    Basu, Srijita; Sengupta, Anirban; Mazumdar, Chandan

    2016-11-01

    Enterprises are increasingly using cloud computing for hosting their applications. Availability of fast Internet and cheap bandwidth are causing greater number of people to use cloud-based services. This has the advantage of lower cost and minimum maintenance. However, ensuring security of user data and proper management of cloud infrastructure remain major areas of concern. Existing techniques are either too complex, or fail to properly represent the actual cloud scenario. This article presents a formal cloud model using the constructs of Z-notation. Principles of the Chinese Wall security policy have been applied to design secure cloud-specific operations. The proposed methodology will enable users to safely host their services, as well as process sensitive data, on cloud.

  4. Geomechanical Modeling for Improved CO2 Storage Security

    Science.gov (United States)

    Rutqvist, J.; Rinaldi, A. P.; Cappa, F.; Jeanne, P.; Mazzoldi, A.; Urpi, L.; Vilarrasa, V.; Guglielmi, Y.

    2017-12-01

    This presentation summarizes recent modeling studies on geomechanical aspects related to Geologic Carbon Sequestration (GCS,) including modeling potential fault reactivation, seismicity and CO2 leakage. The model simulations demonstrates that the potential for fault reactivation and the resulting seismic magnitude as well as the potential for creating a leakage path through overburden sealing layers (caprock) depends on a number of parameters such as fault orientation, stress field, and rock properties. The model simulations further demonstrate that seismic events large enough to be felt by humans requires brittle fault properties as well as continuous fault permeability allowing for the pressure to be distributed over a large fault patch to be ruptured at once. Heterogeneous fault properties, which are commonly encountered in faults intersecting multilayered shale/sandstone sequences, effectively reduce the likelihood of inducing felt seismicity and also effectively impede upward CO2 leakage. Site specific model simulations of the In Salah CO2 storage site showed that deep fractured zone responses and associated seismicity occurred in the brittle fractured sandstone reservoir, but at a very substantial reservoir overpressure close to the magnitude of the least principal stress. It is suggested that coupled geomechanical modeling be used to guide the site selection and assisting in identification of locations most prone to unwanted and damaging geomechanical changes, and to evaluate potential consequence of such unwanted geomechanical changes. The geomechanical modeling can be used to better estimate the maximum sustainable injection rate or reservoir pressure and thereby provide for improved CO2 storage security. Whether damaging geomechanical changes could actually occur very much depends on the local stress field and local reservoir properties such the presence of ductile rock and faults (which can aseismically accommodate for the stress and strain induced by

  5. DOE Integrated Safeguards and Security (DISS) historical document archival and retrieval analysis, requirements and recommendations

    Energy Technology Data Exchange (ETDEWEB)

    Guyer, H.B.; McChesney, C.A.

    1994-10-07

    The overall primary Objective of HDAR is to create a repository of historical personnel security documents and provide the functionality needed for archival and retrieval use by other software modules and application users of the DISS/ET system. The software product to be produced from this specification is the Historical Document Archival and Retrieval Subsystem The product will provide the functionality to capture, retrieve and manage documents currently contained in the personnel security folders in DOE Operations Offices vaults at various locations across the United States. The long-term plan for DISS/ET includes the requirement to allow for capture and storage of arbitrary, currently undefined, clearance-related documents that fall outside the scope of the ``cradle-to-grave`` electronic processing provided by DISS/ET. However, this requirement is not within the scope of the requirements specified in this document.

  6. An Integrative Behavioral Model of Information Security Policy Compliance

    Directory of Open Access Journals (Sweden)

    Sang Hoon Kim

    2014-01-01

    Full Text Available The authors found the behavioral factors that influence the organization members’ compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members’ attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1 the study is expected to play a role of the baseline for future research about organization members’ compliance with the information security policy, (2 the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3 the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training

  7. An integrative behavioral model of information security policy compliance.

    Science.gov (United States)

    Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

    2014-01-01

    The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing

  8. Document and author promotion strategies in the secure wiki model

    DEFF Research Database (Denmark)

    Lindberg, Kasper; Jensen, Christian D.

    2012-01-01

    Wiki systems form a subclass of the more general Open Collaborative Authoring Systems, where content is created by a user community. The ability of anyone to edit the content is, at the same time, their strength and their weakness. Anyone can write documents that improve the value of the wiki-system......, but this also means that anyone can introduce errors into documents, either by accident or on purpose. A security model for wiki-style authoring systems, called the Secure Wiki Model, has previously been proposed to address this problem. This model is designed to prevent corruption of good quality documents......, by limiting updates, to such documents, to users who have demonstrated their ability to produce documents of similar or better quality. While this security model prevents all user from editing all documents, it does respect the wiki philosophy by allowing any author who has produced documents of a certain...

  9. A Layered Decision Model for Cost-Effective System Security

    Energy Technology Data Exchange (ETDEWEB)

    Wei, Huaqiang; Alves-Foss, James; Soule, Terry; Pforsich, Hugh; Zhang, Du; Frincke, Deborah A.

    2008-10-01

    System security involves decisions in at least three areas: identification of well-defined security policies, selection of cost-effective defence strategies, and implementation of real-time defence tactics. Although choices made in each of these areas affect the others, existing decision models typically handle these three decision areas in isolation. There is no comprehensive tool that can integrate them to provide a single efficient model for safeguarding a network. In addition, there is no clear way to determine which particular combinations of defence decisions result in cost-effective solutions. To address these problems, this paper introduces a Layered Decision Model (LDM) for use in deciding how to address defence decisions based on their cost-effectiveness. To validate the LDM and illustrate how it is used, we used simulation to test model rationality and applied the LDM to the design of system security for an e-commercial business case.

  10. International Conference on Computational Intelligence, Cyber Security, and Computational Models

    CERN Document Server

    Ramasamy, Vijayalakshmi; Sheen, Shina; Veeramani, C; Bonato, Anthony; Batten, Lynn

    2016-01-01

    This book aims at promoting high-quality research by researchers and practitioners from academia and industry at the International Conference on Computational Intelligence, Cyber Security, and Computational Models ICC3 2015 organized by PSG College of Technology, Coimbatore, India during December 17 – 19, 2015. This book enriches with innovations in broad areas of research like computational modeling, computational intelligence and cyber security. These emerging inter disciplinary research areas have helped to solve multifaceted problems and gained lot of attention in recent years. This encompasses theory and applications, to provide design, analysis and modeling of the aforementioned key areas.

  11. Theft of Virtual Property — Towards Security Requirements for Virtual Worlds

    Science.gov (United States)

    Beyer, Anja

    The article is focused to introduce the topic of information technology security for Virtual Worlds to a security experts’ audience. Virtual Worlds are Web 2.0 applications where the users cruise through the world with their individually shaped avatars to find either amusement, challenges or the next best business deal. People do invest a lot of time but beyond they invest in buying virtual assets like fantasy witcheries, wepaons, armour, houses, clothes,...etc with the power of real world money. Although it is called “virtual” (which is often put on the same level as “not existent”) there is a real value behind it. In November 2007 dutch police arrested a seventeen years old teenager who was suspicted to have stolen virtual items in a Virtual World called Habbo Hotel [Reuters07]. In order to successfully provide security mechanisms into Virtual Worlds it is necessarry to fully understand the domain for which the security mechansims are defined. As Virtual Worlds must be clasified into the domain of Social Software the article starts with an overview of how to understand Web 2.0 and gives a short introduction to Virtual Worlds. The article then provides a consideration of assets of Virtual Worlds participants, describes how these assets can be threatened and gives an overview of appopriate security requirements and completes with an outlook of possible countermeasures.

  12. 77 FR 70213 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2012-11-23

    ...-market value of the proprietary positions (e.g., securities, money market instruments, and commodities... the deductions for securities and money market positions as compared with the standardized haircuts... and Markets, Securities and Exchange Commission, 100 F Street, NE., Washington, DC 20549-7010...

  13. Modeling of Integrated Security Systems in Higher Education

    Directory of Open Access Journals (Sweden)

    Iskandar Maratovich Azhmuhamedov

    2013-06-01

    Full Text Available It is proposed the model, which takes into account the main features of the integrated system of information security: weak structure, bad formal description, fuzzy description of the status of system components and the relationships between them. Adequacy of the model is tested on the example of Astrakhan State Technical University.

  14. Evaluation of Water Resource Security Based on an MIV-BP Model in a Karst Area

    Directory of Open Access Journals (Sweden)

    Liying Liu

    2018-06-01

    Full Text Available Evaluation of water resource security deserves particular attention in water resource planning and management. A typical karst area in Guizhou Province, China, was used as the research area in this paper. First, based on data from Guizhou Province for the past 10 years, the mean impact value–back propagation (MIV-BP model was used to analyze the factors influencing water resource security in the karst area. Second, 18 indices involving five aspects, water environment subsystem, social subsystem, economic subsystem, ecological subsystem, and human subsystem, were selected to establish an evaluation index of water resource security. Finally, a BP artificial neural network model was constructed to evaluate the water resource security of Guizhou Province from 2005 to 2014. The results show that water resource security in Guizhou, which was at a moderate warning level from 2005 to 2009 and a critical safety level from 2010 to 2014, has generally improved. Groundwater supply ratio, industrial water utilization rate, water use efficiency, per capita grain production, and water yield modulus were the obstacles to water resource security. Driving factors were comprehensive utilization rate of industrial solid waste, qualifying rate of industrial wastewater, above moderate rocky desertification area ratio, water requirement per unit gross domestic product (GDP, and degree of development and utilization of groundwater. Our results provide useful suggestions on the management of water resource security in Guizhou Province and a valuable reference for water resource research.

  15. New safety and security requirements for the transport of nuclear and other radioactive materials in Hungary

    International Nuclear Information System (INIS)

    Katona, T.; Horvath, K.; Safar, J.

    2016-01-01

    In addition to the promulgation of mode-specific regulations of international transport of dangerous goods, some Hungarian governmental and ministerial decrees impose further conditions upon the transport of nuclear and other radioactive materials. One of these ministerial decrees on the transport, carriage and packaging of radioactive materials is under revision and it will require • approval of emergency response plan (including security and safety contingency plan); • report on transport incidents and accidents for classifying them in accordance with the INES scale; • the competent authority to request experts’ support for the approval of package designs, radioactive material designs and shipments. Regarding the security of the transport of nuclear and other radioactive materials a new Hungarian governmental decree and a related guidance are about to be published which will supply additional requirements in the field of the transport security especially concerning radioactive materials, implementing - among others - IAEA recommendations of the NSS No9 and No14. The main and relevant features of the Hungarian nuclear regulatory system and the details of both new decrees regarding the safety and security issues of transport of nuclear and other radioactive materials will be discussed. (author)

  16. Investigation of a Markov Model for Computer System Security Threats

    Directory of Open Access Journals (Sweden)

    Alexey A. A. Magazev

    2017-01-01

    Full Text Available In this work, a model for computer system security threats formulated in terms of Markov processes is investigated. In the framework of this model the functioning of the computer system is considered as a sequence of failures and recovery actions which appear as results of information security threats acting on the system. We provide a detailed description of the model: the explicit analytical formulas for the probabilities of computer system states at any arbitrary moment of time are derived, some limiting cases are discussed, and the long-run dynamics of the system is analysed. The dependence of the security state probability (i.e. the state for which threats are absent on the probabilities of threats is separately investigated. In particular, it is shown that this dependence is qualitatively different for odd and even moments of time. For instance, in the case of one threat the security state probability demonstrates non-monotonic dependence on the probability of threat at even moments of time; this function admits at least one local minimum in its domain of definition. It is believed that the mentioned feature is important because it allows to locate the most dangerous areas of threats where the security state probability can be lower then the permissible level. Finally, we introduce an important characteristic of the model, called the relaxation time, by means of which we construct the permitting domain of the security parameters. Also the prospects of the received results application to the problem of finding the optimal values of the security parameters is discussed.

  17. Re-designing the PhEDEx security model

    CERN Document Server

    Wildish, Anthony

    2013-01-01

    PhEDEx. the data-placement tool used by the CMS experiment at the LHC, was conceived in a more trusting time. The security model was designed to provide a safe working environment for site agents and operators, but provided little more protection than that. CMS data was not sufficiently protected against accidental loss caused by operator error or software bugs or from loss of data caused by deliberate manipulation of the database. Operations staff were given high levels of access to the database, beyond what should have been needed to accomplish their tasks. This exposed them to the risk of suspicion should an incident occur. Multiple implementations of the security model led to difficulties maintaining code, which can lead to degredation of security over time.In order to meet the simultaneous goals of protecting CMS data, protecting the operators from undue exposure to risk, increasing monitoring capabilities and improving maintainability of the security model, the PhEDEx security model was redesigned and r...

  18. Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production.

    Science.gov (United States)

    Coles, Graeme D; Wratten, Stephen D; Porter, John R

    2016-01-01

    Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively, requirements for high-quality protein are met more efficiently by animal production from such land. We present a model that can be used to assess dietary energy and quality-corrected protein production from various crop and crop/animal production systems, and demonstrate its utility. We extend our analysis with an accompanying economic analysis of commercially-available, pre-prepared or simply-cooked foods that can be produced from our case-study crop and animal products. We calculate the per-person, per-day cost of both quality-corrected protein and dietary energy as provided in the processed foods. We conclude that mixed dairy/cropping systems provide the greatest quantity of high-quality protein per unit price to the consumer, have the highest food energy production and can support the dietary requirements of the highest number of people, when assessed as all-year-round production systems. Global food and nutritional security will largely be an outcome of national or regional agroeconomies addressing their own food needs. We hope that our model will be used for similar analyses of food production systems in other countries, agroecological zones and economies.

  19. Managing business compliance using model-driven security management

    Science.gov (United States)

    Lang, Ulrich; Schreiner, Rudolf

    Compliance with regulatory and governance standards is rapidly becoming one of the hot topics of information security today. This is because, especially with regulatory compliance, both business and government have to expect large financial and reputational losses if compliance cannot be ensured and demonstrated. One major difficulty of implementing such regulations is caused the fact that they are captured at a high level of abstraction that is business-centric and not IT centric. This means that the abstract intent needs to be translated in a trustworthy, traceable way into compliance and security policies that the IT security infrastructure can enforce. Carrying out this mapping process manually is time consuming, maintenance-intensive, costly, and error-prone. Compliance monitoring is also critical in order to be able to demonstrate compliance at any given point in time. The problem is further complicated because of the need for business-driven IT agility, where IT policies and enforcement can change frequently, e.g. Business Process Modelling (BPM) driven Service Oriented Architecture (SOA). Model Driven Security (MDS) is an innovative technology approach that can solve these problems as an extension of identity and access management (IAM) and authorization management (also called entitlement management). In this paper we will illustrate the theory behind Model Driven Security for compliance, provide an improved and extended architecture, as well as a case study in the healthcare industry using our OpenPMF 2.0 technology.

  20. IT Security Management Implementation Model in Iranian Bank Industry

    Directory of Open Access Journals (Sweden)

    Mona Vanaki

    2017-06-01

    Full Text Available According to the complexity and differences between Iranian banks and other developed countries the appropriate actions to implement effective security management of information technology have not been taken. The aim of this study was to create a powerful model by selecting the appropriate security controls to protect information assets in the bank. In this model, at first the principle set fort in ISO standard 27001, was extracted and then by further studies derived from best practices carried out in the world on the related subject from 2008 to 2016 using a qualitative descriptive method, points comply with information security management in the banking industry were added to it. With the study of Iranian banks in dealing with IT security management system and with help of action research tools, provisions which prevent the actual implementation of this standard was removed and finally a conceptual model with operating instructions and considering all the principles of information security management standard, as well as banking institutions focusing on the characteristics of Iran was proposed.

  1. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization

    OpenAIRE

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. In this paper, we present a Risk-Based Requirements Prioritization method (RiskREP) that extends misuse case-based methods with IT architecture based risk assessment and countermeasure definition and prioritization. Countermeasure prioritizati...

  2. Development of DSRC device and communication system performance measures recommendations for DSRC OBE performance and security requirements.

    Science.gov (United States)

    2016-05-22

    This report presents recommendations for minimum DSRC device communication performance and security : requirements to ensure effective operation of the DSRC system. The team identified recommended DSRC : communications requirements aligned to use cas...

  3. Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users

    Directory of Open Access Journals (Sweden)

    Vladislav D. Veksler

    2018-05-01

    Full Text Available Computational models of cognitive processes may be employed in cyber-security tools, experiments, and simulations to address human agency and effective decision-making in keeping computational networks secure. Cognitive modeling can addresses multi-disciplinary cyber-security challenges requiring cross-cutting approaches over the human and computational sciences such as the following: (a adversarial reasoning and behavioral game theory to predict attacker subjective utilities and decision likelihood distributions, (b human factors of cyber tools to address human system integration challenges, estimation of defender cognitive states, and opportunities for automation, (c dynamic simulations involving attacker, defender, and user models to enhance studies of cyber epidemiology and cyber hygiene, and (d training effectiveness research and training scenarios to address human cyber-security performance, maturation of cyber-security skill sets, and effective decision-making. Models may be initially constructed at the group-level based on mean tendencies of each subject's subgroup, based on known statistics such as specific skill proficiencies, demographic characteristics, and cultural factors. For more precise and accurate predictions, cognitive models may be fine-tuned to each individual attacker, defender, or user profile, and updated over time (based on recorded behavior via techniques such as model tracing and dynamic parameter fitting.

  4. Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users

    Science.gov (United States)

    Veksler, Vladislav D.; Buchler, Norbou; Hoffman, Blaine E.; Cassenti, Daniel N.; Sample, Char; Sugrim, Shridat

    2018-01-01

    Computational models of cognitive processes may be employed in cyber-security tools, experiments, and simulations to address human agency and effective decision-making in keeping computational networks secure. Cognitive modeling can addresses multi-disciplinary cyber-security challenges requiring cross-cutting approaches over the human and computational sciences such as the following: (a) adversarial reasoning and behavioral game theory to predict attacker subjective utilities and decision likelihood distributions, (b) human factors of cyber tools to address human system integration challenges, estimation of defender cognitive states, and opportunities for automation, (c) dynamic simulations involving attacker, defender, and user models to enhance studies of cyber epidemiology and cyber hygiene, and (d) training effectiveness research and training scenarios to address human cyber-security performance, maturation of cyber-security skill sets, and effective decision-making. Models may be initially constructed at the group-level based on mean tendencies of each subject's subgroup, based on known statistics such as specific skill proficiencies, demographic characteristics, and cultural factors. For more precise and accurate predictions, cognitive models may be fine-tuned to each individual attacker, defender, or user profile, and updated over time (based on recorded behavior) via techniques such as model tracing and dynamic parameter fitting. PMID:29867661

  5. Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users.

    Science.gov (United States)

    Veksler, Vladislav D; Buchler, Norbou; Hoffman, Blaine E; Cassenti, Daniel N; Sample, Char; Sugrim, Shridat

    2018-01-01

    Computational models of cognitive processes may be employed in cyber-security tools, experiments, and simulations to address human agency and effective decision-making in keeping computational networks secure. Cognitive modeling can addresses multi-disciplinary cyber-security challenges requiring cross-cutting approaches over the human and computational sciences such as the following: (a) adversarial reasoning and behavioral game theory to predict attacker subjective utilities and decision likelihood distributions, (b) human factors of cyber tools to address human system integration challenges, estimation of defender cognitive states, and opportunities for automation, (c) dynamic simulations involving attacker, defender, and user models to enhance studies of cyber epidemiology and cyber hygiene, and (d) training effectiveness research and training scenarios to address human cyber-security performance, maturation of cyber-security skill sets, and effective decision-making. Models may be initially constructed at the group-level based on mean tendencies of each subject's subgroup, based on known statistics such as specific skill proficiencies, demographic characteristics, and cultural factors. For more precise and accurate predictions, cognitive models may be fine-tuned to each individual attacker, defender, or user profile, and updated over time (based on recorded behavior) via techniques such as model tracing and dynamic parameter fitting.

  6. Design impacts of safeguards and security requirements for a US MOX fuel fabrication facility

    International Nuclear Information System (INIS)

    Erkkila, B.H.; Rinard, P.M.; Thomas, K.E.; Zack, N.R.; Jaeger, C.D.

    1998-01-01

    The disposition of plutonium that is no longer required for the nation's defense is being structured to mitigate risks associated with the material's availability. In the 1997 Record of Decision, the US Government endorsed a dual-track approach that could employ domestic commercial reactors to effect the disposition of a portion of the plutonium in the form of mixed oxide (MOX) reactor fuels. To support this decision, the Office of Materials Disposition requested preparation of a document that would review US requirements for safeguards and security and describe their impact on the design of a MOX fuel fabrication facility. The intended users are potential bidders for the construction and operation of the facility. The document emphasizes the relevant DOE Orders but also considers the Nuclear Regulatory Commission (NRC) requirements. Where they are significantly different, the authors have highlighted this difference and provided guidance on the impact to the facility design. Finally, the impacts of International Atomic Energy Agency (IAEA) safeguards on facility design are discussed. Security and materials control and accountability issues that influence facility design are emphasized in each area of discussion. This paper will discuss the prepared report and the issues associated with facility design for implementing practical, modern safeguards and security systems into a new MOX fuel fabrication facility

  7. Trust Model to Enhance Security and Interoperability of Cloud Environment

    Science.gov (United States)

    Li, Wenjuan; Ping, Lingdi

    Trust is one of the most important means to improve security and enable interoperability of current heterogeneous independent cloud platforms. This paper first analyzed several trust models used in large and distributed environment and then introduced a novel cloud trust model to solve security issues in cross-clouds environment in which cloud customer can choose different providers' services and resources in heterogeneous domains can cooperate. The model is domain-based. It divides one cloud provider's resource nodes into the same domain and sets trust agent. It distinguishes two different roles cloud customer and cloud server and designs different strategies for them. In our model, trust recommendation is treated as one type of cloud services just like computation or storage. The model achieves both identity authentication and behavior authentication. The results of emulation experiments show that the proposed model can efficiently and safely construct trust relationship in cross-clouds environment.

  8. 76 FR 15874 - Beneficial Ownership Reporting Requirements and Security-Based Swaps

    Science.gov (United States)

    2011-03-22

    ... conversion of any derivative security, whether or not presently exercisable.'' \\40\\ ``Derivative securities... ``any equity security or derivative security relating to an issuer, whether or not issued by that issuer... securities, except that the acquisition or disposition of any derivative security must be separately reported...

  9. Stochastic models of the Social Security trust funds.

    Science.gov (United States)

    Burdick, Clark; Manchester, Joyce

    Each year in March, the Board of Trustees of the Social Security trust funds reports on the current and projected financial condition of the Social Security programs. Those programs, which pay monthly benefits to retired workers and their families, to the survivors of deceased workers, and to disabled workers and their families, are financed through the Old-Age, Survivors, and Disability Insurance (OASDI) Trust Funds. In their 2003 report, the Trustees present, for the first time, results from a stochastic model of the combined OASDI trust funds. Stochastic modeling is an important new tool for Social Security policy analysis and offers the promise of valuable new insights into the financial status of the OASDI trust funds and the effects of policy changes. The results presented in this article demonstrate that several stochastic models deliver broadly consistent results even though they use very different approaches and assumptions. However, they also show that the variation in trust fund outcomes differs as the approach and assumptions are varied. Which approach and assumptions are best suited for Social Security policy analysis remains an open question. Further research is needed before the promise of stochastic modeling is fully realized. For example, neither parameter uncertainty nor variability in ultimate assumption values is recognized explicitly in the analyses. Despite this caveat, stochastic modeling results are already shedding new light on the range and distribution of trust fund outcomes that might occur in the future.

  10. European Climate - Energy Security Nexus. A model based scenario analysis

    International Nuclear Information System (INIS)

    Criqui, Patrick; Mima, Silvana

    2011-01-01

    In this research, we have provided an overview of the climate-security nexus in the European sector through a model based scenario analysis with POLES model. The analysis underline that under stringent climate policies, Europe take advantage of a double dividend in its capacity to develop a new cleaner energy model and in lower vulnerability to potential shocks on the international energy markets. (authors)

  11. NERSC Cyber Security Challenges That Require DOE Development andSupport

    Energy Technology Data Exchange (ETDEWEB)

    Draney, Brent; Campbell, Scott; Walter, Howard

    2007-01-16

    Traditional security approaches do not adequately addressall the requirements of open, scientific computing facilities. Many ofthe methods used for more restricted environments, including almost allcorporate/commercial systems, do not meet the needs of today's science.Use of only the available "state of the practice" commercial methods willhave adverse impact on the ability of DOE to accomplish its sciencegoals, and impacts the productivity of the DOE Science community. Inparticular, NERSC and other high performance computing (HPC) centers havespecial security challenges that are unlikely to be met unless DOE fundsdevelopment and support of reliable and effective tools designed to meetthe cyber security needs of High Performance Science. The securitychallenges facing NERSC can be collected into three basic problem sets:network performance and dynamics, application complexity and diversity,and a complex user community that can have transient affiliations withactual institutions. To address these problems, NERSC proposes thefollowing four general solutions: auditing user and system activityacross sites; firewall port configuration in real time;cross-site/virtual organization identity management and access control;and detecting security issues in application middleware. Solutions arealsoproposed for three general long term issues: data volume,application complexity, and information integration.

  12. A Hybrid Secure Scheme for Wireless Sensor Networks against Timing Attacks Using Continuous-Time Markov Chain and Queueing Model.

    Science.gov (United States)

    Meng, Tianhui; Li, Xiaofan; Zhang, Sha; Zhao, Yubin

    2016-09-28

    Wireless sensor networks (WSNs) have recently gained popularity for a wide spectrum of applications. Monitoring tasks can be performed in various environments. This may be beneficial in many scenarios, but it certainly exhibits new challenges in terms of security due to increased data transmission over the wireless channel with potentially unknown threats. Among possible security issues are timing attacks, which are not prevented by traditional cryptographic security. Moreover, the limited energy and memory resources prohibit the use of complex security mechanisms in such systems. Therefore, balancing between security and the associated energy consumption becomes a crucial challenge. This paper proposes a secure scheme for WSNs while maintaining the requirement of the security-performance tradeoff. In order to proceed to a quantitative treatment of this problem, a hybrid continuous-time Markov chain (CTMC) and queueing model are put forward, and the tradeoff analysis of the security and performance attributes is carried out. By extending and transforming this model, the mean time to security attributes failure is evaluated. Through tradeoff analysis, we show that our scheme can enhance the security of WSNs, and the optimal rekeying rate of the performance and security tradeoff can be obtained.

  13. Requirements engineering for trust management: Model, methodology, and reasoning

    NARCIS (Netherlands)

    Giorgini, P.; Massacci, F.; Mylopoulos, J.; Zannone, N.

    2006-01-01

    A number of recent proposals aim to incorporate security engineering into mainstream software engineering. Yet, capturing trust and security requirements at an organizational level, as opposed to an IT system level, and mapping these into security and trust management policies is still an open

  14. Security Issues Model on Cloud Computing: A Case of Malaysia

    OpenAIRE

    Komeil Raisian; Jamaiah Yahaya

    2015-01-01

    By developing the cloud computing, viewpoint of many people regarding the infrastructure architectures, software distribution and improvement model changed significantly. Cloud computing associates with the pioneering deployment architecture, which could be done through grid calculating, effectiveness calculating and autonomic calculating. The fast transition towards that, has increased the worries regarding a critical issue for the effective transition of cloud computing. From the security v...

  15. Organizational information assets classification model and security architecture methodology

    Directory of Open Access Journals (Sweden)

    Mostafa Tamtaji

    2015-12-01

    Full Text Available Today's, Organizations are exposed with huge and diversity of information and information assets that are produced in different systems shuch as KMS, financial and accounting systems, official and industrial automation sysytems and so on and protection of these information is necessary. Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released.several benefits of this model cuses that organization has a great trend to implementing Cloud computing. Maintaining and management of information security is the main challenges in developing and accepting of this model. In this paper, at first, according to "design science research methodology" and compatible with "design process at information systems research", a complete categorization of organizational assets, including 355 different types of information assets in 7 groups and 3 level, is presented to managers be able to plan corresponding security controls according to importance of each groups. Then, for directing of organization to architect it’s information security in cloud computing environment, appropriate methodology is presented. Presented cloud computing security architecture , resulted proposed methodology, and presented classification model according to Delphi method and expers comments discussed and verified.

  16. Modelling effective and simultaneous promotion of food security and ...

    African Journals Online (AJOL)

    This ineffectiveness extends to promoting household food security within the context of encouraging biodiversity conservation on farm lands. To examine this, this paper draws on recently conducted research to sketch the current model within which extension pursues these seemingly dichotomous objectives and identifies ...

  17. An analysis of Technical Security Control Requirements For Digital I and C Systems in Nuclear Power Plants

    International Nuclear Information System (INIS)

    Song, Jaegu; Lee, Jungwoon; Park, Geeyong; Kwon, Keechoon; Lee, Dongyoung; Lee, Cheolkwon

    2013-01-01

    Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system

  18. An analysis of Technical Security Control Requirements For Digital I and C Systems in Nuclear Power Plants

    Energy Technology Data Exchange (ETDEWEB)

    Song, Jaegu; Lee, Jungwoon; Park, Geeyong; Kwon, Keechoon; Lee, Dongyoung; Lee, Cheolkwon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2013-10-15

    Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

  19. DESIGN MODELING OF A UNIVERSITY’S COMPREHENSIVE-INTEGRATED SECURITY SYSTEM

    Directory of Open Access Journals (Sweden)

    Marina V. Dulyasova

    2017-03-01

    Full Text Available Introduction: the safety of higher education institutions is considered to be of great importance nowadays. Security challenges need to be addressed through a comprehensive and integrative approach. This approach provides neutralisation of various threats systemically, risk prevention, minimisation of the tangible and moral harm. The project concept of “safe university” is proposed and substantiated for the above-mentioned purposes. Materials and Methods: the authors used a special literature survey on the issue, which is divided into three main groups of publications, where the complex security of educational institutions is considered in the context of the general theory of security, in the educational-methodical plan and within the framework of sociological, psychological and pedagogical approaches. The legislative and regulatory sources also indicated, legislative and regulatory legal acts reviews, “Safe City” concept, National standard “Information security technologies: complex and integrated ones. Standard requirements to architecture and technologies of intellectual systems of monitoring for safety of the companies and the territories” (State standard specification P 56875-2016, documents of higher education institutions, media reports. The analysis and generalisation of information was coupled with project modeling of the new comprehensive system of higher education institution security. Results: the authors introduce the concept, architecture and model of the comprehensive integrated higher education institution security, monitoring based on measures and indicators pertaining to implementation of standard requirements and level of satisfaction with safety, evaluation of the taken measures in terms of efficiency. Discussion and Conclusions: the main contours of the model for comprehensive integrated security system in a higher education institution and algorithm of interaction between the subjects are determined. These

  20. An Elliptic Curve Based Schnorr Cloud Security Model in Distributed Environment

    Directory of Open Access Journals (Sweden)

    Vinothkumar Muthurajan

    2016-01-01

    Full Text Available Cloud computing requires the security upgrade in data transmission approaches. In general, key-based encryption/decryption (symmetric and asymmetric mechanisms ensure the secure data transfer between the devices. The symmetric key mechanisms (pseudorandom function provide minimum protection level compared to asymmetric key (RSA, AES, and ECC schemes. The presence of expired content and the irrelevant resources cause unauthorized data access adversely. This paper investigates how the integrity and secure data transfer are improved based on the Elliptic Curve based Schnorr scheme. This paper proposes a virtual machine based cloud model with Hybrid Cloud Security Algorithm (HCSA to remove the expired content. The HCSA-based auditing improves the malicious activity prediction during the data transfer. The duplication in the cloud server degrades the performance of EC-Schnorr based encryption schemes. This paper utilizes the blooming filter concept to avoid the cloud server duplication. The combination of EC-Schnorr and blooming filter efficiently improves the security performance. The comparative analysis between proposed HCSA and the existing Distributed Hash Table (DHT regarding execution time, computational overhead, and auditing time with auditing requests and servers confirms the effectiveness of HCSA in the cloud security model creation.

  1. An Elliptic Curve Based Schnorr Cloud Security Model in Distributed Environment.

    Science.gov (United States)

    Muthurajan, Vinothkumar; Narayanasamy, Balaji

    2016-01-01

    Cloud computing requires the security upgrade in data transmission approaches. In general, key-based encryption/decryption (symmetric and asymmetric) mechanisms ensure the secure data transfer between the devices. The symmetric key mechanisms (pseudorandom function) provide minimum protection level compared to asymmetric key (RSA, AES, and ECC) schemes. The presence of expired content and the irrelevant resources cause unauthorized data access adversely. This paper investigates how the integrity and secure data transfer are improved based on the Elliptic Curve based Schnorr scheme. This paper proposes a virtual machine based cloud model with Hybrid Cloud Security Algorithm (HCSA) to remove the expired content. The HCSA-based auditing improves the malicious activity prediction during the data transfer. The duplication in the cloud server degrades the performance of EC-Schnorr based encryption schemes. This paper utilizes the blooming filter concept to avoid the cloud server duplication. The combination of EC-Schnorr and blooming filter efficiently improves the security performance. The comparative analysis between proposed HCSA and the existing Distributed Hash Table (DHT) regarding execution time, computational overhead, and auditing time with auditing requests and servers confirms the effectiveness of HCSA in the cloud security model creation.

  2. Towards second-generation smart card-based authentication in health information systems: the secure server model.

    Science.gov (United States)

    Hallberg, J; Hallberg, N; Timpka, T

    2001-01-01

    Conventional smart card-based authentication systems used in health care alleviate some of the security issues in user and system authentication. Existing models still do not cover all security aspects. To enable new protective measures to be developed, an extended model of the authentication process is presented. This model includes a new entity referred to as secure server. Assuming a secure server, a method where the smart card is aware of the status of the terminal integrity verification becomes feasible. The card can then act upon this knowledge and restrict the exposure of sensitive information to the terminal as required in order to minimize the risks. The secure server model can be used to illuminate the weaknesses of current approaches and the need for extensions which alleviate the resulting risks.

  3. Data requirements for integrated near field models

    International Nuclear Information System (INIS)

    Wilems, R.E.; Pearson, F.J. Jr.; Faust, C.R.; Brecher, A.

    1981-01-01

    The coupled nature of the various processes in the near field require that integrated models be employed to assess long term performance of the waste package and repository. The nature of the integrated near field models being compiled under the SCEPTER program are discussed. The interfaces between these near field models and far field models are described. Finally, near field data requirements are outlined in sufficient detail to indicate overall programmatic guidance for data gathering activities

  4. CONCEPTUAL MODELLING AND ORGANIZATION OF SECURITY MECHANISMS IN DISTRIBUTED SYSTEMS

    Directory of Open Access Journals (Sweden)

    T. Galibus

    2016-01-01

    Full Text Available We analyze the existing DS from the point of security and construct a two-level hierarchy of models. Such approach allows us to separate the abstraction (architecture level and the concrete (component level of ISS. The core set of methods, i. e. authentication and key exchange protocols, corresponds to the abstraction level and is defined as security infrastructure (SI. The final security parameters optimization and additional mechanisms such as authorization, routing and data auditing of the protection mechanisms are configured on the component level of the DS. In addition, we outline the systematic step-by-step ISS configuration method.

  5. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2005-09-01

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was

  6. A Stochastic Model for Improving Information Security in Supply Chain Systems

    OpenAIRE

    Ibrahim Al Kattan; Ahmed Al Nunu; Kassem Saleh

    2009-01-01

    This article presents a probabilistic security model for supply chain management systems (SCM) in which the basic goals of security (including confidentiality, integrity, availability and accountability, CIAA) are modeled and analyzed. Consequently, the weak points in system security are identified. A stochastic model using measurable values to describe the information system security of a SCM is introduced. Information security is a crucial and integral part of the network of supply chains. ...

  7. Modeling, simulation and analysis of a securities settlement system:The case of Central Securities Depository of Mexico

    OpenAIRE

    Muñoz, David F; Palacios, Arturo; Lascurain, Miguel

    2012-01-01

    The Instituto para el Depósito de Valores (INDEVAL) is the Central Securities Depository of Mexico. It is the only Mexican institution authorized to perform, in an integrated manner, the activities of safe-keeping, custody, management, clearing, settlement and transfer of securities. In this article, we report the modeling, simulation and analysis of a new Securities Settlement System (SSS) implemented by INDEVAL, as part of a project for the implementation of a safer and more efficient opera...

  8. Modeling, simulation and analysis of a securities settlement system: the case of Central Securities Depository of Mexico

    OpenAIRE

    Muñoz, David F.; Palacios, Arturo; de Lascurain, Miguel

    2012-01-01

    The Instituto para el Depósito de Valores (INDEVAL) is the Central Securities Depository of Mexico. It is the only Mexican institution authorized to perform, in an integrated manner, the activities of safe-keeping, custody, management, clearing, settlement and transfer of securities. In this article, we report the modeling, simulation and analysis of a new Securities Settlement System (SSS) implemented by INDEVAL, as part of a project for the implementation of a safer and more efficient opera...

  9. C2 Link Security for UAS: Technical Literature Study and Preliminary Functional Requirements. Version 0.9 (Working Draft)

    Science.gov (United States)

    2005-01-01

    This document provides a study of the technical literature related to Command and Control (C2) link security for Unmanned Aircraft Systems (UAS) for operation in the National Airspace System (NAS). Included is a preliminary set of functional requirements for C2 link security.

  10. Strong tobacco control program requirements and secure funding are not enough: lessons from Florida.

    Science.gov (United States)

    Kennedy, Allison; Sullivan, Sarah; Hendlin, Yogi; Barnes, Richard; Glantz, Stanton

    2012-05-01

    Florida's Tobacco Pilot Program (TPP; 1998-2003), with its edgy Truth media campaign, achieved unprecedented youth smoking reductions and became a model for tobacco control programming. In 2006, 3 years after the TPP was defunded, public health groups restored funding for tobacco control programming by convincing Florida voters to amend their constitution. Despite the new program's strong legal structure, Governor Charlie Crist's Department of Health implemented a low-impact program. Although they secured the program's strong structure and funding, Florida's nongovernmental public health organizations did not mobilize to demand a high-impact program. Implementation of Florida's Amendment 4 demonstrates that a strong programmatic structure and secure funding are insufficient to ensure a successful public health program, without external pressure from nongovernmental groups.

  11. Dynamic model based on Bayesian method for energy security assessment

    International Nuclear Information System (INIS)

    Augutis, Juozas; Krikštolaitis, Ričardas; Pečiulytė, Sigita; Žutautaitė, Inga

    2015-01-01

    Highlights: • Methodology for dynamic indicator model construction and forecasting of indicators. • Application of dynamic indicator model for energy system development scenarios. • Expert judgement involvement using Bayesian method. - Abstract: The methodology for the dynamic indicator model construction and forecasting of indicators for the assessment of energy security level is presented in this article. An indicator is a special index, which provides numerical values to important factors for the investigated area. In real life, models of different processes take into account various factors that are time-dependent and dependent on each other. Thus, it is advisable to construct a dynamic model in order to describe these dependences. The energy security indicators are used as factors in the dynamic model. Usually, the values of indicators are obtained from statistical data. The developed dynamic model enables to forecast indicators’ variation taking into account changes in system configuration. The energy system development is usually based on a new object construction. Since the parameters of changes of the new system are not exactly known, information about their influences on indicators could not be involved in the model by deterministic methods. Thus, dynamic indicators’ model based on historical data is adjusted by probabilistic model with the influence of new factors on indicators using the Bayesian method

  12. Towards an Enhancement of Organizational Information Security through Threat Factor Profiling (TFP) Model

    Science.gov (United States)

    Sidi, Fatimah; Daud, Maslina; Ahmad, Sabariah; Zainuddin, Naqliyah; Anneisa Abdullah, Syafiqa; Jabar, Marzanah A.; Suriani Affendey, Lilly; Ishak, Iskandar; Sharef, Nurfadhlina Mohd; Zolkepli, Maslina; Nur Majdina Nordin, Fatin; Amat Sejani, Hashimah; Ramadzan Hairani, Saiful

    2017-09-01

    Information security has been identified by organizations as part of internal operations that need to be well implemented and protected. This is because each day the organizations face a high probability of increase of threats to their networks and services that will lead to information security issues. Thus, effective information security management is required in order to protect their information assets. Threat profiling is a method that can be used by an organization to address the security challenges. Threat profiling allows analysts to understand and organize intelligent information related to threat groups. This paper presents a comparative analysis that was conducted to study the existing threat profiling models. It was found that existing threat models were constructed based on specific objectives, thus each model is limited to only certain components or factors such as assets, threat sources, countermeasures, threat agents, threat outcomes and threat actors. It is suggested that threat profiling can be improved by the combination of components found in each existing threat profiling model/framework. The proposed model can be used by an organization in executing a proactive approach to incident management.

  13. Safeguards and security requirements for weapons plutonium disposition in light water reactors

    International Nuclear Information System (INIS)

    Thomas, L.L.; Strait, R.S.

    1994-10-01

    This paper explores the issues surrounding the safeguarding of the plutonium disposition process in support of the United States nuclear weapons dismantlement program. It focuses on the disposition of the plutonium by burning mixed oxide fuel in light water reactors (LWR) and addresses physical protection, material control and accountability, personnel security and international safeguards. The S and S system needs to meet the requirements of the DOE Orders, NRC Regulations and international safeguards agreements. Experience has shown that incorporating S and S measures into early facility designs and integrating them into operations provides S and S that is more effective, more economical, and less intrusive. The plutonium disposition safeguards requirements with which the US has the least experience are the implementation of international safeguards on plutonium metal; the large scale commercialization of the mixed oxide fuel fabrication; and the transportation to and loading in the LWRs of fresh mixed oxide fuel. It is in these areas where the effort needs to be concentrated if the US is to develop safeguards and security systems that are effective and efficient

  14. Application distribution model and related security attacks in VANET

    Science.gov (United States)

    Nikaein, Navid; Kanti Datta, Soumya; Marecar, Irshad; Bonnet, Christian

    2013-03-01

    In this paper, we present a model for application distribution and related security attacks in dense vehicular ad hoc networks (VANET) and sparse VANET which forms a delay tolerant network (DTN). We study the vulnerabilities of VANET to evaluate the attack scenarios and introduce a new attacker`s model as an extension to the work done in [6]. Then a VANET model has been proposed that supports the application distribution through proxy app stores on top of mobile platforms installed in vehicles. The steps of application distribution have been studied in detail. We have identified key attacks (e.g. malware, spamming and phishing, software attack and threat to location privacy) for dense VANET and two attack scenarios for sparse VANET. It has been shown that attacks can be launched by distributing malicious applications and injecting malicious codes to On Board Unit (OBU) by exploiting OBU software security holes. Consequences of such security attacks have been described. Finally, countermeasures including the concepts of sandbox have also been presented in depth.

  15. Competence Requirements of ISO/IEC Standards for Information Security Professionals

    Directory of Open Access Journals (Sweden)

    Natalia G. Miloslavskaya

    2017-11-01

    Full Text Available The rapid progress in the filed of information security (IS puts one in a need of periodic revision of professional competencies (formulated in the federal state educational standards –FSESs and working functions (formulated in the professional standards – PSs. Under these conditions, a timely reaction to everything new that emerges or will appear in modern regulatory documents (primarily in standards is extremely important. We make a forecast for the content of the ISO/IEC 27021 and ISO/IEC 19896 standards drafted by the International Organization for Standardization (ISO, which should contain the requirements for the competencies of IS management system professionals and the competence of IS testers and evaluators. Our forecast takes into account the requirements of the ISO/IEC 27000 standard group and the recommendations of the European e-Competence Framework e-CF 3.0.

  16. Adapting Rational Unified Process (RUP) approach in designing a secure e-Tendering model

    Science.gov (United States)

    Mohd, Haslina; Robie, Muhammad Afdhal Muhammad; Baharom, Fauziah; Darus, Norida Muhd; Saip, Mohamed Ali; Yasin, Azman

    2016-08-01

    e-Tendering is an electronic processing of the tender document via internet and allow tenderer to publish, communicate, access, receive and submit all tender related information and documentation via internet. This study aims to design the e-Tendering system using Rational Unified Process approach. RUP provides a disciplined approach on how to assign tasks and responsibilities within the software development process. RUP has four phases that can assist researchers to adjust the requirements of various projects with different scope, problem and the size of projects. RUP is characterized as a use case driven, architecture centered, iterative and incremental process model. However the scope of this study only focusing on Inception and Elaboration phases as step to develop the model and perform only three of nine workflows (business modeling, requirements, analysis and design). RUP has a strong focus on documents and the activities in the inception and elaboration phases mainly concern the creation of diagrams and writing of textual descriptions. The UML notation and the software program, Star UML are used to support the design of e-Tendering. The e-Tendering design based on the RUP approach can contribute to e-Tendering developers and researchers in e-Tendering domain. In addition, this study also shows that the RUP is one of the best system development methodology that can be used as one of the research methodology in Software Engineering domain related to secured design of any observed application. This methodology has been tested in various studies in certain domains, such as in Simulation-based Decision Support, Security Requirement Engineering, Business Modeling and Secure System Requirement, and so forth. As a conclusion, these studies showed that the RUP one of a good research methodology that can be adapted in any Software Engineering (SE) research domain that required a few artifacts to be generated such as use case modeling, misuse case modeling, activity

  17. Modeling and Security Threat Assessments of Data Processed in Cloud Based Information Systems

    Directory of Open Access Journals (Sweden)

    Darya Sergeevna Simonenkova

    2016-03-01

    Full Text Available The subject of the research is modeling and security threat assessments of data processed in cloud based information systems (CBIS. This method allow to determine the current security threats of CBIS, state of the system in which vulnerabilities exists, level of possible violators, security properties and to generate recommendations for neutralizing security threats of CBIS.

  18. Optimizing a physical security configuration using a highly detailed simulation model

    NARCIS (Netherlands)

    Marechal, T.M.A.; Smith, A.E.; Ustun, V.; Smith, J.S.; Lefeber, A.A.J.; Badiru, A.B.; Thomas, M.U.

    2009-01-01

    This research is focused on using a highly detailed simulation model to create a physical security system to prevent intrusions in a building. Security consists of guards and security cameras. The problem is represented as a binary optimization problem. A new heuristic is proposed to do the security

  19. Maritime supply chain security: navigating through a sea of compliance requirements

    CSIR Research Space (South Africa)

    Maspero, EL

    2008-11-01

    Full Text Available MTSA Maritime Transportation Security Act RFID Radio Frequency Identification SAFE Security and Accountability For Every port SOLAS Safety Of Life At Sea SST Smart and Secure Tradelane UNCTAD United Nations Conference on Trade and Development... for increased security within maritime shipping and so the SOLAS (the Safety of Lives at Sea) Convention Chapter 11 was amended to provide for the inclusion of the International Ships and Port Facilities Security Code (ISPS Code), which was internationally...

  20. USign--a security enhanced electronic consent model.

    Science.gov (United States)

    Li, Yanyan; Xie, Mengjun; Bian, Jiang

    2014-01-01

    Electronic consent becomes increasingly popular in the healthcare sector given the many benefits it provides. However, security concerns, e.g., how to verify the identity of a person who is remotely accessing the electronic consent system in a secure and user-friendly manner, also arise along with the popularity of electronic consent. Unfortunately, existing electronic consent systems do not pay sufficient attention to those issues. They mainly rely on conventional password based authentication to verify the identity of an electronic consent user, which is far from being sufficient given that identity theft threat is real and significant in reality. In this paper, we present a security enhanced electronic consent model called USign. USign enhances the identity protection and authentication for electronic consent systems by leveraging handwritten signatures everyone is familiar with and mobile computing technologies that are becoming ubiquitous. We developed a prototype of USign and conducted preliminary evaluation on accuracy and usability of signature verification. Our experimental results show the feasibility of the proposed model.

  1. Modeling Turkey’s future LNG supply security strategy

    International Nuclear Information System (INIS)

    Efe Biresselioglu, Mehmet; Hakan Demir, Muhittin; Kandemir, Cansu

    2012-01-01

    Turkey was among those countries which decided to increase its natural gas consumption in the 1990s, due to its relative low cost and lack of impact on the environment. However, a heavy dependence on imports, from Algeria, Qatar and Nigeria, respectively, creates a threat to energy security, both in terms of source and supply diversity. Accordingly, we follow an analytical approach to identify the accuracy of our assumption, considering the current economic, political and security risk. To this end, we formulate and solve a mixed integer programming model that determines the optimal sourcing strategy for Turkey’s increasing LNG demand. This model demonstrates a number of alternative policy options for LNG supply. Furthermore, we consider that increasing the proportion of LNG in the overall gas supply will contribute to the aim of improving Turkey’s level of energy security. - Highlights: ► Turkey’s best policy option is to increase the share of LNG. ► Turkey’s main suppliers of LNG will be Algeria, Egypt, Nigeria, and Trinidad and Tobago. ► Norway, Libya, and Oman contribute to the supply with rather smaller shares. ► With high risk scenario Algeria, Egypt, Nigeria and Libya will not be suppliers. ► Oman and Qatar will cover; even though they are high-cost suppliers.

  2. A Requirements Analysis Model Based on QFD

    Institute of Scientific and Technical Information of China (English)

    TANG Zhi-wei; Nelson K.H.Tang

    2004-01-01

    The enterprise resource planning (ERP) system has emerged to offer an integrated IT solution and more and more enterprises are increasing by adopting this system and regarding it as an important innovation. However, there is already evidence of high failure risks in ERP project implementation, one major reason is poor analysis of the requirements for system implementation. In this paper, the importance of requirements analysis for ERP project implementation is highlighted, and a requirements analysis model by applying quality function deployment (QFD) is presented, which will support to conduct requirements analysis for ERP project.

  3. Modeling Security-Enhanced Linux Policy Specifications for Analysis (Preprint)

    National Research Council Canada - National Science Library

    Archer, Myla; Leonard, Elizabeth; Pradella, Matteo

    2003-01-01

    Security-Enhanced (SE) Linux is a modification of Linux initially released by NSA in January 2001 that provides a language for specifying Linux security policies and, as in the Flask architecture, a security server...

  4. Future consumer mobile phone security : a case study using the data centric security model

    NARCIS (Netherlands)

    van Cleeff, A.

    2008-01-01

    In the interconnected world that we live in, traditional security barriers are broken down. Developments such as outsourcing, increased usage of mobile devices and wireless networks each cause new security problems. To address the new security threats, a number of solutions have been suggested,

  5. AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

    Directory of Open Access Journals (Sweden)

    JAE-GU SONG

    2013-10-01

    Full Text Available Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

  6. Modeling and Testing Legacy Data Consistency Requirements

    DEFF Research Database (Denmark)

    Nytun, J. P.; Jensen, Christian Søndergaard

    2003-01-01

    An increasing number of data sources are available on the Internet, many of which offer semantically overlapping data, but based on different schemas, or models. While it is often of interest to integrate such data sources, the lack of consistency among them makes this integration difficult....... This paper addresses the need for new techniques that enable the modeling and consistency checking for legacy data sources. Specifically, the paper contributes to the development of a framework that enables consistency testing of data coming from different types of data sources. The vehicle is UML and its...... accompanying XMI. The paper presents techniques for modeling consistency requirements using OCL and other UML modeling elements: it studies how models that describe the required consistencies among instances of legacy models can be designed in standard UML tools that support XMI. The paper also considers...

  7. Constructing RBAC based security model in u-healthcare service platform.

    Science.gov (United States)

    Shin, Moon Sun; Jeon, Heung Seok; Ju, Yong Wan; Lee, Bum Ju; Jeong, Seon-Phil

    2015-01-01

    In today's era of aging society, people want to handle personal health care by themselves in everyday life. In particular, the evolution of medical and IT convergence technology and mobile smart devices has made it possible for people to gather information on their health status anytime and anywhere easily using biometric information acquisition devices. Healthcare information systems can contribute to the improvement of the nation's healthcare quality and the reduction of related cost. However, there are no perfect security models or mechanisms for healthcare service applications, and privacy information can therefore be leaked. In this paper, we examine security requirements related to privacy protection in u-healthcare service and propose an extended RBAC based security model. We propose and design u-healthcare service integration platform (u-HCSIP) applying RBAC security model. The proposed u-HCSIP performs four main functions: storing and exchanging personal health records (PHR), recommending meals and exercise, buying/selling private health information or experience, and managing personal health data using smart devices.

  8. Constructing RBAC Based Security Model in u-Healthcare Service Platform

    Directory of Open Access Journals (Sweden)

    Moon Sun Shin

    2015-01-01

    Full Text Available In today’s era of aging society, people want to handle personal health care by themselves in everyday life. In particular, the evolution of medical and IT convergence technology and mobile smart devices has made it possible for people to gather information on their health status anytime and anywhere easily using biometric information acquisition devices. Healthcare information systems can contribute to the improvement of the nation’s healthcare quality and the reduction of related cost. However, there are no perfect security models or mechanisms for healthcare service applications, and privacy information can therefore be leaked. In this paper, we examine security requirements related to privacy protection in u-healthcare service and propose an extended RBAC based security model. We propose and design u-healthcare service integration platform (u-HCSIP applying RBAC security model. The proposed u-HCSIP performs four main functions: storing and exchanging personal health records (PHR, recommending meals and exercise, buying/selling private health information or experience, and managing personal health data using smart devices.

  9. Modelling of Security Principles Within Car-to-Car Communications in Modern Cooperative Intelligent Transportation Systems

    Directory of Open Access Journals (Sweden)

    Jan Durech

    2016-01-01

    Full Text Available Intelligent transportation systems (ITS bring advanced applications that provide innovative services for various transportation modes in the area of traffic control, and enable better awareness for different users. Communication connections between intelligent vehicles with the use of wireless communication standards, so called Vehicular Ad Hoc Networks (VANETs, require ensuring verification of validity of provided services as well as services related to transmission confidentiality and integrity. The goal of this paper is to analyze secure mechanisms utilised in VANET communication within Cooperative Intelligent Transportation Systems (C-ITS with a focus on safety critical applications. The practical part of the contribution is dedicated to modelling of security properties of VANET networks via OPNET Modeler tool extended by the implementation of the OpenSSL library for authentication protocol realisation based on digital signature schemes. The designed models simulate a transmission of authorised alert messages in Car-to-Car communication for several traffic scenarios with recommended Elliptic Curve Integrated Encryption Scheme (ECIES. The obtained results of the throughput and delay in the simulated network are compared for secured and no-secured communications in dependence on the selected digital signature schemes and the number of mobile nodes. The OpenSSL library has also been utilised for the comparison of time demandingness of digital signature schemes based on RSA (Rivest Shamir Adleman, DSA (Digital Signature Algorithm and ECDSA (Elliptic Curve Digital Signature Algorithm for different key-lengths suitable for real time VANET communications for safety-critical applications of C-ITS.

  10. Constructing RBAC Based Security Model in u-Healthcare Service Platform

    Science.gov (United States)

    Shin, Moon Sun; Jeon, Heung Seok; Ju, Yong Wan; Lee, Bum Ju; Jeong, Seon-Phil

    2015-01-01

    In today's era of aging society, people want to handle personal health care by themselves in everyday life. In particular, the evolution of medical and IT convergence technology and mobile smart devices has made it possible for people to gather information on their health status anytime and anywhere easily using biometric information acquisition devices. Healthcare information systems can contribute to the improvement of the nation's healthcare quality and the reduction of related cost. However, there are no perfect security models or mechanisms for healthcare service applications, and privacy information can therefore be leaked. In this paper, we examine security requirements related to privacy protection in u-healthcare service and propose an extended RBAC based security model. We propose and design u-healthcare service integration platform (u-HCSIP) applying RBAC security model. The proposed u-HCSIP performs four main functions: storing and exchanging personal health records (PHR), recommending meals and exercise, buying/selling private health information or experience, and managing personal health data using smart devices. PMID:25695104

  11. Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey.

    Science.gov (United States)

    Abdalzaher, Mohamed S; Seddik, Karim; Elsabrouty, Maha; Muta, Osamu; Furukawa, Hiroshi; Abdel-Rahman, Adel

    2016-06-29

    We present a study of using game theory for protecting wireless sensor networks (WSNs) from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs.

  12. Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey

    Directory of Open Access Journals (Sweden)

    Mohamed S. Abdalzaher

    2016-06-01

    Full Text Available We present a study of using game theory for protecting wireless sensor networks (WSNs from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs.

  13. Security and privacy of EHR systems--ethical, social and legal requirements.

    Science.gov (United States)

    Kluge, Eike-Henner W

    2003-01-01

    This paper addresses social, ethical and legal concerns about security and privacy that arise in the development of international interoperable health information systems. The paper deals with these concerns under four rubrics: the ethical status of electronic health records, the social and legal embedding of interoperable health information systems, the overall information-requirements healthcare as such, and the role of health information professionals as facilitators. It argues that the concerns that arise can be met if the development of interoperability protocols is guided by the seven basic principles of information ethics that have been enunciated in the IMIA Code of Ethics for Health Information Professionals and that are central to the ethical treatment of electronic health records.

  14. Systems Security Engineering Capability Maturity Model (SSECMM), Model Description, Version 1.1

    National Research Council Canada - National Science Library

    1997-01-01

    This document is designed to acquaint the reader with the SSE-CMM Project as a whole and present the project's major work product - the Systems Security Engineering Capability Maturity Model (SSE- CMM...

  15. Modelling of Processes of Logistics in Cyberspace Security

    Directory of Open Access Journals (Sweden)

    Konečný Jiří

    2017-01-01

    Full Text Available The goal of this contribution is especially to familiarize experts in various fields with the need for a new approach to the system-defined model and modelling of processes in the engineering practice and the expression of some state variables' possibilities for the modelling of real-world systems with regard to the highly dynamic development of structures and to the behaviour of systems of logistics. Thus, in this contribution, the necessity of making full use of cybernetics as a field for the management and communication of information is expressed, and also the environment of cybernetics as a much needed cybernetic realm (cyberspace, determining the steady state between cyber-attacks and cyber-defence as a modern knowledge-based potential in general and specifically of logistics in cyber security. Connected with this process is the very important area of lifelong training of experts in the dynamic world of science and technology (that is, also in a social system which is also expressed here briefly, and also the cyber and information security, all of which falls under the cyberspace of new perspective electronic learning (e-learning with the use of modern laboratories with new effects also for future possibilities of process modelling of artificial intelligence (AI with a perspective of mass use of UAVs in logistics.

  16. A fuzzy model for exploiting customer requirements

    Directory of Open Access Journals (Sweden)

    Zahra Javadirad

    2016-09-01

    Full Text Available Nowadays, Quality function deployment (QFD is one of the total quality management tools, where customers’ views and requirements are perceived and using various techniques improves the production requirements and operations. The QFD department, after identification and analysis of the competitors, takes customers’ feedbacks to meet the customers’ demands for the products compared with the competitors. In this study, a comprehensive model for assessing the importance of the customer requirements in the products or services for an organization is proposed. The proposed study uses linguistic variables, as a more comprehensive approach, to increase the precision of the expression evaluations. The importance of these requirements specifies the strengths and weaknesses of the organization in meeting the requirements relative to competitors. The results of these experiments show that the proposed method performs better than the other methods.

  17. Decision Model for U.S.- Mexico Border Security Measures

    Science.gov (United States)

    2017-09-01

    missions that the I&A focuses on is, “border security, including narcotics smuggling, alien and human smuggling, and money laundering ...and money assigned to border security investments. 14. SUBJECT TERMS Department of Homeland Security (DHS), border security, U.S.–Mexico border...and money assigned to border security investments. vi THIS PAGE INTENTIONALLY LEFT BLANK vii TABLE OF CONTENTS I. INTRODUCTION

  18. Information Security Behavioral Model: Towards Employees' Knowledge and Attitude

    OpenAIRE

    Mishra, Saurabh; Snehlata, Snehlata; Srivastava, Anjali

    2014-01-01

    Information Security has become a significant concern for today's organizations. The internal security threats acts as the most curtail type of security threat within an organization. These internal security threats are a result of poor conduct of security behavior by the employees within an organization. If not deal properly, it may hamper the auditing of organization. Auditing plays an important role in the business environment. Before conducting auditing it is essential to examine the beha...

  19. Information Security Role Model for Staff of Banking Structures

    Directory of Open Access Journals (Sweden)

    A. O. Vybornov

    2012-12-01

    Full Text Available Categories roles of information security employees of the banking organization are defined. Functional roles are described. The relationship between functional roles, employees, functions and authority are defined. The role of information security employees of the banking organization for information security system and information security management system are described. Recommendations for the implementation phases of the selection and appointment of the functional roles and to control the selection and role assignment information security employees of the banking organization are stated.

  20. 76 FR 10205 - Department of Homeland Security Implementation of OMB Guidance on Drug-Free Workplace Requirements

    Science.gov (United States)

    2011-02-24

    ... Flexibility Act, 5 U.S.C. 605(b), as amended by the Small Business Regulatory Enforcement and Fairness Act of... Guidance on Drug-Free Workplace Requirements AGENCY: Department of Homeland Security (DHS). ACTION: Final... consolidate all Federal regulations on drug-free workplace requirements for financial assistance into one...

  1. Cooperative Monitoring Center Occasional Paper/7: A Generic Model for Cooperative Border Security

    Energy Technology Data Exchange (ETDEWEB)

    Netzer, Colonel Gideon

    1999-03-01

    This paper presents a generic model for dealing with security problems along borders between countries. It presents descriptions and characteristics of various borders and identifies the threats to border security, while emphasizing cooperative monitoring solutions.

  2. Security-Based Mechanism for Proactive Routing Schema Using Game Theory Model

    Directory of Open Access Journals (Sweden)

    Hicham Amraoui

    2016-01-01

    Full Text Available Game theory may offer a useful mechanism to address many problems in mobile ad hoc networks (MANETs. One of the key concepts in the research field of such networks with Optimized Link State Routing Protocol (OLSR is the security problem. Relying on applying game theory to study this problem, we consider two strategies during this suggested model: cooperate and not-cooperate. However, in such networks, it is not easy to identify different actions of players. In this paper, we have essentially been inspired from recent advances provided in game theory to propose a new model for security in MANETs. Our proposal presents a powerful tool with a large number of players where interactions are played multiple times. Moreover, each node keeps a cooperation rate (CR record of other nodes to cope with the behaviors and mitigate aggregate effect of other malicious devices. Additionally, our suggested security mechanism does not only take into consideration security requirements, but also take into account system resources and network performances. The simulation results using Network Simulator 3 are presented to illustrate the effectiveness of the proposal.

  3. Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model.

    Science.gov (United States)

    Moghaddasi, Hamid; Sajjadi, Samad; Kamkarhaghighi, Mehran

    2016-01-01

    Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. The "data security models" presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the "needs and improvement" cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced.

  4. Modeling requirements for in situ vitrification

    International Nuclear Information System (INIS)

    MacKinnon, R.J.; Mecham, D.C.; Hagrman, D.L.; Johnson, R.W.; Murray, P.E.; Slater, C.E.; Marwil, E.S.; Weaver, R.A.; Argyle, M.D.

    1991-11-01

    This document outlines the requirements for the model being developed at the INEL which will provide analytical support for the ISV technology assessment program. The model includes representations of the electric potential field, thermal transport with melting, gas and particulate release, vapor migration, off-gas combustion and process chemistry. The modeling objectives are to (1) help determine the safety of the process by assessing the air and surrounding soil radionuclide and chemical pollution hazards, the nuclear criticality hazard, and the explosion and fire hazards, (2) help determine the suitability of the ISV process for stabilizing the buried wastes involved, and (3) help design laboratory and field tests and interpret results therefrom

  5. Knowledge Base for an Intelligent System in order to Identify Security Requirements for Government Agencies Software Projects

    Directory of Open Access Journals (Sweden)

    Adán Beltrán G.

    2016-01-01

    Full Text Available It has been evidenced that one of the most common causes in the failure of software security is the lack of identification and specification of requirements for information security, it is an activity with an insufficient importance in the software development or software acquisition We propose the knowledge base of CIBERREQ. CIBERREQ is an intelligent knowledge-based system used for the identification and specification of security requirements in the software development cycle or in the software acquisition. CIBERREQ receives functional software requirements written in natural language and produces non-functional security requirements through a semi-automatic process of risk management. The knowledge base built is formed by an ontology developed collaboratively by experts in information security. In this process has been identified six types of assets: electronic data, physical data, hardware, software, person and service; as well as six types of risk: competitive disadvantage, loss of credibility, economic risks, strategic risks, operational risks and legal sanctions. In addition there are defined 95 vulnerabilities, 24 threats, 230 controls, and 515 associations between concepts. Additionally, automatic expansion was used with Wikipedia for the asset types Software and Hardware, obtaining 7125 and 5894 software and hardware subtypes respectively, achieving thereby an improvement of 10% in the identification of the information assets candidates, one of the most important phases of the proposed system.

  6. A cooperative model for IS security risk management in distributed environment.

    Science.gov (United States)

    Feng, Nan; Zheng, Chundong

    2014-01-01

    Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively.

  7. A Key Generation Model for Improving the Security of Cryptographic ...

    African Journals Online (AJOL)

    Cryptography is a mathematical technique that plays an important role in information security techniques for addressing authentication, interactive proofs, data origination, sender/receiver identity, non-repudiation, secure computation, data integrity and confidentiality, message integrity checking and digital signatures.

  8. Business models and business model innovation in a “Secure and Distributed Cloud Clustering (DISC) Society”

    DEFF Research Database (Denmark)

    Lindgren, Peter; Taran, Yariv

    2011-01-01

    of secure business models and how business models can be operated and innovated in a secure context have intensified tremendously. The development of new mobile and wireless security technologies gives hopes to really realize a secure cloud clustering society where business models can act and be innovated......The development and innovation of business models to a secure distributed cloud clustering society (DISC)—is indeed still a complex venture and has not been widely researched yet. Numerous types of security technologies are in these years proposed and in the “slip stream” of these the study...... secure—but we still have some steps to go before we reach the final destination. The paper gives a conceptual futuristic outlook on behalf of the input from SW2010 and state of the art business model research to what we can expect of business Model and business model innovation in a future secure cloud...

  9. Architectural model for crowdsourcing for human security threats ...

    African Journals Online (AJOL)

    Journal of Computer Science and Its Application ... Crowdsourcing for Human Security Threats Situation Information and Response System (CHSTSIRS) is proposed in this paper to report Human Security (HS) ... Keywords: Human security, Crowdsourcing, Threats, Situation Information, Agency, Google, Cloud Messaging ...

  10. Security Certification Challenges in a Cloud Computing Delivery Model

    Science.gov (United States)

    2010-04-27

    Relevant Security Standards, Certifications, and Guidance  NIST SP 800 series  ISO /IEC 27001 framework  Cloud Security Alliance  Statement of...CSA Domains / Cloud Features ISO 27001 Cloud Service Provider Responsibility Government Agency Responsibility Analyze Security gaps Compensating

  11. Experimental and theoretical requirements for fuel modelling

    International Nuclear Information System (INIS)

    Gatesoupe, J.P.

    1979-01-01

    From a scientific point of view it may be considered that any event in the life of a fuel pin under irradiation should be perfectly well understood and foreseen from that deterministic point of view, the whole behaviour of the pin maybe analysed and dismantled with a specific function for every component part and each component part related to one basic phenomenon which can be independently studied on pure physical grounds. When extracted from the code structure the subroutine is studied for itself by specialists who try to keep as close as possible to the physics involved in the phenomenon; that often leads to an impressive luxury in details and a subsequent need for many unavailable input data. It might seem more secure to follow that approach since it tries to be firmly based on theoretical grounds. One should think so if the phenomenological situation in the pin were less complex than it is. The codes would not be adequate for off-normal operating conditions since for the accidental transient conditions the key-phenomena would not be the same as for steady-state or slow transient conditions. The orientation given to fuel modelling is based on our two main technological constraints which are: no fuel melting; no cladding failure; no excessive cladding deformation. In this context, the only relevant models are those which have a significant influence on the maximum temperatures in the fuel or on the cladding damage hence the selection between key models and irrelevant models which will next be done. A rather pragmatic view is kept on codification with a special focus on a few determinant aspects of fuel behaviour and no attention to models which are nothing but decorative. Fuel modeling is merely considered as a link between experimental knowledge; it serves as a guide for further improvements in fuel design and as so happens to be quite useful. On this basis the main lacks in of fuel behaviour is described. These are mainly concerning: thermal transfer through

  12. A comprehensive Network Security Risk Model for process control networks.

    Science.gov (United States)

    Henry, Matthew H; Haimes, Yacov Y

    2009-02-01

    The risk of cyber attacks on process control networks (PCN) is receiving significant attention due to the potentially catastrophic extent to which PCN failures can damage the infrastructures and commodity flows that they support. Risk management addresses the coupled problems of (1) reducing the likelihood that cyber attacks would succeed in disrupting PCN operation and (2) reducing the severity of consequences in the event of PCN failure or manipulation. The Network Security Risk Model (NSRM) developed in this article provides a means of evaluating the efficacy of candidate risk management policies by modeling the baseline risk and assessing expectations of risk after the implementation of candidate measures. Where existing risk models fall short of providing adequate insight into the efficacy of candidate risk management policies due to shortcomings in their structure or formulation, the NSRM provides model structure and an associated modeling methodology that captures the relevant dynamics of cyber attacks on PCN for risk analysis. This article develops the NSRM in detail in the context of an illustrative example.

  13. Minimum Lateral Bone Coverage Required for Securing Fixation of Cementless Acetabular Components in Hip Dysplasia

    Directory of Open Access Journals (Sweden)

    Masanori Fujii

    2017-01-01

    Full Text Available Objectives. To determine the minimum lateral bone coverage required for securing stable fixation of the porous-coated acetabular components (cups in hip dysplasia. Methods. In total, 215 primary total hip arthroplasties in 199 patients were reviewed. The average follow-up period was 49 months (range: 24–77 months. The lateral bone coverage of the cups was assessed by determining the cup center-edge (cup-CE angle and the bone coverage index (BCI from anteroposterior pelvic radiographs. Further, cup fixation was determined using the modified DeLee and Charnley classification system. Results. All cups were judged to show stable fixation by bone ingrowth. The cup-CE angle was less than 0° in 7 hips (3.3% and the minimum cup-CE angle was −9.2° (BCI: 48.8%. Thin radiolucent lines were observed in 5 hips (2.3%, which were not associated with decreased lateral bone coverage. Loosening, osteolysis, dislocation, or revision was not observed in any of the cases during the follow-up period. Conclusion. A cup-CE angle greater than −10° (BCI > 50% was acceptable for stable bony fixation of the cup. Considering possible errors in manual implantation, we recommend that the cup position be planned such that the cup-CE angle is greater than 0° (BCI > 60%.

  14. The Chain-Link Fence Model: A Framework for Creating Security Procedures

    Science.gov (United States)

    Houghton, Robert F.

    2013-01-01

    A long standing problem in information technology security is how to help reduce the security footprint. Many specific proposals exist to address specific problems in information technology security. Most information technology solutions need to be repeatable throughout the course of an information systems lifecycle. The Chain-Link Fence Model is…

  15. RiskREP : risk-based security requirements elicitation and prioritization

    NARCIS (Netherlands)

    Herrmann, A.; Morali, A.; Etalle, S.; Wieringa, R.J.

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement "good-enough security" but need to be able to justify their security investment plans. In this paper, we present a Risk-Based

  16. 17 CFR 240.6h-1 - Settlement and regulatory halt requirements for security futures products.

    Science.gov (United States)

    2010-04-01

    ... investors and the public interest, taking into account such factors as fairness to buyers and sellers of the affected security futures product, the maintenance of a fair and orderly market in such security futures... with the protection of investors. An exemption granted pursuant to this paragraph shall not operate as...

  17. 48 CFR 1352.237-70 - Security processing requirements-high or moderate risk contracts.

    Science.gov (United States)

    2010-10-01

    ... background inquiries pertaining to verification of name, physical description, marital status, present and... undergo security processing by the Department's Office of Security before being eligible to work on the.... citizens must have: (1) Official legal status in the United States; (2) Continuously resided in the United...

  18. Improving Deterministic Reserve Requirements for Security Constrained Unit Commitment and Scheduling Problems in Power Systems

    Science.gov (United States)

    Wang, Fengyu

    Traditional deterministic reserve requirements rely on ad-hoc, rule of thumb methods to determine adequate reserve in order to ensure a reliable unit commitment. Since congestion and uncertainties exist in the system, both the quantity and the location of reserves are essential to ensure system reliability and market efficiency. The modeling of operating reserves in the existing deterministic reserve requirements acquire the operating reserves on a zonal basis and do not fully capture the impact of congestion. The purpose of a reserve zone is to ensure that operating reserves are spread across the network. Operating reserves are shared inside each reserve zone, but intra-zonal congestion may block the deliverability of operating reserves within a zone. Thus, improving reserve policies such as reserve zones may improve the location and deliverability of reserve. As more non-dispatchable renewable resources are integrated into the grid, it will become increasingly difficult to predict the transfer capabilities and the network congestion. At the same time, renewable resources require operators to acquire more operating reserves. With existing deterministic reserve requirements unable to ensure optimal reserve locations, the importance of reserve location and reserve deliverability will increase. While stochastic programming can be used to determine reserve by explicitly modelling uncertainties, there are still scalability as well as pricing issues. Therefore, new methods to improve existing deterministic reserve requirements are desired. One key barrier of improving existing deterministic reserve requirements is its potential market impacts. A metric, quality of service, is proposed in this thesis to evaluate the price signal and market impacts of proposed hourly reserve zones. Three main goals of this thesis are: 1) to develop a theoretical and mathematical model to better locate reserve while maintaining the deterministic unit commitment and economic dispatch

  19. Strategic information security

    CERN Document Server

    Wylder, John

    2003-01-01

    Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

  20. Utilization of Integrated Assessment Modeling for determining geologic CO2 storage security

    Science.gov (United States)

    Pawar, R.

    2017-12-01

    Geologic storage of carbon dioxide (CO2) has been extensively studied as a potential technology to mitigate atmospheric concentration of CO2. Multiple international research & development efforts, large-scale demonstration and commercial projects are helping advance the technology. One of the critical areas of active investigation is prediction of long-term CO2 storage security and risks. A quantitative methodology for predicting a storage site's long-term performance is critical for making key decisions necessary for successful deployment of commercial scale projects where projects will require quantitative assessments of potential long-term liabilities. These predictions are challenging given that they require simulating CO2 and in-situ fluid movements as well as interactions through the primary storage reservoir, potential leakage pathways (such as wellbores, faults, etc.) and shallow resources such as groundwater aquifers. They need to take into account the inherent variability and uncertainties at geologic sites. This talk will provide an overview of an approach based on integrated assessment modeling (IAM) to predict long-term performance of a geologic storage site including, storage reservoir, potential leakage pathways and shallow groundwater aquifers. The approach utilizes reduced order models (ROMs) to capture the complex physical/chemical interactions resulting due to CO2 movement and interactions but are computationally extremely efficient. Applicability of the approach will be demonstrated through examples that are focused on key storage security questions such as what is the probability of leakage of CO2 from a storage reservoir? how does storage security vary for different geologic environments and operational conditions? how site parameter variability and uncertainties affect storage security, etc.

  1. 41 CFR 102-72.95 - What are the requirements for obtaining a security delegation of authority from GSA?

    Science.gov (United States)

    2010-07-01

    ... the requirements for obtaining a security delegation of authority from GSA? An Executive agency may... PBS. The delegation may be granted where the requesting agency demonstrates a compelling need for the delegated authority and the delegation is not inconsistent with the authorities of any other law enforcement...

  2. Maritime supply chain security: Navigating through a sea of compliance requirements

    Directory of Open Access Journals (Sweden)

    Emma Maspero

    2008-11-01

    Full Text Available As a direct result of the 9-11 New York attack all modes of freight and passengertransportation were scrutinised for vulnerabilities. Over 90% of international trade takes place via sea transport for at least some part of the supply chain and as a result there has been a drive to better secure maritime transportation. This paper outlines the background to and the rationale behind the most important of the new security measures for maritime transportation and provides an overview of the likely implications for supply chain role-players. In addition the paper endeavours to create awareness of the importance of maritime supply chain security.

  3. The Requirement of a Positive Definite Covariance Matrix of Security Returns for Mean-Variance Portfolio Analysis: A Pedagogic Illustration

    Directory of Open Access Journals (Sweden)

    Clarence C. Y. Kwan

    2010-07-01

    Full Text Available This study considers, from a pedagogic perspective, a crucial requirement for the covariance matrix of security returns in mean-variance portfolio analysis. Although the requirement that the covariance matrix be positive definite is fundamental in modern finance, it has not received any attention in standard investment textbooks. Being unaware of the requirement could cause confusion for students over some strange portfolio results that are based on seemingly reasonable input parameters. This study considers the requirement both informally and analytically. Electronic spreadsheet tools for constrained optimization and basic matrix operations are utilized to illustrate the various concepts involved.

  4. Energy Security Requires Diversity: An Argument for The Defense Production Act Title III Biofuel Initiative

    Science.gov (United States)

    2013-06-19

    Media, Integrated Marketing Communications at Northwestern University, http://oilchangeproject.nationalsecurityzone.org/choke-points/chokepoints-map-2...23 Source: The National Security Reporting Project, Medill School of Journalism, Media, Integrated Marketing Communications at Northwestern

  5. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study.

    Science.gov (United States)

    Manion, Frank J; Robbins, Robert J; Weems, William A; Crowley, Rebecca S

    2009-06-15

    Data protection is important for all information systems that deal with human-subjects data. Grid-based systems--such as the cancer Biomedical Informatics Grid (caBIG)--seek to develop new mechanisms to facilitate real-time federation of cancer-relevant data sources, including sources protected under a variety of regulatory laws, such as HIPAA and 21CFR11. These systems embody new models for data sharing, and hence pose new challenges to the regulatory community, and to those who would develop or adopt them. These challenges must be understood by both systems developers and system adopters. In this paper, we describe our work collecting policy statements, expectations, and requirements from regulatory decision makers at academic cancer centers in the United States. We use these statements to examine fundamental assumptions regarding data sharing using data federations and grid computing. An interview-based study of key stakeholders from a sample of US cancer centers. Interviews were structured, and used an instrument that was developed for the purpose of this study. The instrument included a set of problem scenarios--difficult policy situations that were derived during a full-day discussion of potentially problematic issues by a set of project participants with diverse expertise. Each problem scenario included a set of open-ended questions that were designed to elucidate stakeholder opinions and concerns. Interviews were transcribed verbatim and used for both qualitative and quantitative analysis. For quantitative analysis, data was aggregated at the individual or institutional unit of analysis, depending on the specific interview question. Thirty-one (31) individuals at six cancer centers were contacted to participate. Twenty-four out of thirty-one (24/31) individuals responded to our request- yielding a total response rate of 77%. Respondents included IRB directors and policy-makers, privacy and security officers, directors of offices of research, information

  6. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study

    Directory of Open Access Journals (Sweden)

    Weems William A

    2009-06-01

    security officers, directors of offices of research, information security officers and university legal counsel. Nineteen total interviews were conducted over a period of 16 weeks. Respondents provided answers for all four scenarios (a total of 87 questions. Results were grouped by broad themes, including among others: governance, legal and financial issues, partnership agreements, de-identification, institutional technical infrastructure for security and privacy protection, training, risk management, auditing, IRB issues, and patient/subject consent. Conclusion The findings suggest that with additional work, large scale federated sharing of data within a regulated environment is possible. A key challenge is developing suitable models for authentication and authorization practices within a federated environment. Authentication – the recognition and validation of a person's identity – is in fact a global property of such systems, while authorization – the permission to access data or resources – mimics data sharing agreements in being best served at a local level. Nine specific recommendations result from the work and are discussed in detail. These include: (1 the necessity to construct separate legal or corporate entities for governance of federated sharing initiatives on this scale; (2 consensus on the treatment of foreign and commercial partnerships; (3 the development of risk models and risk management processes; (4 development of technical infrastructure to support the credentialing process associated with research including human subjects; (5 exploring the feasibility of developing large-scale, federated honest broker approaches; (6 the development of suitable, federated identity provisioning processes to support federated authentication and authorization; (7 community development of requisite HIPAA and research ethics training modules by federation members; (8 the recognition of the need for central auditing requirements and authority, and; (9 use of two

  7. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study

    Science.gov (United States)

    2009-01-01

    Background Data protection is important for all information systems that deal with human-subjects data. Grid-based systems – such as the cancer Biomedical Informatics Grid (caBIG) – seek to develop new mechanisms to facilitate real-time federation of cancer-relevant data sources, including sources protected under a variety of regulatory laws, such as HIPAA and 21CFR11. These systems embody new models for data sharing, and hence pose new challenges to the regulatory community, and to those who would develop or adopt them. These challenges must be understood by both systems developers and system adopters. In this paper, we describe our work collecting policy statements, expectations, and requirements from regulatory decision makers at academic cancer centers in the United States. We use these statements to examine fundamental assumptions regarding data sharing using data federations and grid computing. Methods An interview-based study of key stakeholders from a sample of US cancer centers. Interviews were structured, and used an instrument that was developed for the purpose of this study. The instrument included a set of problem scenarios – difficult policy situations that were derived during a full-day discussion of potentially problematic issues by a set of project participants with diverse expertise. Each problem scenario included a set of open-ended questions that were designed to elucidate stakeholder opinions and concerns. Interviews were transcribed verbatim and used for both qualitative and quantitative analysis. For quantitative analysis, data was aggregated at the individual or institutional unit of analysis, depending on the specific interview question. Results Thirty-one (31) individuals at six cancer centers were contacted to participate. Twenty-four out of thirty-one (24/31) individuals responded to our request- yielding a total response rate of 77%. Respondents included IRB directors and policy-makers, privacy and security officers, directors of

  8. Assessing work disability for social security benefits: international models for the direct assessment of work capacity.

    Science.gov (United States)

    Geiger, Ben Baumberg; Garthwaite, Kayleigh; Warren, Jon; Bambra, Clare

    2017-08-25

    It has been argued that social security disability assessments should directly assess claimants' work capacity, rather than relying on proxies such as on functioning. However, there is little academic discussion of how such assessments could be conducted. The article presents an account of different models of direct disability assessments based on case studies of the Netherlands, Germany, Denmark, Norway, the United States of America, Canada, Australia, and New Zealand, utilising over 150 documents and 40 expert interviews. Three models of direct work disability assessments can be observed: (i) structured assessment, which measures the functional demands of jobs across the national economy and compares these to claimants' functional capacities; (ii) demonstrated assessment, which looks at claimants' actual experiences in the labour market and infers a lack of work capacity from the failure of a concerned rehabilitation attempt; and (iii) expert assessment, based on the judgement of skilled professionals. Direct disability assessment within social security is not just theoretically desirable, but can be implemented in practice. We have shown that there are three distinct ways that this can be done, each with different strengths and weaknesses. Further research is needed to clarify the costs, validity/legitimacy, and consequences of these different models. Implications for rehabilitation It has recently been argued that social security disability assessments should directly assess work capacity rather than simply assessing functioning - but we have no understanding about how this can be done in practice. Based on case studies of nine countries, we show that direct disability assessment can be implemented, and argue that there are three different ways of doing it. These are "demonstrated assessment" (using claimants' experiences in the labour market), "structured assessment" (matching functional requirements to workplace demands), and "expert assessment" (the

  9. Projected irrigation requirements for upland crops using soil moisture model under climate change in South Korea

    Science.gov (United States)

    An increase in abnormal climate change patterns and unsustainable irrigation in uplands cause drought and affect agricultural water security, crop productivity, and price fluctuations. In this study, we developed a soil moisture model to project irrigation requirements (IR) for upland crops under cl...

  10. Quantitative Model for Economic Analyses of Information Security Investment in an Enterprise Information System

    Directory of Open Access Journals (Sweden)

    Bojanc Rok

    2012-11-01

    Full Text Available The paper presents a mathematical model for the optimal security-technology investment evaluation and decision-making processes based on the quantitative analysis of security risks and digital asset assessments in an enterprise. The model makes use of the quantitative analysis of different security measures that counteract individual risks by identifying the information system processes in an enterprise and the potential threats. The model comprises the target security levels for all identified business processes and the probability of a security accident together with the possible loss the enterprise may suffer. The selection of security technology is based on the efficiency of selected security measures. Economic metrics are applied for the efficiency assessment and comparative analysis of different protection technologies. Unlike the existing models for evaluation of the security investment, the proposed model allows direct comparison and quantitative assessment of different security measures. The model allows deep analyses and computations providing quantitative assessments of different options for investments, which translate into recommendations facilitating the selection of the best solution and the decision-making thereof. The model was tested using empirical examples with data from real business environment.

  11. Evaluating the Security Risks of System Using Hidden Markov Models

    African Journals Online (AJOL)

    System security assessment tools are either restricted to manual risk evaluation methodologies that are not appropriate for real-time application or used to determine the impact of certain events on the security status of networked systems. In this paper, we determine the strength of computer systems from the perspective of ...

  12. Asset backed securities : risks, ratings and quantitative modelling

    NARCIS (Netherlands)

    Jönsson, B.H.B.; Schoutens, W.

    2009-01-01

    Asset backed securities (ABSs) are structured finance products backed by pools of assets and are created through a securitisation process. The risks in asset backed securities, such as, credit risk, prepayment risk, market risks, operational risk, and legal risks, are directly connected with the

  13. Family Food Security and Children’s Environment: A Comprehensive Analysis with Structural Equation Modeling

    OpenAIRE

    Che Wan Jasimah bt Wan Mohamed Radzi; Huang Hui; Nur Anisah Binti Mohamed @ A. Rahman; Hashem Salarzadeh Jenatabadi

    2017-01-01

    Structural Equation Modeling (SEM) has been used extensively in sustainability studies to model relationships among latent and manifest variables. This paper provides a tutorial exposition of the SEM approach in food security studies and introduces a basic framework based on family food security and children’s environment sustainability. This framework includes family food security and three main concepts representing children’s environment, including children’s BMI, health, and school perfor...

  14. A developmental approach to learning causal models for cyber security

    Science.gov (United States)

    Mugan, Jonathan

    2013-05-01

    To keep pace with our adversaries, we must expand the scope of machine learning and reasoning to address the breadth of possible attacks. One approach is to employ an algorithm to learn a set of causal models that describes the entire cyber network and each host end node. Such a learning algorithm would run continuously on the system and monitor activity in real time. With a set of causal models, the algorithm could anticipate novel attacks, take actions to thwart them, and predict the second-order effects flood of information, and the algorithm would have to determine which streams of that flood were relevant in which situations. This paper will present the results of efforts toward the application of a developmental learning algorithm to the problem of cyber security. The algorithm is modeled on the principles of human developmental learning and is designed to allow an agent to learn about the computer system in which it resides through active exploration. Children are flexible learners who acquire knowledge by actively exploring their environment and making predictions about what they will find,1, 2 and our algorithm is inspired by the work of the developmental psychologist Jean Piaget.3 Piaget described how children construct knowledge in stages and learn new concepts on top of those they already know. Developmental learning allows our algorithm to focus on subsets of the environment that are most helpful for learning given its current knowledge. In experiments, the algorithm was able to learn the conditions for file exfiltration and use that knowledge to protect sensitive files.

  15. Demarcation of Security in Authentication Protocols

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Security analysis of communication protocols is a slippery business; many “secure” protocols later turn out to be insecure. Among many, two complains are more frequent: inadequate definition of security and unstated assumptions in the security model. In our experience, one principal cause...... for such state of affairs is an apparent overlap of security and correctness, which may lead to many sloppy security definitions and security models. Although there is no inherent need to separate security and correctness requirements, practically, such separation is significant. It makes security analysis...... easier, and enables us to define security goals with a fine granularity. We present one such separation, by introducing the notion of binding sequence as a security primitive. A binding sequence, roughly speaking, is the only required security property of an authentication protocol. All other...

  16. Advancing botnet modeling techniques for military and security simulations

    Science.gov (United States)

    Banks, Sheila B.; Stytz, Martin R.

    2011-06-01

    Simulation environments serve many purposes, but they are only as good as their content. One of the most challenging and pressing areas that call for improved content is the simulation of bot armies (botnets) and their effects upon networks and computer systems. Botnets are a new type of malware, a type that is more powerful and potentially dangerous than any other type of malware. A botnet's power derives from several capabilities including the following: 1) the botnet's capability to be controlled and directed throughout all phases of its activity, 2) a command and control structure that grows increasingly sophisticated, and 3) the ability of a bot's software to be updated at any time by the owner of the bot (a person commonly called a bot master or bot herder.) Not only is a bot army powerful and agile in its technical capabilities, a bot army can be extremely large, can be comprised of tens of thousands, if not millions, of compromised computers or it can be as small as a few thousand targeted systems. In all botnets, their members can surreptitiously communicate with each other and their command and control centers. In sum, these capabilities allow a bot army to execute attacks that are technically sophisticated, difficult to trace, tactically agile, massive, and coordinated. To improve our understanding of their operation and potential, we believe that it is necessary to develop computer security simulations that accurately portray bot army activities, with the goal of including bot army simulations within military simulation environments. In this paper, we investigate issues that arise when simulating bot armies and propose a combination of the biologically inspired MSEIR infection spread model coupled with the jump-diffusion infection spread model to portray botnet propagation.

  17. 78 FR 54720 - Registration and Financial Security Requirements for Brokers of Property and Freight Forwarders

    Science.gov (United States)

    2013-09-05

    ... trustee previously filed Forms BMC-84 or BMC-85, do I need to file a new one reflecting the new $75,000... jurisdiction must file new BMC-84 or BMC-85 forms reflecting the new minimum financial security amount of $75,000 as of October 1, 2013. FMCSA will develop new BMC forms for use by surety bonding companies and...

  18. 27 CFR 70.281 - Form of bond and security required.

    Science.gov (United States)

    2010-04-01

    ..., express or telegraph money order; (v) Secured by corporate bonds or stocks, or by bonds issued by a State... of business or legal residence of the primary obligor is located; (ii) The surety must have property... which the principal place of business or legal residence of the primary obligor is located; (iv) The...

  19. 26 CFR 301.7101-1 - Form of bond and security required.

    Science.gov (United States)

    2010-04-01

    ..., bank, express or telegraph money order; (v) Secured by corporate bonds or stocks, or by bonds issued by... legal residence of the primary obligor is located; (ii) He must have property subject to execution of a... or legal residence of the primary obligor is located; (iv) He must agree not to mortgage, or...

  20. Technology transfer of dynamic IT outsourcing requires security measures in SLAs

    NARCIS (Netherlands)

    F. Dickmann (Frank); M. Brodhun (Maximilian); J. Falkner (Jürgen); T.A. Knoch (Tobias); U. Sax (Ulrich)

    2010-01-01

    textabstractFor the present efforts in dynamic IT outsourcing environments like Grid or Cloud computing security and trust are ongoing issues. SLAs are a proved remedy to build up trust in outsourcing relations. Therefore, it is necessary to determine whether SLAs can improve trust from the

  1. 17 CFR 402.2 - Capital requirements for registered government securities brokers and dealers.

    Science.gov (United States)

    2010-04-01

    ...)(B) of this title; (7) Loans to commercial banks for one business day of immediately available funds...; (3) Demand deposits in the case where the counterparty is a commercial bank; (4) Loans for one... made in the case where the counterparty is a commercial bank; (5) Custodial holdings of securities in...

  2. 48 CFR 1352.239-72 - Security requirements for information technology resources.

    Science.gov (United States)

    2010-10-01

    ... information, the loss, misuse, or unauthorized access to, or modification of which could adversely affect the... inspection, investigation, and audit to safeguard against threats and hazards to the integrity, availability... Official's written accreditation decision from the COR, maintain the approved level of system security as...

  3. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. In this paper, we present a Risk-Based

  4. 48 CFR 352.239-72 - Security requirements for Federal information technology resources.

    Science.gov (United States)

    2010-10-01

    ..., Security Self-Assessment Guide for Information Technology Systems and FIPS 200, on an annual basis. (C) HHS... basis, the Contractor shall provide to the Contracting Officer verification that the IT-SP remains valid... Contracting Officer verification that the IT-SC&A remains valid. Evidence of a valid system accreditation...

  5. An Impact Assessment Model for Distributed Adaptive Security Situation Assessment

    National Research Council Canada - National Science Library

    Heckman, Mark; Joshi, Nikhil; Tylutki, Marcus; Levitt, Karl; Just, James; Clough, Lawrence

    2005-01-01

    The goal of any intrusion detection, anti-virus, firewall or other security mechanism is not simply to stop attacks, but to protect a computing resource so that the resource can continue to perform its function...

  6. A Security Risk Measurement for the RAdAC Model

    National Research Council Canada - National Science Library

    Britton, David W; Brown, Ian A

    2007-01-01

    .... The intent is to quantify the risk involved in a single information transaction. Additionally, this thesis will attempt to identify the risk factors involved when calculating the total security risk measurement...

  7. Improved Security Models & Protocols in Online Mobile Business Financial Transactions

    OpenAIRE

    Sreeramana Aithal

    2017-01-01

    Chapter I : Introduction to Mobile Business and Mobile Banking Chapter II : Review of Literature on Mobile Business Technology, Mobile Banking Services & Security Chapter III : Research Objectives and Methodology Chapter IV : Results and Discussion Chapter V : Summary and Conclusions Bibliography

  8. Using Bayesian Networks and Decision Theory to Model Physical Security

    National Research Council Canada - National Science Library

    Roberts, Nancy

    2003-01-01

    .... Cameras, sensors and other components used along with the simple rules in the home automation software provide an environment where the lights, security and other appliances can be monitored and controlled...

  9. Spatially Informed Plant PRA Models for Security Assessment

    International Nuclear Information System (INIS)

    Wheeler, Timothy A.; Thomas, Willard; Thornsbury, Eric

    2006-01-01

    Traditional risk models can be adapted to evaluate plant response for situations where plant systems and structures are intentionally damaged, such as from sabotage or terrorism. This paper describes a process by which traditional risk models can be spatially informed to analyze the effects of compound and widespread harsh environments through the use of 'damage footprints'. A 'damage footprint' is a spatial map of regions of the plant (zones) where equipment could be physically destroyed or disabled as a direct consequence of an intentional act. The use of 'damage footprints' requires that the basic events from the traditional probabilistic risk assessment (PRA) be spatially transformed so that the failure of individual components can be linked to the destruction of or damage to specific spatial zones within the plant. Given the nature of intentional acts, extensive modifications must be made to the risk models to account for the special nature of the 'initiating events' associated with deliberate adversary actions. Intentional acts might produce harsh environments that in turn could subject components and structures to one or more insults, such as structural, fire, flood, and/or vibration and shock damage. Furthermore, the potential for widespread damage from some of these insults requires an approach that addresses the impacts of these potentially severe insults even when they occur in locations distant from the actual physical location of a component or structure modeled in the traditional PRA. (authors)

  10. Review of the model of technological pragmatism considering privacy and security

    Directory of Open Access Journals (Sweden)

    Kovačević-Lepojević Marina M.

    2013-01-01

    Full Text Available The model of technological pragmatism assumes awareness that technological development involves both benefits and dangers. Most modern security technologies represent citizens' mass surveillance tools, which can lead to compromising a significant amount of personal data due to the lack of institutional monitoring and control. On the other hand, people are interested in improving crime control and reducing the fear of potential victimization which this framework provides as a rational justification for the apparent loss of privacy, personal rights and freedoms. Citizens' perception on the categories of security and privacy, and their balancing, can provide the necessary guidelines to regulate the application of security technologies in the actual context. The aim of this paper is to analyze the attitudes of students at the University of Belgrade (N = 269 toward the application of security technology and identification of the key dimensions. On the basis of the relevant research the authors have formed assumptions about the following dimensions: security, privacy, trust in institutions and concern about the misuse of security technology. The Prise Questionnaire on Security Technology and Privacy was used for data collection. Factor analysis abstracted eight factors which together account for 58% of variance, with the highest loading of the four factors that are identified as security, privacy, trust and concern. The authors propose a model of technological pragmatism considering security and privacy. The data also showed that students are willing to change their privacy for the purpose of improving security and vice versa.

  11. Modeling and simulation for cyber-physical system security research, development and applications.

    Energy Technology Data Exchange (ETDEWEB)

    Pollock, Guylaine M.; Atkins, William Dee; Schwartz, Moses Daniel; Chavez, Adrian R.; Urrea, Jorge Mario; Pattengale, Nicholas; McDonald, Michael James; Cassidy, Regis H.; Halbgewachs, Ronald D.; Richardson, Bryan T.; Mulder, John C.

    2010-02-01

    This paper describes a new hybrid modeling and simulation architecture developed at Sandia for understanding and developing protections against and mitigations for cyber threats upon control systems. It first outlines the challenges to PCS security that can be addressed using these technologies. The paper then describes Virtual Control System Environments (VCSE) that use this approach and briefly discusses security research that Sandia has performed using VCSE. It closes with recommendations to the control systems security community for applying this valuable technology.

  12. Behavioral Modeling of WSN MAC Layer Security Attacks: A Sequential UML Approach

    DEFF Research Database (Denmark)

    Pawar, Pranav M.; Nielsen, Rasmus Hjorth; Prasad, Neeli R.

    2012-01-01

    is the vulnerability to security attacks/threats. The performance and behavior of a WSN are vastly affected by such attacks. In order to be able to better address the vulnerabilities of WSNs in terms of security, it is important to understand the behavior of the attacks. This paper addresses the behavioral modeling...... of medium access control (MAC) security attacks in WSNs. The MAC layer is responsible for energy consumption, delay and channel utilization of the network and attacks on this layer can introduce significant degradation of the individual sensor nodes due to energy drain and in performance due to delays....... The behavioral modeling of attacks will be beneficial for designing efficient and secure MAC layer protocols. The security attacks are modeled using a sequential diagram approach of Unified Modeling Language (UML). Further, a new attack definition, specific to hybrid MAC mechanisms, is proposed....

  13. Gamified Requirements Engineering: Model and Experimentation

    NARCIS (Netherlands)

    Lombriser, Philipp; Dalpiaz, Fabiano; Lucassen, Garm; Brinkkemper, Sjaak

    2016-01-01

    [Context & Motivation] Engaging stakeholders in requirements engineering (RE) influences the quality of the requirements and ultimately of the system to-be. Unfortunately, stakeholder engagement is often insufficient, leading to too few, low-quality requirements. [Question/problem] We aim to

  14. Analysis of Marine Corps renewable energy planning to meet installation energy security requirements

    OpenAIRE

    Chisom, Christopher M.; Templenton, Jack C., II

    2013-01-01

    Approved for public release; distribution is unlimited. The purpose of this thesis is to analyze Marine Corps installation energy consumption and the pursuit of increased renewable energy generation goals across Marine Corps installations. The main objective of this report is to determine the cost of interruption and the net present value (NPV) of renewable energy generation needed to meet the Marine Corps energy security objectives. First, we determine installation-specific energy consump...

  15. Security extension for the Canetti-Krawczyk model in identity-based systems

    Institute of Scientific and Technical Information of China (English)

    LI Xinghua; MA Jianfeng; SangJae Moon

    2005-01-01

    The Canetti-Krawczyk (CK) model is a formalism for the analysis of keyexchange protocols, which can guarantee many security properties for the protocols proved secure by this model. But we find this model lacks the ability to guarantee key generation center (KGC) forward secrecy, which is an important security property for key-agreement protocols based on Identity. The essential reason leading to this weakness is that it does not fully consider the attacker's capabilities. In this paper, the CK model is accordingly extended with a new additional attacker's capability of the KGC corruption in Identity-based systems, which enables it to support KGC forward secrecy.

  16. Strengthening global health security by embedding the International Health Regulations requirements into national health systems.

    Science.gov (United States)

    Kluge, Hans; Martín-Moreno, Jose Maria; Emiroglu, Nedret; Rodier, Guenael; Kelley, Edward; Vujnovic, Melitta; Permanand, Govin

    2018-01-01

    The International Health Regulations (IHR) 2005, as the overarching instrument for global health security, are designed to prevent and cope with major international public health threats. But poor implementation in countries hampers their effectiveness. In the wake of a number of major international health crises, such as the 2014 Ebola and 2016 Zika outbreaks, and the findings of a number of high-level assessments of the global response to these crises, it has become clear that there is a need for more joined-up thinking between health system strengthening activities and health security efforts for prevention, alert and response. WHO is working directly with its Member States to promote this approach, more specifically around how to better embed the IHR (2005) core capacities into the main health system functions. This paper looks at how and where the intersections between the IHR and the health system can be best leveraged towards developing greater health system resilience. This merging of approaches is a key component in pursuit of Universal Health Coverage and strengthened global health security as two mutually reinforcing agendas.

  17. New security and privacy laws require basic changes in professional practice

    Science.gov (United States)

    Sykes, David M.

    2005-09-01

    Everybody knows about HIPAA-but what about GLBA? FIPA? The Patriot Act? Homeland Security? NCLB? FCRA? CASB1? PIPEDA? All of these are recent laws that impact acoustical design. Throw in the American Hospital Association/ASHE and AIA's about-to-be-released ``Guidelines for the Design of Healthcare Facilities'' as well as the redrafting of DCID 6/9 and it looks like time for careful examination of some professional practices relating to security and privacy. Should INCE members join with and endorse the ASA's recently formed Joint TCAA/TCN Subcommittee which aims to fill a policy vacuum in Washington and Ottawa relating to the fundamental protection of citizens' rights to privacy? This group will formulate consistent guidelines to enable federal and state agencies in the US and Canada to enforce and monitor their laws-will their guidelines affect INCE members? Those who advise or give expert testimony to government agencies, defense/security organizations, courts, and large institutions in financial services, healthcare or education likely find themselves in a rapidly shifting landscape and recognize the need to respond with new research and professional practices.

  18. Application of the JDL data fusion process model for cyber security

    Science.gov (United States)

    Giacobe, Nicklaus A.

    2010-04-01

    A number of cyber security technologies have proposed the use of data fusion to enhance the defensive capabilities of the network and aid in the development of situational awareness for the security analyst. While there have been advances in fusion technologies and the application of fusion in intrusion detection systems (IDSs), in particular, additional progress can be made by gaining a better understanding of a variety of data fusion processes and applying them to the cyber security application domain. This research explores the underlying processes identified in the Joint Directors of Laboratories (JDL) data fusion process model and further describes them in a cyber security context.

  19. Discrete-Event Simulation with Agents for Modeling of Dynamic Asymmetric Threats in Maritime Security

    National Research Council Canada - National Science Library

    Ng, Chee W

    2007-01-01

    .... Discrete-event simulation (DES) was used to simulate a typical port-security, local, waterside-threat response model and to test the adaptive response of asymmetric threats in reaction to port-security procedures, while a multi-agent system (MAS...

  20. Model-based security analysis of the German health card architecture.

    Science.gov (United States)

    Jürjens, J; Rumm, R

    2008-01-01

    Health-care information systems are particularly security-critical. In order to make these applications secure, the security analysis has to be an integral part of the system design and IT management process for such systems. This work presents the experiences and results from the security analysis of the system architecture of the German Health Card, by making use of an approach to model-based security engineering that is based on the UML extension UMLsec. The focus lies on the security mechanisms and security policies of the smart-card-based architecture which were analyzed using the UMLsec method and tools. Main results of the paper include a report on the employment of the UMLsec method in an industrial health information systems context as well as indications of its benefits and limitations. In particular, two potential security weaknesses were detected and countermeasures discussed. The results indicate that it can be feasible to apply a model-based security analysis using UMLsec to an industrial health information system like the German Health Card architecture, and that doing so can have concrete benefits (such as discovering potential weaknesses, and an increased confidence that no further vulnerabilities of the kind that were considered are present).

  1. From requirements to Java in a snap model-driven requirements engineering in practice

    CERN Document Server

    Smialek, Michal

    2015-01-01

    This book provides a coherent methodology for Model-Driven Requirements Engineering which stresses the systematic treatment of requirements within the realm of modelling and model transformations. The underlying basic assumption is that detailed requirements models are used as first-class artefacts playing a direct role in constructing software. To this end, the book presents the Requirements Specification Language (RSL) that allows precision and formality, which eventually permits automation of the process of turning requirements into a working system by applying model transformations and co

  2. Modeling uncertainty in requirements engineering decision support

    Science.gov (United States)

    Feather, Martin S.; Maynard-Zhang, Pedrito; Kiper, James D.

    2005-01-01

    One inherent characteristic of requrements engineering is a lack of certainty during this early phase of a project. Nevertheless, decisions about requirements must be made in spite of this uncertainty. Here we describe the context in which we are exploring this, and some initial work to support elicitation of uncertain requirements, and to deal with the combination of such information from multiple stakeholders.

  3. Provincial Reconstruction Teams (PRTs) Negotiation Skill Requirements in Afghanistan: Afghanistan Security Issues Final Research Paper

    Science.gov (United States)

    2010-01-01

    culture shock” that soldiers experienced as “the anxiety and physical and emotional discomfort that can occur when a person moves to an unfa- miliar...Afghanistan. Don‟t Believe it.” Newsweek, 14 December 2009, 48. Jalali, Ali A. “The Future of Security Institutions.” In Warfare Studies AY10 Coursebook ...62-69. Rubin, Barnett R. “The Transformation of the Afghan State.” In Warfare Studies AY10 Coursebook , edited by Sharon McBride, 351-356. Maxwell

  4. Towards a security model for computational puzzle schemes

    NARCIS (Netherlands)

    Tang, Qiang; Jeckmans, Arjan

    2011-01-01

    In the literature, computational puzzle schemes have been considered as a useful tool for a number of applications, such as constructing timed cryptography, fighting junk emails, and protecting critical infrastructure from denial-of-service attacks. However, there is a lack of a general security

  5. Social security as Markov equilibrium in OLG models: A note

    DEFF Research Database (Denmark)

    Gonzalez Eiras, Martin

    2011-01-01

    I refine and extend the Markov perfect equilibrium of the social security policy game in Forni (2005) for the special case of logarithmic utility. Under the restriction that the policy function be continuous, instead of differentiable, the equilibrium is globally well defined and its dynamics...

  6. Enterprise Architecture-Based Risk and Security Modelling and Analysis

    NARCIS (Netherlands)

    Jonkers, Henk; Quartel, Dick; Kordy, Barbara; Ekstedt, Mathias; Seong Kim, Deng

    2016-01-01

    The growing complexity of organizations and the increasing number of sophisticated cyber attacks asks for a systematic and integral approach to Enterprise Risk and Security Management (ERSM). As enterprise architecture offers the necessary integral perspective, including the business and IT aspects

  7. Flexibility and security : National social models in transitional labour markets

    NARCIS (Netherlands)

    Muffels, R.J.A.; Crouch, Colin; Wilthagen, A.C.J.M.

    2014-01-01

    Aggregate and individual data are used to test the association between employment performance and different ways of reconciling flexibility and security in European labour markets. Particular use is made of statistics on individuals’ labour market transitions as revealed by national labour force

  8. Agent-Based Modelling for Security Risk Assessment

    NARCIS (Netherlands)

    Janssen, S.A.M.; Sharpans'kykh, Alexei; Bajo, J.; Vale, Z.; Hallenborg, K.; Rocha, A.P.; Mathieu, P.; Pawlewski, P.; Del Val, E.; Novais, P.; Lopes, F.; Duque Méndez, N.D.; Julián, V.; Holmgren, J.

    2017-01-01

    Security Risk Assessment is commonly performed by using traditional methods based on linear probabilistic tools and informal expert judgements. These methods lack the capability to take the inherent dynamic and intelligent nature of attackers into account. To partially address the limitations,

  9. A novel water poverty index model for evaluation of Chinese regional water security

    Science.gov (United States)

    Gong, L.; Jin, C. L.; Li, Y. X.; Zhou, Z. L.

    2017-08-01

    This study proposed an improved Water Poverty Index (WPI) model employed in evaluating Chinese regional water security. Firstly, the Chinese WPI index system was constructed, in which the indicators were obtained according to China River reality. A new mathematical model was then established for WPI values calculation on the basis of Center for Ecology and Hydrology (CEH) model. Furthermore, this new model was applied in Shiyanghe River (located in western China). It turned out that the Chinese index system could clearly reflect the indicators threatening security of river water and the Chinese WPI model is feasible. This work has also developed a Water Security Degree (WSD) standard which is able to be regarded as a scientific basis for further water resources utilization and water security warning mechanism formulation.

  10. A goal-oriented requirements modelling language for enterprise architecture

    NARCIS (Netherlands)

    Quartel, Dick; Engelsman, W.; Jonkers, Henk; van Sinderen, Marten J.

    2009-01-01

    Methods for enterprise architecture, such as TOGAF, acknowledge the importance of requirements engineering in the development of enterprise architectures. Modelling support is needed to specify, document, communicate and reason about goals and requirements. Current modelling techniques for

  11. Execution of a self-directed risk assessment methodology to address HIPAA data security requirements

    Science.gov (United States)

    Coleman, Johnathan

    2003-05-01

    This paper analyzes the method and training of a self directed risk assessment methodology entitled OCTAVE (Operationally Critical Threat Asset and Vulnerability Evaluation) at over 170 DOD medical treatment facilities. It focuses specifically on how OCTAVE built interdisciplinary, inter-hierarchical consensus and enhanced local capabilities to perform Health Information Assurance. The Risk Assessment Methodology was developed by the Software Engineering Institute at Carnegie Mellon University as part of the Defense Health Information Assurance Program (DHIAP). The basis for its success is the combination of analysis of organizational practices and technological vulnerabilities. Together, these areas address the core implications behind the HIPAA Security Rule and can be used to develop Organizational Protection Strategies and Technological Mitigation Plans. A key component of OCTAVE is the inter-disciplinary composition of the analysis team (Patient Administration, IT staff and Clinician). It is this unique composition of analysis team members, along with organizational and technical analysis of business practices, assets and threats, which enables facilities to create sound and effective security policies. The Risk Assessment is conducted in-house, and therefore the process, results and knowledge remain within the organization, helping to build consensus in an environment of differing organizational and disciplinary perspectives on Health Information Assurance.

  12. Dynamic Model of Islamic Hybrid Securities: Empirical Evidence From Malaysia Islamic Capital Market

    Directory of Open Access Journals (Sweden)

    Jaafar Pyeman

    2016-12-01

    Full Text Available Capital structure selection is fundamentally important in corporate financial management as it influence on mutually return and risk to stakeholders. Despite of Malaysia’s position as one of the major players of Islamic Financial Market, there are still lack of studies has been conducted on the capital structure of shariah compliant firms especially related to hybrid securities. The objective of this study is to determine the hybrid securities issuance model among the shariah compliant firms in Malaysia. As such, this study is to expand the literature review by providing comprehensive analysis on the hybrid capital structure and to develop dynamic Islamic hybrid securities model for shariah compliant firms. We use panel data of 50 companies that have been issuing the hybrid securities from the year of 2004- 2012. The outcomes of the studies are based on the dynamic model GMM estimation for the determinants of hybrid securities. Based on our model, risk and growth are considered as the most determinant factors for issuing convertible bond and loan stock. These results suggest that, the firms that have high risk but having good growth prospect will choose hybrid securities of convertible bond. The model also support the backdoor equity listing hypothesis by Stein (1992 where the hybrid securities enable the profitable firms to venture into positive NPV project by issuing convertible bond as it offer lower coupon rate as compare to the normal debt rate

  13. Vague Sets Security Measure for Steganographic System Based on High-Order Markov Model

    Directory of Open Access Journals (Sweden)

    Chun-Juan Ouyang

    2017-01-01

    Full Text Available Security measure is of great importance in both steganography and steganalysis. Considering that statistical feature perturbations caused by steganography in an image are always nondeterministic and that an image is considered nonstationary, in this paper, the steganography is regarded as a fuzzy process. Here a steganographic security measure is proposed. This security measure evaluates the similarity between two vague sets of cover images and stego images in terms of n-order Markov chain to capture the interpixel correlation. The new security measure has proven to have the properties of boundedness, commutativity, and unity. Furthermore, the security measures of zero order, first order, second order, third order, and so forth are obtained by adjusting the order value of n-order Markov chain. Experimental results indicate that the larger n is, the better the measuring ability of the proposed security measure will be. The proposed security measure is more sensitive than other security measures defined under a deterministic distribution model, when the embedding is low. It is expected to provide a helpful guidance for designing secure steganographic algorithms or reliable steganalytic methods.

  14. Using Bayesian Networks and Decision Theory to Model Physical Security

    Science.gov (United States)

    2003-02-01

    Home automation technologies allow a person to monitor and control various activities within a home or office setting. Cameras, sensors and other...components used along with the simple rules in the home automation software provide an environment where the lights, security and other appliances can be...monitored and controlled. These home automation technologies, however, lack the power to reason under uncertain conditions and thus the system can

  15. A Review on Advanced Security Solutions in Online Banking Models

    OpenAIRE

    Sreeramana Aithal

    2016-01-01

    Online banking using mobile devices (mobile banking) is an effective and convenient way of providing electronic banking facility to customers from anywhere and at any time. The advent of mobile communication technology coupled with a boost in trade and commerce activity is increasingly driving the banking financial services to become ubiquitous, personalized, convenient, disseminative and secure. Realizing the advantages to be gained from mobile banking, financial institutions have begun to o...

  16. ADVANTAGES AND CONSTRAINTS OF INNOVATIVE BUSINESS MODELS FOR FOOD SECURITY: CASE STUDY IN SMOLYAN DISTRICT, BULGARIA

    Directory of Open Access Journals (Sweden)

    Dimitre NIKOLOV

    2018-02-01

    Full Text Available The market access has been often defined as a factor having the strongest impact on agriculturalsector activity. Its importance is particularly critical for the small farms, which could not offer theirproduction on the market through single and sporadic sales. They could overcome these weaknessesof their business through participation in cooperative marketing. This article goal is to establish theadvantages and the constraints of cooperative business marketing model for food security in farmsof Smolyan district, Bulgaria. Farmers expect some advantages from the participation in such cooperationform. Three are the main approved advantages: 1 better awareness of market requirements; 2 marketaccess facilitation; 3 realization of higher profit from the activity. These advantages are expectedas a result form the direct contact with the final consumers, without external mediators. The implementationof cooperative marketing has its challenges embarrassing its effective use. The main constraints are relatedto the efficiency of processes management and to the coordination of activities of different economic entities.

  17. Leadership in organizations with high security and reliability requirements; Liderazgo en organizaciones con altos requisitos de seguridad y fiabilidad

    Energy Technology Data Exchange (ETDEWEB)

    Gonzalez, F.

    2013-07-01

    Developing leadership skills in organizations is the key to ensure the sustain ability of excellent results in industries with high requirements safety and reliability. In order to have a model of leadership development specific to this type of organizations, Tecnatom in 2011, we initiated a project internal, to find and adapt a competency model to these requirements.

  18. DECISION MAKING MODELING OF CONCRETE REQUIREMENTS

    Directory of Open Access Journals (Sweden)

    Suhartono Irawan

    2001-01-01

    Full Text Available This paper presents the results of an experimental evaluation between predicted and practice concrete strength. The scope of the evaluation is the optimisation of the cement content for different concrete grades as a result of bringing the target mean value of tests cubes closer to the required characteristic strength value by reducing the standard deviation. Abstract in Bahasa Indonesia : concrete+mix+design%2C+acceptance+control%2C+optimisation%2C+cement+content.

  19. Security analysis of chaotic communication systems based on Volterra-Wiener-Korenberg model

    International Nuclear Information System (INIS)

    Lei Min; Meng Guang; Feng Zhengjin

    2006-01-01

    Pseudo-randomicity is an important cryptological characteristic for proof of encryption algorithms. This paper proposes a nonlinear detecting method based on Volterra-Wiener-Korenberg model and suggests an autocorrelation function to analyze the pseudo-randomicity of chaotic secure systems under different sampling interval. The results show that: (1) the increase of the order of the chaotic transmitter will not necessarily result in a high degree of security; (2) chaotic secure systems have higher and stronger pseudo-randomicity at sparse sampling interval due to the similarity of chaotic time series to the noise; (3) Volterra-Wiener-Korenberg method can also give a further appropriate sparse sampling interval for improving the security of chaotic secure communication systems. For unmasking chaotic communication systems, the Volterra-Wiener-Korenberg technique can be applied to analyze the chaotic time series with surrogate data

  20. Model Based Cyber Security Analysis for Research Reactor Protection System

    International Nuclear Information System (INIS)

    Sho, Jinsoo; Rahman, Khalil Ur; Heo, Gyunyoung; Son, Hanseong

    2013-01-01

    The study on the qualitative risk due to cyber-attacks into research reactors was performed using bayesian Network (BN). This was motivated to solve the issues of cyber security raised due to digitalization of instrumentation and control (I and C) system. As a demonstrative example, we chose the reactor protection system (RPS) of research reactors. Two scenarios of cyber-attacks on RPS were analyzed to develop mitigation measures against vulnerabilities. The one is the 'insertion of reactor trip' and the other is the 'scram halt'. The six mitigation measures are developed for five vulnerability for these scenarios by getting the risk information from BN

  1. Generating unique IDs from patient identification data using security models

    Directory of Open Access Journals (Sweden)

    Emad A Mohammed

    2016-01-01

    Full Text Available Background: The use of electronic health records (EHRs has continued to increase within healthcare systems in the developed and developing nations. EHRs allow for increased patient safety, grant patients easier access to their medical records, and offer a wealth of data to researchers. However, various bioethical, financial, logistical, and information security considerations must be addressed while transitioning to an EHR system. The need to encrypt private patient information for data sharing is one of the foremost challenges faced by health information technology. Method: We describe the usage of the message digest-5 (MD5 and secure hashing algorithm (SHA as methods for encrypting electronic medical data. In particular, we present an application of the MD5 and SHA-1 algorithms in encrypting a composite message from private patient information. Results: The results show that the composite message can be used to create a unique one-way encrypted ID per patient record that can be used for data sharing. Conclusion: The described software tool can be used to share patient EMRs between practitioners without revealing patients identifiable data.

  2. A computer model for identifying security system upgrades

    International Nuclear Information System (INIS)

    Lamont, A.

    1988-01-01

    This paper describes a prototype safeguards analysis tool that automatically identifies system weaknesses against an insider adversary and suggest possible upgrades to improve the probability that the adversary will be detected. The tool is based on this premise: as the adversary acts, he or she creates a set of facts that can be detected by safeguards components. Whenever an adversary's planned set of actions create a set of facts which the security personnel would consider irregular or unusual, we can improve the security system by implementing safeguards that detect those facts. Therefore, an intelligent computer program can suggest upgrades to the facility if we construct a knowledge base that contains information about: (1) the facts created by each possible adversary action, (2) the facts that each possible safeguard can detect, and (3) groups of facts which will be considered irregular whenever they occur together. The authors describe the structure of the knowledge base and show how the above information can be represented in it. They also describe the procedures that a computer program can use to identify missing or weak safeguards and to suggest upgrades

  3. Generating unique IDs from patient identification data using security models.

    Science.gov (United States)

    Mohammed, Emad A; Slack, Jonathan C; Naugler, Christopher T

    2016-01-01

    The use of electronic health records (EHRs) has continued to increase within healthcare systems in the developed and developing nations. EHRs allow for increased patient safety, grant patients easier access to their medical records, and offer a wealth of data to researchers. However, various bioethical, financial, logistical, and information security considerations must be addressed while transitioning to an EHR system. The need to encrypt private patient information for data sharing is one of the foremost challenges faced by health information technology. We describe the usage of the message digest-5 (MD5) and secure hashing algorithm (SHA) as methods for encrypting electronic medical data. In particular, we present an application of the MD5 and SHA-1 algorithms in encrypting a composite message from private patient information. The results show that the composite message can be used to create a unique one-way encrypted ID per patient record that can be used for data sharing. The described software tool can be used to share patient EMRs between practitioners without revealing patients identifiable data.

  4. Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation.

    Directory of Open Access Journals (Sweden)

    Igor Bernik

    Full Text Available Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model-ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it's recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.

  5. Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation.

    Science.gov (United States)

    Bernik, Igor; Prislan, Kaja

    Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model-ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it's recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.

  6. Regional, national and international security requirements for the transport of nuclear cargo by sea

    International Nuclear Information System (INIS)

    Booker, P.A.; Barnwell, I.

    2004-01-01

    Since the beginning of the nuclear age in the 1940's, the world has focused on the immense possibilities of nuclear power with both its destructive and productive capabilities. The civil nuclear industry in the UK, as in most nuclear weapons states, grew from the military facilities built in the post war years under the political climate of the Cold War. In the early years of the industry, civil and defence nuclear facilities were inextricably linked both in public perceptions and the regulatory infrastructure under which they operated. The nuclear arms race and the spread of communism overshadowed people's perceptions of there being two separate uses of nuclear material. This was a double edged sword which initially allowed the industry to develop largely unhindered by public concerns but latterly meant the industry could not break away from its roots and to many is still perceived as a dangerous and destructive force. Regulatory frameworks governing all aspects of the industry have developed both nationally and internationally driven by valid public concerns, political agendas and an international consensus that the unregulated use of nuclear material has catastrophic possibilities on an international scale. With the internationalisation of the civil nuclear industry and the costs associated with developing facilities to fully support each stage of the fuel cycle, from enrichment, fuel manufacturing, reprocessing and waste remediation, it became inevitable that a transport infrastructure would develop to make best use of the facilities. Regulations, both national and international are implicit in ensuring the security of nuclear material in transit. Due to the physical size of many of the irradiated fuel packages and implications of the changes to transport safety regulations, international transports of nuclear material, other than within mainland Europe, is predominantly carried out by sea

  7. Regional, national and international security requirements for the transport of nuclear cargo by sea

    Energy Technology Data Exchange (ETDEWEB)

    Booker, P.A.; Barnwell, I. [Marine Operations, BNFL International Transport and British Nuclear Group Security (United Kingdom)

    2004-07-01

    Since the beginning of the nuclear age in the 1940's, the world has focused on the immense possibilities of nuclear power with both its destructive and productive capabilities. The civil nuclear industry in the UK, as in most nuclear weapons states, grew from the military facilities built in the post war years under the political climate of the Cold War. In the early years of the industry, civil and defence nuclear facilities were inextricably linked both in public perceptions and the regulatory infrastructure under which they operated. The nuclear arms race and the spread of communism overshadowed people's perceptions of there being two separate uses of nuclear material. This was a double edged sword which initially allowed the industry to develop largely unhindered by public concerns but latterly meant the industry could not break away from its roots and to many is still perceived as a dangerous and destructive force. Regulatory frameworks governing all aspects of the industry have developed both nationally and internationally driven by valid public concerns, political agendas and an international consensus that the unregulated use of nuclear material has catastrophic possibilities on an international scale. With the internationalisation of the civil nuclear industry and the costs associated with developing facilities to fully support each stage of the fuel cycle, from enrichment, fuel manufacturing, reprocessing and waste remediation, it became inevitable that a transport infrastructure would develop to make best use of the facilities. Regulations, both national and international are implicit in ensuring the security of nuclear material in transit. Due to the physical size of many of the irradiated fuel packages and implications of the changes to transport safety regulations, international transports of nuclear material, other than within mainland Europe, is predominantly carried out by sea.

  8. 78 FR 78472 - Registration and Financial Security Requirements for Brokers of Property and Freight Forwarders...

    Science.gov (United States)

    2013-12-26

    ... shippers from the abuse of market power or that the transaction or service is of limited scope; and Is in... protect shippers from the abuse of market power . . . and . . . is not in the public interest.'' AIPBA... abuse of market power.'' According to AIPBA, ``[t]he unnecessarily high $75,000 broker bond requirement...

  9. Modelling Public Security Operations: Evaluation of the Holistic Security Ecosystem (HSE) Proof-of-Concept

    Science.gov (United States)

    2012-12-01

    base pour construire de telles simulations et pourrait être adaptée à d’autres expériences à un coût relativement bas. Perspectives : Les leçons...systems (such as culture , [ Culture ]). This seven-dimensional framework advocates that systems be viewed from the physical, individual, functional...structural, normative, social, and informational dimensions. The human factors include modelling stress, trust, risk factors, and cultural factors

  10. A Goal Oriented Approach for Modeling and Analyzing Security Trade-Offs

    Science.gov (United States)

    Elahi, Golnaz; Yu, Eric

    In designing software systems, security is typically only one design objective among many. It may compete with other objectives such as functionality, usability, and performance. Too often, security mechanisms such as firewalls, access control, or encryption are adopted without explicit recognition of competing design objectives and their origins in stakeholder interests. Recently, there is increasing acknowledgement that security is ultimately about trade-offs. One can only aim for "good enough" security, given the competing demands from many parties. In this paper, we examine how conceptual modeling can provide explicit and systematic support for analyzing security trade-offs. After considering the desirable criteria for conceptual modeling methods, we examine several existing approaches for dealing with security trade-offs. From analyzing the limitations of existing methods, we propose an extension to the i* framework for security trade-off analysis, taking advantage of its multi-agent and goal orientation. The method was applied to several case studies used to exemplify existing approaches.

  11. Secure and Resilient Functional Modeling for Navy Cyber-Physical Systems

    Science.gov (United States)

    2017-05-24

    control systems, it was determined that this project will employ the model of a Ship Chilled Water Distribution System as a central use case. This model...Siemens Corporation Corporate Technology Unrestricted. Distribution Statement A. Approved for public...release; distribution is unlimited. Page 1 of 4 Secure & Resilient Functional Modeling for Navy Cyber-Physical Systems FY17 Quarter 1 Technical Progress

  12. An energy security management model using quality function deployment and system dynamics

    International Nuclear Information System (INIS)

    Shin, Juneseuk; Shin, Wan-Seon; Lee, Changyong

    2013-01-01

    An energy security management model using quality function deployment (QFD) and system dynamics (SD) is suggested for application in public policymaking in developing economies. Through QFD, experts are guided toward identifying key energy security components, including indicators and policies, and in making these components consistent, focused, and customized for a particular country. Using these components as inputs, we construct an intermediate complex system dynamics model with a minimal number of crucial interactions. Key policies are simulated and evaluated in terms of the improvement of key indicators. Even with little data, our approach provides a coherent, useful, and customized energy security management model to help policymakers more effectively manage national energy security. To demonstrate its advantages, the model is applied to the Korean gas sector as an example. - Highlights: ► We suggest an energy security management model for developing economies. ► We identify a consistent set of key components, indicators and policies by using QFD. ► A coherent and practical system dynamics model based on QFD's output is constructed. ► The model is applied to the Korean gas sector as an example

  13. Regional Radiological Security Partnership in Southeast Asia - Increasing the Sustainability of Security Systems at the Site-Level by Using a Model Facility Approach

    International Nuclear Information System (INIS)

    Chamberlain, Travis L.; Dickerson, Sarah; Ravenhill, Scott D.; Murray, Allan; Morris, Frederic A.; Herdes, Gregory A.

    2009-01-01

    In 2004, Australia, through the Australian Nuclear Science and Technology Organisation (ANSTO), created the Regional Security of Radioactive Sources (RSRS) project and partnered with the U.S. Department of Energy's Global Threat Reduction Initiative (GTRI) and the International Atomic Energy Agency (IAEA) to form the Southeast Asian Regional Radiological Security Partnership (RRSP). The intent of the RRSP is to cooperate with countries in Southeast Asia to improve the security of their radioactive sources. This Southeast Asian Partnership supports objectives to improve the security of high risk radioactive sources by raising awareness of the need and developing national programs to protect and control such materials, improve the security of such materials, and recover and condition the materials no longer in use. The RRSP has utilized many tools to meet those objectives including: provision of physical protection upgrades, awareness training, physical protection training, regulatory development, locating and recovering orphan sources, and most recently - development of model security procedures at a model facility. This paper discusses the benefits of establishing a model facility, the methods employed by the RRSP, and three of the expected outcomes of the Model Facility approach. The first expected outcome is to increase compliance with source security guidance materials and national regulations by adding context to those materials, and illustrating their impact on a facility. Second, the effectiveness of each of the tools above is increased by making them part of an integrated system. Third, the methods used to develop the model procedures establishes a sustainable process that can ultimately be transferred to all facilities beyond the model. Overall, the RRSP has utilized the Model Facility approach as an important tool to increase the security of radioactive sources, and to position facilities and countries for the long term secure management of those sources.

  14. Spreadsheet Decision Support Model for Training Exercise Material Requirements Planning

    National Research Council Canada - National Science Library

    Tringali, Arthur

    1997-01-01

    ... associated with military training exercises. The model combines the business practice of Material Requirements Planning and the commercial spreadsheet software capabilities of Lotus 1-2-3 to calculate the requirements for food, consumable...

  15. Extending enterprise architecture modelling with business goals and requirements

    NARCIS (Netherlands)

    Engelsman, W.; Quartel, Dick; Jonkers, Henk; van Sinderen, Marten J.

    The methods for enterprise architecture (EA), such as The Open Group Architecture Framework, acknowledge the importance of requirements modelling in the development of EAs. Modelling support is needed to specify, document, communicate and reason about goals and requirements. The current modelling

  16. Basic requirements to be established in a norm of radiologic security for operation of measuring equipment

    International Nuclear Information System (INIS)

    Milagros Ruiz, M.; Cateriano, Miguel A.

    2001-01-01

    According to the requirements in Argentina, each user of radioactive material must have a specific Authorization and a person who acts as the responsible for these material. But there is not any specific norm for each one. Dew to what we said before, it is necessary to make a rule to Industrials Uses. That is why this paper tries to establish the basis to do it. (author)

  17. Integrating a flexible modeling framework (FMF) with the network security assessment instrument to reduce software security risk

    Science.gov (United States)

    Gilliam, D. P.; Powell, J. D.

    2002-01-01

    This paper presents a portion of an overall research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

  18. Model Based Cyber Security Analysis for Research Reactor Protection System

    Energy Technology Data Exchange (ETDEWEB)

    Sho, Jinsoo; Rahman, Khalil Ur; Heo, Gyunyoung [Kyung Hee Univ., Yongin (Korea, Republic of); Son, Hanseong [Joongbu Univ., Geumsan (Korea, Republic of)

    2013-07-01

    The study on the qualitative risk due to cyber-attacks into research reactors was performed using bayesian Network (BN). This was motivated to solve the issues of cyber security raised due to digitalization of instrumentation and control (I and C) system. As a demonstrative example, we chose the reactor protection system (RPS) of research reactors. Two scenarios of cyber-attacks on RPS were analyzed to develop mitigation measures against vulnerabilities. The one is the 'insertion of reactor trip' and the other is the 'scram halt'. The six mitigation measures are developed for five vulnerability for these scenarios by getting the risk information from BN.

  19. Application of Contemporary Intelligence Models in Terms of Transformation and Security Sector Reform

    OpenAIRE

    Dojcinovski, Metodija; Ackoski, Jugoslav

    2011-01-01

    This paper presents a new approach to the contemporary methods of organizing, establishing and functioning of intelligence systems in a way of offering solutions against security threats and challenges of the 21st century. The effectiveness of implementing the measures and activities depends on the intelligence models, identified as functioning in relation to the structured elements of the represented and realistically created segments, standard operative procedures, security procedures and m...

  20. Extending enterprise architecture modelling with business goals and requirements

    Science.gov (United States)

    Engelsman, Wilco; Quartel, Dick; Jonkers, Henk; van Sinderen, Marten

    2011-02-01

    The methods for enterprise architecture (EA), such as The Open Group Architecture Framework, acknowledge the importance of requirements modelling in the development of EAs. Modelling support is needed to specify, document, communicate and reason about goals and requirements. The current modelling techniques for EA focus on the products, services, processes and applications of an enterprise. In addition, techniques may be provided to describe structured requirements lists and use cases. Little support is available however for modelling the underlying motivation of EAs in terms of stakeholder concerns and the high-level goals that address these concerns. This article describes a language that supports the modelling of this motivation. The definition of the language is based on existing work on high-level goal and requirements modelling and is aligned with an existing standard for enterprise modelling: the ArchiMate language. Furthermore, the article illustrates how EA can benefit from analysis techniques from the requirements engineering domain.

  1. Systems and context modeling approach to requirements analysis

    Science.gov (United States)

    Ahuja, Amrit; Muralikrishna, G.; Patwari, Puneet; Subhrojyoti, C.; Swaminathan, N.; Vin, Harrick

    2014-08-01

    Ensuring completeness and correctness of the requirements for a complex system such as the SKA is challenging. Current system engineering practice includes developing a stakeholder needs definition, a concept of operations, and defining system requirements in terms of use cases and requirements statements. We present a method that enhances this current practice into a collection of system models with mutual consistency relationships. These include stakeholder goals, needs definition and system-of-interest models, together with a context model that participates in the consistency relationships among these models. We illustrate this approach by using it to analyze the SKA system requirements.

  2. An Attack Model Development Process for the Cyber Security of Safety Related Nuclear Digital I and C Systems

    Energy Technology Data Exchange (ETDEWEB)

    Khand, Parvaiz Ahmed; Seong, Poong Hyun [Korea Advanced Institute of Science and Technology, Daejeon (Korea, Republic of)

    2007-10-15

    as a root node and different ways to achieve that attack as leaf nodes. The structure, syntax and semantics of attack trees can be seen in. In attack trees, the leaf nodes can take many kinds of values to evaluate different aspects of system security. For example, the possible/impossible value can be assigned to enumerate all sets of possible attacks that achieve the attack goal, probability values to evaluate the probability that the attack goal can be achieved, cost value to evaluate the minimum cost needed to reach attack goal, and the special equipment value to obtain the most probable attack sets with no special equipment required. Although it is possible to implement security controls almost any type of attack, it is not practical to protect everything. Attack trees also provide a systematic way to model security controls and plant specific procedures as a safeguard against attacks, and check their effectiveness. In this paper, we will present a process for developing an attack model for the cyber security of safety related nuclear digital I and C systems using attack trees.

  3. An Attack Model Development Process for the Cyber Security of Safety Related Nuclear Digital I and C Systems

    International Nuclear Information System (INIS)

    Khand, Parvaiz Ahmed; Seong, Poong Hyun

    2007-01-01

    root node and different ways to achieve that attack as leaf nodes. The structure, syntax and semantics of attack trees can be seen in. In attack trees, the leaf nodes can take many kinds of values to evaluate different aspects of system security. For example, the possible/impossible value can be assigned to enumerate all sets of possible attacks that achieve the attack goal, probability values to evaluate the probability that the attack goal can be achieved, cost value to evaluate the minimum cost needed to reach attack goal, and the special equipment value to obtain the most probable attack sets with no special equipment required. Although it is possible to implement security controls almost any type of attack, it is not practical to protect everything. Attack trees also provide a systematic way to model security controls and plant specific procedures as a safeguard against attacks, and check their effectiveness. In this paper, we will present a process for developing an attack model for the cyber security of safety related nuclear digital I and C systems using attack trees

  4. The Informatics Security Cost of Distributed Applications

    Directory of Open Access Journals (Sweden)

    Ion IVAN

    2010-01-01

    Full Text Available The objective, necessity, means and estimated efficiency of information security cost modeling are presented. The security requirements of distributed informatics applications are determined. Aspects regarding design, development and implementation are established. Influence factors for informatics security are presented and their correlation is analyzed. The costs associated to security processes are studied. Optimal criteria for informatics security are established. The security cost of the informatics application for validating organizational identifiers is determined using theoretical assumptions made for cost models. The conclusions highlight the validity of research results and offer perspectives for future research.

  5. Androgyny and Attachment Security: Two Related Models of Optimal Personality.

    Science.gov (United States)

    Shaver, Phillip R.; And Others

    1996-01-01

    Three studies explore similarities between attachment style typologies and sex role typologies. Both are defined by pairs of dimensions: self model and other model (attachment styles); masculinity, or agency, and femininity, or communion (sex role orientations). Discusses results. (KW)

  6. Building a world class information security governance model

    CSIR Research Space (South Africa)

    Lessing, M

    2008-05-01

    Full Text Available practice documents. The resulting model covers all the relevant aspects on strategic, management and technical level when implemented altogether. This model includes the related aspects of Corporate Governance, Information Technology Governance...

  7. Improved E-Banking System With Advanced Encryption Standards And Security Models

    Directory of Open Access Journals (Sweden)

    Sharaaf N. A.

    2015-08-01

    Full Text Available Emerging new Technologies and large scale businesses have made this world a global village. Many business organizations provide online services targeting global consumer bases. Transaction in international scale has been enabled by banks all around the world through E-banking in order to supply the needs of above business organizations. E-banking serves lots of benefits to both customers of banks and banks itself. It adds value to customers satisfaction with better service quality and enables banks to gain a competitive advantage over other competitors. Online banking need to possess high level security in order to provide safe consistent and robust online environment which guarantees secure data transmission and identity of both bank and customer. Lack of security may lead to less trust or hard to trust attitude towards online banking. Although customers are attracted by online banking convenience they seem largely in concern about identity theft and phishing. Analysis of many research papers on e-banking security models and their respective advantages and disadvantages have been discussed in literature review. Username password E-banking dongles fractal images biometric scans and advanced encryption standards are some of the suggested solutions for E-banking security. This study focuses on the security beyond above mechanisms. This paper ensures security of online banking at three levels. At client side using internet dongle integrated with finger print scanning technology at banking sever side and data transmission level. This model also includes username password and advanced encryption for further security. Complete description on the model has been discussed in methodology section. Future works on this topic and Conclusion are covered in separate sections.

  8. Customer requirement modeling and mapping of numerical control machine

    Directory of Open Access Journals (Sweden)

    Zhongqi Sheng

    2015-10-01

    Full Text Available In order to better obtain information about customer requirement and develop products meeting customer requirement, it is necessary to systematically analyze and handle the customer requirement. This article uses the product service system of numerical control machine as research objective and studies the customer requirement modeling and mapping oriented toward configuration design. It introduces the conception of requirement unit, expounds the customer requirement decomposition rules, and establishes customer requirement model; it builds the house of quality using quality function deployment and confirms the weight of technical feature of product and service; it explores the relevance rules between data using rough set theory, establishes rule database, and solves the target value of technical feature of product. Using economical turning center series numerical control machine as an example, it verifies the rationality of proposed customer requirement model.

  9. Password-only authenticated three-party key exchange with provable security in the standard model.

    Science.gov (United States)

    Nam, Junghyun; Choo, Kim-Kwang Raymond; Kim, Junghwan; Kang, Hyun-Kyu; Kim, Jinsoo; Paik, Juryon; Won, Dongho

    2014-01-01

    Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

  10. Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model

    Directory of Open Access Journals (Sweden)

    Junghyun Nam

    2014-01-01

    Full Text Available Protocols for password-only authenticated key exchange (PAKE in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000, which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

  11. Using cognitive modeling for requirements engineering in anesthesiology

    NARCIS (Netherlands)

    Pott, C; le Feber, J

    2005-01-01

    Cognitive modeling is a complexity reducing method to describe significant cognitive processes under a specified research focus. Here, a cognitive process model for decision making in anesthesiology is presented and applied in requirements engineering. Three decision making situations of

  12. Method to control the persons permitted to enter plants with increased security requirements and personnel lock for such plants

    International Nuclear Information System (INIS)

    Blaser, E.; Eickhoff, H.; Tretschoks, W.

    1978-01-01

    The personnel lock for a plant with increased security requirements, e.g. a nuclear power plant, has got two lock gates. Only persons whose right to enter has been established by the control equipment will be admitted to the lock chamber. For this purpose an identification recess is built in front of the first access to the lock chamber, where size, weight and the contours of the persons wanting to enter are roughly measured and compared with a code card carried along. The weight is established by a balance forming part of the base of the recess. By means of contact surfaces in the region of knees, upper thigh, chest and shoulder an upright position of the person is guaranteed. Scanning of the physical dimensions is performed with laser, infrared and light barriers. (DG) [de

  13. Meeting current requirements. Data security in the smart metering; Den heutigen Anforderungen gerecht werden. Datensicherheit im Smart Metering

    Energy Technology Data Exchange (ETDEWEB)

    Zayer, Peter [VOLTARIS GmbH, Maxdorf (Germany); Wolf, Frank [VOLTARIS GmbH, Merzig (Germany)

    2012-09-15

    The requirements for the smart metering are extremely complex. On the one hand, the network operators and the suppliers need unadulterated data on consumption or supply. On the other hand, consumers see their privacy jeopardized because the individual user behavior can be read from the specific energy profile. Furthermore, according to the will of the legislator the smart meter or the measuring system is an active component of a smart grid and smart-market system. Right here it is important to eliminate the threat of hacker attacks. For the industry this results in the task of guaranteeing both the maximum data security as well as to provide a maximum nutritive value to the customer.

  14. Carboy Security Risk Analysis Model of I and C System Using Bayesian Network

    Energy Technology Data Exchange (ETDEWEB)

    Shin, Jinsoo; Heo, Gyunyoung [Kyung Hee Univ., Yongin (Korea, Republic of); Son, Hanseong [Joongbu Univ., Geumsan (Korea, Republic of); Park, Jaekwan [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2013-05-15

    The Korea Institute of Nuclear Safety (KINS) as a regulatory agency declares the R. G 8.22 for applying cyber security in Korea in 2011. In nuclear power industrial, ShinUljin 1, 2 unit and Shingori 3, 4 unit are demonstrating the cyber security for the first time. And in terms of research, the National Security Research Institute and the Korea Atomic Energy Research Institute are developing the nuclear power plant cyber security system in Korean. Currently, these cyber securities like regulation, demonstration and research are focused on nuclear power plant. However, cyber security is also important for the nuclear research reactor like a HANARO which is in Daejeon, primarily due to its characteristic as research reactor since since people access more than power plant. Analysis of the key elements of cyber security is possible to study through the activity-quality and architecture analysis model of cyber security. It is possible to analyze the extent reflected final risk by evaluating input score for each checklist. In this way, you can see an important checklist. Further, if the cyber-attack occurs, it is possible to provide an evidentiary material that is able to determine the key check element corresponding to each situation via a reverse calculation of BN. Finally, Utilization is possible to create a simulated penetratio test scenario according to each situation. Analysis of the key elements of cyber security is possible to study through the activity-quality and architecture analysis model of cyber security. It is possible to analyze the extent reflected in the final risk by evaluating input score for each checklist, in this way, you can see an important checklist. Furthermore, if the cyber-attack occurs, it is possible to provide an evidentiary material that enables to determine the key check element corresponding to each situation via a reverse calculation of BN. Finally, Utilization is possible to create a simulated penetration test scenario according to

  15. Carboy Security Risk Analysis Model of I and C System Using Bayesian Network

    International Nuclear Information System (INIS)

    Shin, Jinsoo; Heo, Gyunyoung; Son, Hanseong; Park, Jaekwan

    2013-01-01

    The Korea Institute of Nuclear Safety (KINS) as a regulatory agency declares the R. G 8.22 for applying cyber security in Korea in 2011. In nuclear power industrial, ShinUljin 1, 2 unit and Shingori 3, 4 unit are demonstrating the cyber security for the first time. And in terms of research, the National Security Research Institute and the Korea Atomic Energy Research Institute are developing the nuclear power plant cyber security system in Korean. Currently, these cyber securities like regulation, demonstration and research are focused on nuclear power plant. However, cyber security is also important for the nuclear research reactor like a HANARO which is in Daejeon, primarily due to its characteristic as research reactor since since people access more than power plant. Analysis of the key elements of cyber security is possible to study through the activity-quality and architecture analysis model of cyber security. It is possible to analyze the extent reflected final risk by evaluating input score for each checklist. In this way, you can see an important checklist. Further, if the cyber-attack occurs, it is possible to provide an evidentiary material that is able to determine the key check element corresponding to each situation via a reverse calculation of BN. Finally, Utilization is possible to create a simulated penetratio test scenario according to each situation. Analysis of the key elements of cyber security is possible to study through the activity-quality and architecture analysis model of cyber security. It is possible to analyze the extent reflected in the final risk by evaluating input score for each checklist, in this way, you can see an important checklist. Furthermore, if the cyber-attack occurs, it is possible to provide an evidentiary material that enables to determine the key check element corresponding to each situation via a reverse calculation of BN. Finally, Utilization is possible to create a simulated penetration test scenario according to

  16. A Trust-Based Model for Security Cooperating in Vehicular Cloud Computing

    Directory of Open Access Journals (Sweden)

    Zhipeng Tang

    2016-01-01

    Full Text Available VCC is a computing paradigm which consists of vehicles cooperating with each other to realize a lot of practical applications, such as delivering packages. Security cooperation is a fundamental research topic in Vehicular Cloud Computing (VCC. Because of the existence of malicious vehicles, the security cooperation has become a challenging issue in VCC. In this paper, a trust-based model for security cooperating, named DBTEC, is proposed to promote vehicles’ security cooperation in VCC. DBTEC combines the indirect trust estimation in Public board and the direct trust estimation in Private board to compute the trust value of vehicles when choosing cooperative partners; a trustworthy cooperation path generating scheme is proposed to ensure the safety of cooperation and increase the cooperation completion rates in VCC. Extensive experiments show that our scheme improves the overall cooperation completion rates by 6~7%.

  17. Quantitative Analysis of the Security of Software-Defined Network Controller Using Threat/Effort Model

    Directory of Open Access Journals (Sweden)

    Zehui Wu

    2017-01-01

    Full Text Available SDN-based controller, which is responsible for the configuration and management of the network, is the core of Software-Defined Networks. Current methods, which focus on the secure mechanism, use qualitative analysis to estimate the security of controllers, leading to inaccurate results frequently. In this paper, we employ a quantitative approach to overcome the above shortage. Under the analysis of the controller threat model we give the formal model results of the APIs, the protocol interfaces, and the data items of controller and further provide our Threat/Effort quantitative calculation model. With the help of Threat/Effort model, we are able to compare not only the security of different versions of the same kind controller but also different kinds of controllers and provide a basis for controller selection and secure development. We evaluated our approach in four widely used SDN-based controllers which are POX, OpenDaylight, Floodlight, and Ryu. The test, which shows the similarity outcomes with the traditional qualitative analysis, demonstrates that with our approach we are able to get the specific security values of different controllers and presents more accurate results.

  18. 15 CFR 744.11 - License requirements that apply to entities acting contrary to the national security or foreign...

    Science.gov (United States)

    2010-01-01

    ... entities acting contrary to the national security or foreign policy interests of the United States. 744.11... national security or foreign policy interests of the United States. BIS may impose foreign policy export... of being or becoming involved in activities that are contrary to the national security or foreign...

  19. Validation of Computer Models for Homeland Security Purposes

    International Nuclear Information System (INIS)

    Schweppe, John E.; Ely, James; Kouzes, Richard T.; McConn, Ronald J.; Pagh, Richard T.; Robinson, Sean M.; Siciliano, Edward R.; Borgardt, James D.; Bender, Sarah E.; Earnhart, Alison H.

    2005-01-01

    At Pacific Northwest National Laboratory, we are developing computer models of radiation portal monitors for screening vehicles and cargo. Detailed models of the radiation detection equipment, vehicles, cargo containers, cargos, and radioactive sources have been created. These are used to determine the optimal configuration of detectors and the best alarm algorithms for the detection of items of interest while minimizing nuisance alarms due to the presence of legitimate radioactive material in the commerce stream. Most of the modeling is done with the Monte Carlo code MCNP to describe the transport of gammas and neutrons from extended sources through large, irregularly shaped absorbers to large detectors. A fundamental prerequisite is the validation of the computational models against field measurements. We describe the first step of this validation process, the comparison of the models to measurements with bare static sources

  20. In-Depth Modeling of the UNIX Operating System for Architectural Cyber Security Analysis

    OpenAIRE

    Vernotte, Alexandre; Johnson, Pontus; Ekstedt, Mathias; Lagerström, Robert

    2017-01-01

    ICT systems have become an integral part of business and life. At the same time, these systems have become extremely complex. In such systems exist numerous vulnerabilities waiting to be exploited by potential threat actors. pwnPr3d is a novel modelling approach that performs automated architectural analysis with the objective of measuring the cyber security of the modeled architecture. Its integrated modelling language allows users to model software and hardware components with great level o...

  1. Quantitative Models of Imperfect Deception in Network Security using Signaling Games with Evidence

    OpenAIRE

    Pawlick, Jeffrey; Zhu, Quanyan

    2017-01-01

    Deception plays a critical role in many interactions in communication and network security. Game-theoretic models called "cheap talk signaling games" capture the dynamic and information asymmetric nature of deceptive interactions. But signaling games inherently model undetectable deception. In this paper, we investigate a model of signaling games in which the receiver can detect deception with some probability. This model nests traditional signaling games and complete information Stackelberg ...

  2. Capabilities and requirements for modelling radionuclide transport in the geosphere

    International Nuclear Information System (INIS)

    Paige, R.W.; Piper, D.

    1989-02-01

    This report gives an overview of geosphere flow and transport models suitable for use by the Department of the Environment in the performance assessment of radioactive waste disposal sites. An outline methodology for geosphere modelling is proposed, consisting of a number of different types of model. A brief description of each of the component models is given, indicating the purpose of the model, the processes being modelled and the methodologies adopted. Areas requiring development are noted. (author)

  3. Computer Modeling of Radiation Portal Monitors for Homeland Security Applications

    International Nuclear Information System (INIS)

    Pagh, Richard T.; Kouzes, Richard T.; McConn, Ronald J.; Robinson, Sean M.; Schweppe, John E.; Siciliano, Edward R.

    2005-01-01

    Radiation Portal Monitors (RPMs) are currently being used at our nation's borders to detect potential nuclear threats. At the Pacific Northwest National Laboratory (PNNL), realistic computer models of RPMs are being developed to simulate the screening of vehicles and cargo. Detailed models of the detection equipment, vehicles, cargo containers, cargos, and radioactive sources are being used to determine the optimal configuration of detectors. These models can also be used to support work to optimize alarming algorithms so that they maximize sensitivity for items of interest while minimizing nuisance alarms triggered by legitimate radioactive material in the commerce stream. Proposed next-generation equipment is also being modeled to quantify performance and capability improvements to detect potential nuclear threats. A discussion of the methodology used to perform computer modeling for RPMs will be provided. In addition, the efforts to validate models used to perform these scenario analyses will be described. Finally, areas where improved modeling capability is needed will be discussed as a guide to future development efforts

  4. Requirements Validation: Execution of UML Models with CPN Tools

    DEFF Research Database (Denmark)

    Machado, Ricardo J.; Lassen, Kristian Bisgaard; Oliveira, Sérgio

    2007-01-01

    Requirements validation is a critical task in any engineering project. The confrontation of stakeholders with static requirements models is not enough, since stakeholders with non-computer science education are not able to discover all the inter-dependencies between the elicited requirements. Eve...... requirements, where the system to be built must explicitly support the interaction between people within a pervasive cooperative workflow execution. A case study from a real project is used to illustrate the proposed approach....

  5. Modelling Status Food Security Households Disease Sufferers Pulmonary Tuberculosis Uses the Method Regression Logistics Binary

    Science.gov (United States)

    Wulandari, S. P.; Salamah, M.; Rositawati, A. F. D.

    2018-04-01

    Food security is the condition where the food fulfilment is managed well for the country till the individual. Indonesia is one of the country which has the commitment to create the food security becomes main priority. However, the food necessity becomes common thing means that it doesn’t care about nutrient standard and the health condition of family member, so in the fulfilment of food necessity also has to consider the disease suffered by the family member, one of them is pulmonary tuberculosa. From that reasons, this research is conducted to know the factors which influence on household food security status which suffered from pulmonary tuberculosis in the coastal area of Surabaya by using binary logistic regression method. The analysis result by using binary logistic regression shows that the variables wife latest education, house density and spacious house ventilation significantly affect on household food security status which suffered from pulmonary tuberculosis in the coastal area of Surabaya, where the wife education level is University/equivalent, the house density is eligible or 8 m2/person and spacious house ventilation 10% of the floor area has the opportunity to become food secure households amounted to 0.911089. While the chance of becoming food insecure households amounted to 0.088911. The model household food security status which suffered from pulmonary tuberculosis in the coastal area of Surabaya has been conformable, and the overall percentages of those classifications are at 71.8%.

  6. Modelling climate change impacts on crop production for food security

    Czech Academy of Sciences Publication Activity Database

    Bindi, M.; Palosuo, T.; Trnka, Miroslav; Semenov, M. A.

    2015-01-01

    Roč. 65, SEP (2015), s. 3-5 ISSN 0936-577X Institutional support: RVO:67179843 Keywords : Crop production Upscaling * Climate change impact and adaptation assessments * Upscaling * Model ensembles Subject RIV: DG - Athmosphere Sciences, Meteorology Impact factor: 1.690, year: 2015

  7. Models of Information Security Highly Reliable Computing Systems

    Directory of Open Access Journals (Sweden)

    Vsevolod Ozirisovich Chukanov

    2016-03-01

    Full Text Available Methods of the combined reservation are considered. The models of reliability of systems considering parameters of restoration and prevention of blocks of system are described. Ratios for average quantity prevention and an availability quotient of blocks of system are given.

  8. Privacy and security in teleradiology

    International Nuclear Information System (INIS)

    Ruotsalainen, Pekka

    2010-01-01

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.

  9. Privacy and security in teleradiology

    Energy Technology Data Exchange (ETDEWEB)

    Ruotsalainen, Pekka [National Institute for Health and Welfare, Helsinki (Finland)], E-mail: pekka.ruotsalainen@THL.fi

    2010-01-15

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.

  10. Privacy and security in teleradiology.

    Science.gov (United States)

    Ruotsalainen, Pekka

    2010-01-01

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper. Copyright (c) 2009 Elsevier Ireland Ltd. All rights reserved.

  11. TRUST MODEL FOR INFORMATION SECURITY OF MULTI-AGENT ROBOTIC SYSTEMS WITH A DECENTRALIZED MANAGEMENT

    Directory of Open Access Journals (Sweden)

    I. A. Zikratov

    2014-03-01

    Full Text Available The paper deals with the issues on protection of multi-agent robotic systems against attacks by robots-saboteurs. The operation analysis of such systems with decentralized control is carried out. Concept of harmful information impact (attack from a robot-saboteur to the multi-agent robotic system is given. The class of attacks is considered using interception of messages, formation and transfer of misinformation to group of robots, and also carrying out other actions with vulnerabilities of multiagent algorithms without obviously identified signs of invasion of robots-saboteurs. The model of information security is developed, in which robots-agents work out trust levels to each other analyzing the events occurring in the system. The idea of trust model consists in the analysis of transferred information by each robot and the executed actions of other members in a group, comparison of chosen decision on iteration step k with objective function of the group. Distinctive feature of the trust model in comparison with the closest analogue - Buddy Security Model in which the exchange between the agents security tokens is done — is involvement of the time factor during which agents have to "prove" by their actions the usefulness in achievement of a common goal to members of the group. Variants of this model realization and ways of an assessment of trust levels for agents in view of the security policy accepted in the group are proposed.

  12. Employing the intelligence cycle process model within the Homeland Security Enterprise

    OpenAIRE

    Stokes, Roger L.

    2013-01-01

    CHDS State/Local The purpose of this thesis was to examine the employment and adherence of the intelligence cycle process model within the National Network of Fusion Centers and the greater Homeland Security Enterprise by exploring the customary intelligence cycle process model established by the United States Intelligence Community (USIC). This thesis revealed there are various intelligence cycle process models used by the USIC and taught to the National Network. Given the numerous differ...

  13. Modelling Socio-Technical Aspects of Organisational Security

    DEFF Research Database (Denmark)

    Ivanova, Marieta Georgieva

    Identification of threats to organisations and risk assessment often take into consideration the pure technical aspects, overlooking the vulnerabilities originating from attacks on a social level, for example social engineering, and abstracting away the physical infrastructure. However, attacks...... would close this gap, however, it would also result in complicating the formal treatment and automatic identification of attacks. This dissertation shows that applying a system modelling approach to sociotechnical systems can be used for identifying attacks on organisations, which exploit various levels...... process calculus, we develop a formal analytical approach that generates attack trees from the model. The overall goal of the framework is to predict, prioritise and minimise the vulnerabilities in organisations by prohibiting the overall attack or at least increasing the difficulty and cost of fulfilling...

  14. A PROFICIENT MODEL FOR HIGH END SECURITY IN CLOUD COMPUTING

    Directory of Open Access Journals (Sweden)

    R. Bala Chandar

    2014-01-01

    Full Text Available Cloud computing is an inspiring technology due to its abilities like ensuring scalable services, reducing the anxiety of local hardware and software management associated with computing while increasing flexibility and scalability. A key trait of the cloud services is remotely processing of data. Even though this technology had offered a lot of services, there are a few concerns such as misbehavior of server side stored data , out of control of data owner's data and cloud computing does not control the access of outsourced data desired by the data owner. To handle these issues, we propose a new model to ensure the data correctness for assurance of stored data, distributed accountability for authentication and efficient access control of outsourced data for authorization. This model strengthens the correctness of data and helps to achieve the cloud data integrity, supports data owner to have control on their own data through tracking and improves the access control of outsourced data.

  15. The Theoretical Basis of Modeling the Economic Mechanism of Intellectual Security of Enterprise

    Directory of Open Access Journals (Sweden)

    Puyda Halia V.

    2017-11-01

    Full Text Available The article is aimed at studying the existing scientific approaches to the process of modeling the economic mechanism of intellectual security of enterprise. The author has allocated three approaches: process; based on IDFE0 methodology; system, considering the entities of economic activity as complex systems; and the so-called «information», based on the theory of economic mechanisms. The main features of each of the studied approaches have been disclosed, suggesting to consolidate them to obtain a synergistic effect in the construction of the economic mechanism of intellectual security of enterprises. The basic principles of creation of mechanisms of intellectual security of enterprise have been developed. Also, on the basis of the main postulate of the theory of economic mechanisms – reverse design, the cyclic passes process of designing the economic mechanism of intellectual security of enterprise has been illustrated. That, certainly, does not exhaust the theoretical problematics in the field of modeling the economic mechanisms of intellectual security of enterprise, raising new challenges for further researches.

  16. Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model

    Science.gov (United States)

    Moghaddasi, Hamid; Kamkarhaghighi, Mehran

    2016-01-01

    Introduction: Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. Background: The “data security models” presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the “needs and improvement” cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Findings: Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Conclusion: Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced. PMID:27857823

  17. Modeling the transient security constraints of natural gas network in day-ahead power system scheduling

    DEFF Research Database (Denmark)

    Yang, Jingwei; Zhang, Ning; Kang, Chongqing

    2017-01-01

    The rapid deployment of gas-fired generating units makes the power system more vulnerable to failures in the natural gas system. To reduce the risk of gas system failure and to guarantee the security of power system operation, it is necessary to take the security constraints of natural gas...... accurately, they are hard to be embedded into the power system scheduling model, which consists of algebraic equations and inequations. This paper addresses this dilemma by proposing an algebraic transient model of natural gas network which is similar to the branch-node model of power network. Based...... pipelines into account in the day-ahead power generation scheduling model. However, the minute- and hour-level dynamic characteristics of gas systems prevents an accurate decision-making simply with the steady-state gas flow model. Although the partial differential equations depict the dynamics of gas flow...

  18. A two-factor, stochastic programming model of Danish mortgage-backed securities

    DEFF Research Database (Denmark)

    Nielsen, Søren S.; Poulsen, Rolf

    2004-01-01

    -trivial, both in terms of deciding on an initial mortgage, and in terms of managing (rebalancing) it optimally.We propose a two-factor, arbitrage-free interest-rate model, calibrated to observable security prices, and implement on top of it a multi-stage, stochastic optimization program with the purpose...

  19. The Model-Driven openETCS Paradigm for Secure, Safe and Certifiable Train Control Systems

    DEFF Research Database (Denmark)

    Peleska, Jan; Feuser, Johannes; Haxthausen, Anne Elisabeth

    2012-01-01

    -driven openETCS approach, a threat analysis is performed, identifying both safety and security hazards that may be common to all model-based development paradigms for safety-critical railway control systems, or specific to the openETCS approach. In the subsequent sections state-of-the-art methods suitable...

  20. Predicting Preschoolers' Attachment Security from Fathers' Involvement, Internal Working Models, and Use of Social Support

    Science.gov (United States)

    Newland, Lisa A.; Coyl, Diana D.; Freeman, Harry

    2008-01-01

    Associations between preschoolers' attachment security, fathers' involvement (i.e. parenting behaviors and consistency) and fathering context (i.e. fathers' internal working models (IWMs) and use of social support) were examined in a subsample of 102 fathers, taken from a larger sample of 235 culturally diverse US families. The authors predicted…

  1. A generalized one-factor term structure model and pricing of interest rate derivative securities

    NARCIS (Netherlands)

    Jiang, George J.

    1997-01-01

    The purpose of this paper is to propose a nonparametric interest rate term structure model and investigate its implications on term structure dynamics and prices of interest rate derivative securities. The nonparametric spot interest rate process is estimated from the observed short-term interest

  2. Combined model of 9x9 playfair and RSA for securing confidential ...

    African Journals Online (AJOL)

    Combined model of 9x9 playfair and RSA for securing confidential information. Y.B. Zakariyau, L.J. Muhammad, A.M. Usman, A Garba. Abstract. No Abstract. Keywords: Cryptography, RSA, Playfair Cipher, Public and Secret Key. Full Text: EMAIL FULL TEXT EMAIL FULL TEXT · DOWNLOAD FULL TEXT DOWNLOAD FULL ...

  3. A construction kit for modeling the security of M-Commerce applications

    OpenAIRE

    Reif, Wolfgang

    2004-01-01

    A construction kit for modeling the security of M-Commerce applications / Dominik Haneberg, Wolfgang Reif, Kurt Stenzel. - In: Applying formal methods : testing, performance and M/E commerce ; FORTE 2004 Workshops The FormEMC ..., Toledo, Spain, October 1 - 2, 2004 ; proceedings / Manuel Núñez ... (ed.). - Berlin u. a : Springer, 2004. - S. 72-85. - (Lecture notes in computer science ; 3236)

  4. A threat-vulnerability based risk analysis model for cyber physical system security

    CSIR Research Space (South Africa)

    Ledwaba, Lehlogonolo

    2017-01-01

    Full Text Available model. An analysis of the Natanz system shows that, with an actual case security-risk score at Mitigation level 5, the infested facilities barely avoided a situation worse than the one which occurred. The paper concludes with a discussion on the need...

  5. Social security wealth and aggregate consumption : An extended life-cycle model estimated for The Netherlands

    NARCIS (Netherlands)

    Zant, W.

    In this paper a method is developed to calculate a wealth variable accounting for the existence of the basic old-age provisions in The Netherlands (AOW). In line with Feldstein's extended life-cycle model, consumption functions with (gross) social security wealth are estimated for The Netherlands

  6. GENERAL REQUIREMENTS FOR SIMULATION MODELS IN WASTE MANAGEMENT

    International Nuclear Information System (INIS)

    Miller, Ian; Kossik, Rick; Voss, Charlie

    2003-01-01

    Most waste management activities are decided upon and carried out in a public or semi-public arena, typically involving the waste management organization, one or more regulators, and often other stakeholders and members of the public. In these environments, simulation modeling can be a powerful tool in reaching a consensus on the best path forward, but only if the models that are developed are understood and accepted by all of the parties involved. These requirements for understanding and acceptance of the models constrain the appropriate software and model development procedures that are employed. This paper discusses requirements for both simulation software and for the models that are developed using the software. Requirements for the software include transparency, accessibility, flexibility, extensibility, quality assurance, ability to do discrete and/or continuous simulation, and efficiency. Requirements for the models that are developed include traceability, transparency, credibility/validity, and quality control. The paper discusses these requirements with specific reference to the requirements for performance assessment models that are used for predicting the long-term safety of waste disposal facilities, such as the proposed Yucca Mountain repository

  7. Civil Defence and National Security: Composition and Implementation Model in National Defence

    Directory of Open Access Journals (Sweden)

    Mr. Muradi

    2017-01-01

    Full Text Available Civil Defense is inherent part of every citizen in many countries anywhere in the world, which differ only in the implementation of the program. The difference depends on the threat level and needs of each country in mobilizing citizens. However, the Civil Defense’s Governance which involvement of citizens is already regulated in a number of regulations and legislation, but as one part of an integrated program linked to the involvement of citizens in the framework of national defense, civil defense program is not enough to have its own laws. So that when applied in the form of operational, interpretation of these programs tend to be not in tune and even have precisely the opposite perspective between the state and citizens. This paper argued that the Civil Defense program is part of an integrated governance program of national security. Therefore, the state should be required to ensure that the program of Civil Defense goes well. This paper is also offer the composition and program models associated with the Civil Defense, Conscription Program (draftee and Reserve Component. The argument of this paper is that the Civil Defense Program is a linear and continuous with Conscription and Reserves Programs.

  8. Formal Analysis of Security Models for Mobile Devices, Virtualization Platforms, and Domain Name Systems

    Directory of Open Access Journals (Sweden)

    Gustavo Betarte

    2015-12-01

    Full Text Available In this work we investigate the security of security-critical applications, i.e. applications in which a failure may produce consequences that are unacceptable. We consider three areas: mobile devices, virtualization platforms, and domain name systems. The Java Micro Edition platform defines the Mobile Information Device Profile (MIDP to facilitate the development of applications for mobile devices, like cell phones and PDAs. We first study and compare formally several variants of the security model specified by MIDP to access sensitive resources of a mobile device. Hypervisors allow multiple guest operating systems to run on shared hardware, and offer a compelling means of improving the security and the flexibility of software systems. In this work we present a formalization of an idealized model of a hypervisor. We establish (formally that the hypervisor ensures strong isolation properties between the different operating systems, and guarantees that requests from guest operating systems are eventually attended. We show also that virtualized platforms are transparent, i.e. a guest operating system cannot distinguish whether it executes alone or together with other guest operating systems on the platform. The Domain Name System Security Extensions (DNSSEC is a suite of specifications that provides origin authentication and integrity assurance services for DNS data. We finally introduce a minimalistic specification of a DNSSEC model which provides the grounds needed to formally state and verify security properties concerning the chain of trust of the DNSSEC tree. We develop all our formalizations in the Calculus of Inductive Constructions --formal language that combines a higher-order logic and a richly-typed functional programming language-- using the Coq proof assistant.

  9. Spreadsheet Decision Support Model for Training Exercise Material Requirements Planning

    National Research Council Canada - National Science Library

    Tringali, Arthur

    1997-01-01

    This thesis focuses on developing a spreadsheet decision support model that can be used by combat engineer platoon and company commanders in determining the material requirements and estimated costs...

  10. Commonsense Psychology and the Functional Requirements of Cognitive Models

    National Research Council Canada - National Science Library

    Gordon, Andrew S

    2005-01-01

    In this paper we argue that previous models of cognitive abilities (e.g. memory, analogy) have been constructed to satisfy functional requirements of implicit commonsense psychological theories held by researchers and nonresearchers alike...

  11. COORDINATION IN MULTILEVEL NETWORK-CENTRIC CONTROL SYSTEMS OF REGIONAL SECURITY: APPROACH AND FORMAL MODEL

    Directory of Open Access Journals (Sweden)

    A. V. Masloboev

    2015-01-01

    Full Text Available The paper deals with development of methods and tools for mathematical and computer modeling of the multilevel network-centric control systems of regional security. This research is carried out under development strategy implementation of the Arctic zone of the Russian Federation and national safeguarding for the period before 2020 in the Murmansk region territory. Creation of unified interdepartmental multilevel computer-aided system is proposed intended for decision-making information support and socio-economic security monitoring of the Arctic regions of Russia. The distinctive features of the investigated system class are openness, self-organization, decentralization of management functions and decision-making, weak hierarchy in the decision-making circuit and goal generation capability inside itself. Research techniques include functional-target approach, mathematical apparatus of multilevel hierarchical system theory and principles of network-centric control of distributed systems with pro-active components and variable structure. The work considers network-centric management local decisions coordination problem-solving within the multilevel distributed systems intended for information support of regional security. The coordination problem-solving approach and problem formalization in the multilevel network-centric control systems of regional security have been proposed based on developed multilevel recurrent hierarchical model of regional socio-economic system complex security. The model provides coordination of regional security indexes, optimized by the different elements of multilevel control systems, subject to decentralized decision-making. The model specificity consists in application of functional-target technology and mathematical apparatus of multilevel hierarchical system theory for coordination procedures implementation of the network-centric management local decisions. The work-out and research results can find further

  12. A Compositional Knowledge Level Process Model of Requirements Engineering

    NARCIS (Netherlands)

    Herlea, D.E.; Jonker, C.M.; Treur, J.; Wijngaards, W.C.A.

    2002-01-01

    In current literature few detailed process models for Requirements Engineering are presented: usually high-level activities are distinguished, without a more precise specification of each activity. In this paper the process of Requirements Engineering has been analyzed using knowledge-level

  13. Information security fundamentals

    CERN Document Server

    Peltier, Thomas R

    2013-01-01

    Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise's effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.The book examines the elements of computer security, employee roles and r

  14. Model Based User's Access Requirement Analysis of E-Governance Systems

    Science.gov (United States)

    Saha, Shilpi; Jeon, Seung-Hwan; Robles, Rosslin John; Kim, Tai-Hoon; Bandyopadhyay, Samir Kumar

    The strategic and contemporary importance of e-governance has been recognized across the world. In India too, various ministries of Govt. of India and State Governments have taken e-governance initiatives to provide e-services to citizens and the business they serve. To achieve the mission objectives, and make such e-governance initiatives successful it would be necessary to improve the trust and confidence of the stakeholders. It is assumed that the delivery of government services will share the same public network information that is being used in the community at large. In particular, the Internet will be the principal means by which public access to government and government services will be achieved. To provide the security measures main aim is to identify user's access requirement for the stakeholders and then according to the models of Nath's approach. Based on this analysis, the Govt. can also make standards of security based on the e-governance models. Thus there will be less human errors and bias. This analysis leads to the security architecture of the specific G2C application.

  15. Security giving in surrogacy motherhood process as a caring model for commissioning mothers: A theory synthesis.

    Science.gov (United States)

    Zandi, Mitra; Vanaki, Zohreh; Shiva, Marziyeh; Mohammadi, Eesa; Bagheri-Lankarani, Narges

    2016-07-01

    Despite the increasing use of surrogacy, there are no caring theories/models that serve as the basis for nursing care to surrogacy commissioning mothers. This study has designed a model for caring of surrogacy commissioning mothers in 2013. The theory synthesis of Walker and Avant's strategies of theory construction (2011) was used to design a caring model/theory. The theory synthesis includes three stages: (i) selection of focal concept (the concept of "security giving in motherhood" was selected); (ii) review of studies in order to identify factors related to focal concept relevant studies (42 articles and 13 books) were reviewed, statements and concepts related to focal concept were then extracted and classified, and their relations were specified; and (iii) organization of concepts and statements within a relevant general and effective manifestation of the phenomenon under study which led to developing of a model. In this caring model/theory, entitled "security giving in surrogacy motherhood", nurses roles were conceptualized within the conceptual framework that includes three main roles: (i) coordination; (ii) participation; and (iii) security giving (physical, emotional, and legal support; empowerment; presence; relationship management between both parties and advocacy). Training surrogacy specialist nurses and establishment of surrogacy care centers are important factors for implementation of the model. This model could help to provided better caring for surrogacy clients, especially for commissioning mothers. © 2016 Japan Academy of Nursing Science.

  16. Social impact theory based modeling for security analysis in the nuclear fuel cycle

    Energy Technology Data Exchange (ETDEWEB)

    Woo, Tae Ho [Systemix Global Co. Ltd., Seoul (Korea, Republic of)

    2015-03-15

    The nuclear fuel cycle is investigated for the perspective of the nuclear non-proliferation. The random number generation of the Monte-Carlo method is utilized for the analysis. Five cases are quantified by the random number generations. These values are summed by the described equations. The higher values are shown in 52{sup nd} and 73{sup rd} months. This way could be a useful obligation in the license of the plant construction. The security of the nuclear fuel cycle incorporated with nuclear power plants (NPPs) is investigated using social impact theory. The dynamic quantification of the theory shows the non-secured time for act of terrorism which is considered for the non-secured condition against the risk of theft in nuclear material. For a realistic consideration, the meta-theoretical framework for modeling is performed for situations where beliefs, attributes or behaviors of an individual are influenced by those of others.

  17. Social impact theory based modeling for security analysis in the nuclear fuel cycle

    International Nuclear Information System (INIS)

    Woo, Tae Ho

    2015-01-01

    The nuclear fuel cycle is investigated for the perspective of the nuclear non-proliferation. The random number generation of the Monte-Carlo method is utilized for the analysis. Five cases are quantified by the random number generations. These values are summed by the described equations. The higher values are shown in 52 nd and 73 rd months. This way could be a useful obligation in the license of the plant construction. The security of the nuclear fuel cycle incorporated with nuclear power plants (NPPs) is investigated using social impact theory. The dynamic quantification of the theory shows the non-secured time for act of terrorism which is considered for the non-secured condition against the risk of theft in nuclear material. For a realistic consideration, the meta-theoretical framework for modeling is performed for situations where beliefs, attributes or behaviors of an individual are influenced by those of others.

  18. A network security situation prediction model based on wavelet neural network with optimized parameters

    Directory of Open Access Journals (Sweden)

    Haibo Zhang

    2016-08-01

    Full Text Available The security incidents ion networks are sudden and uncertain, it is very hard to precisely predict the network security situation by traditional methods. In order to improve the prediction accuracy of the network security situation, we build a network security situation prediction model based on Wavelet Neural Network (WNN with optimized parameters by the Improved Niche Genetic Algorithm (INGA. The proposed model adopts WNN which has strong nonlinear ability and fault-tolerance performance. Also, the parameters for WNN are optimized through the adaptive genetic algorithm (GA so that WNN searches more effectively. Considering the problem that the adaptive GA converges slowly and easily turns to the premature problem, we introduce a novel niche technology with a dynamic fuzzy clustering and elimination mechanism to solve the premature convergence of the GA. Our final simulation results show that the proposed INGA-WNN prediction model is more reliable and effective, and it achieves faster convergence-speed and higher prediction accuracy than the Genetic Algorithm-Wavelet Neural Network (GA-WNN, Genetic Algorithm-Back Propagation Neural Network (GA-BPNN and WNN.

  19. Security for grids

    Energy Technology Data Exchange (ETDEWEB)

    Humphrey, Marty; Thompson, Mary R.; Jackson, Keith R.

    2005-08-14

    Securing a Grid environment presents a distinctive set of challenges. This paper groups the activities that need to be secured into four categories: naming and authentication; secure communication; trust, policy, and authorization; and enforcement of access control. It examines the current state of the art in securing these processes and introduces new technologies that promise to meet the security requirements of Grids more completely.

  20. A Formal Model of Trust Chain based on Multi-level Security Policy

    OpenAIRE

    Kong Xiangying

    2013-01-01

    Trust chain is the core technology of trusted computing. A formal model of trust chain based on finite state automata theory is proposed. We use communicating sequential processes to describe the system state transition in trust chain and by combining with multi-level security strategy give the definition of trust system and trust decision theorem of trust chain transfer which is proved meantime. Finally, a prototype system is given to show the efficiency of the model.

  1. Requirements Modeling with the Aspect-oriented User Requirements Notation (AoURN): A Case Study

    Science.gov (United States)

    Mussbacher, Gunter; Amyot, Daniel; Araújo, João; Moreira, Ana

    The User Requirements Notation (URN) is a recent ITU-T standard that supports requirements engineering activities. The Aspect-oriented URN (AoURN) adds aspect-oriented concepts to URN, creating a unified framework that allows for scenario-based, goal-oriented, and aspect-oriented modeling. AoURN is applied to the car crash crisis management system (CCCMS), modeling its functional and non-functional requirements (NFRs). AoURN generally models all use cases, NFRs, and stakeholders as individual concerns and provides general guidelines for concern identification. AoURN handles interactions between concerns, capturing their dependencies and conflicts as well as the resolutions. We present a qualitative comparison of aspect-oriented techniques for scenario-based and goal-oriented requirements engineering. An evaluation carried out based on the metrics adapted from literature and a task-based evaluation suggest that AoURN models are more scalable than URN models and exhibit better modularity, reusability, and maintainability.

  2. Irrigation Requirement Estimation Using Vegetation Indices and Inverse Biophysical Modeling

    Science.gov (United States)

    Bounoua, Lahouari; Imhoff, Marc L.; Franks, Shannon

    2010-01-01

    We explore an inverse biophysical modeling process forced by satellite and climatological data to quantify irrigation requirements in semi-arid agricultural areas. We constrain the carbon and water cycles modeled under both equilibrium, balance between vegetation and climate, and non-equilibrium, water added through irrigation. We postulate that the degree to which irrigated dry lands vary from equilibrium climate conditions is related to the amount of irrigation. The amount of water required over and above precipitation is considered as an irrigation requirement. For July, results show that spray irrigation resulted in an additional amount of water of 1.3 mm per occurrence with a frequency of 24.6 hours. In contrast, the drip irrigation required only 0.6 mm every 45.6 hours or 46% of that simulated by the spray irrigation. The modeled estimates account for 87% of the total reported irrigation water use, when soil salinity is not important and 66% in saline lands.

  3. How to capture, model, and verify the knowledge of legal, security, and privacy experts: A pattern-based approach

    NARCIS (Netherlands)

    Compagna, L.; El Khoury, P.; Massacci, F.; Thomas, R.; Zannone, N.

    2007-01-01

    Laws set requirements that force organizations to assess the security and privacy of their IT systems and impose the adoption of the implementation of minimal precautionary security measures. Several frameworks have been proposed to deal with thii issue. For instance, purpose-based access control is

  4. Validation of Power Requirement Model for Active Loudspeakers

    DEFF Research Database (Denmark)

    Schneider, Henrik; Madsen, Anders Normann; Bjerregaard, Ruben

    2015-01-01

    . There are however many advantages that could be harvested from such knowledge like size, cost and efficiency improvements. In this paper a recently proposed power requirement model for active loudspeakers is experimentally validated and the model is expanded to include the closed and vented type enclosures...

  5. 17 CFR 249.619 - Form TA-Y2K, information required of transfer agents pursuant to section 17 of the Securities...

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Form TA-Y2K, information... Certain Exchange Members, Brokers, and Dealers § 249.619 Form TA-Y2K, information required of transfer... affecting Form TA-Y2K, see the List of CFR Sections Affected, which appears in the Finding Aids section of...

  6. 17 CFR 249.618 - Form BD-Y2K, information required of broker-dealers pursuant to section 17 of the Securities...

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Form BD-Y2K, information... Exchange Members, Brokers, and Dealers § 249.618 Form BD-Y2K, information required of broker-dealers... FR 37674, July 13, 1998] Editorial Note: For Federal Register citations affecting Form BD-Y2K, see...

  7. On the Modelling of Context-Aware Security for Mobile Devices

    Directory of Open Access Journals (Sweden)

    Tomasz Zurek

    2016-01-01

    Full Text Available Security management in wireless networks has to deal with the changing character of the environment, which can further lead to decision making problem for unexpected events. Among a huge list of devices, the mobile ones are especially vulnerable to this situation. The solution for adapting systems and applications to dynamic environments can be context-aware description of the user actions, which gives a possibility to take into account the factors that influence these actions. In the article, we propose a context-aware security adjusting model, which is based on proposition logic and incorporates mechanisms that assist in the reasoning process. The main benefits that differentiate our approach from similar ones are a formal representation of the model, the usage of the whole spectrum of context attributes, the detection and analysis of contextual data integrity, and conflicting rules’ eradication capability. All these traits transcribe into a more effective way of adjusting security measures in accordance with existing circumstances. To illustrate the proposed approach, we present the case study of context-aware security management for mobile devices.

  8. Business Process Simulation: Requirements for Business and Resource Models

    Directory of Open Access Journals (Sweden)

    Audrius Rima

    2015-07-01

    Full Text Available The purpose of Business Process Model and Notation (BPMN is to provide easily understandable graphical representation of business process. Thus BPMN is widely used and applied in various areas one of them being a business process simulation. This paper addresses some BPMN model based business process simulation problems. The paper formulate requirements for business process and resource models in enabling their use for business process simulation.

  9. Security of Supply: A Pan-European Approach - The Opportunities and Requirements of Greater Cooperation Across European Electricity Markets

    International Nuclear Information System (INIS)

    Ulreich, S.

    2015-01-01

    reduce residual load could be realised, then less power plant capacity would have to be reserved. Storage to take in excess energy would be necessary only at a later date, if required. Both of these factors can result in cost reductions. Potential savings would need to be compared with the network expansion and transaction costs associated with collective generation adequacy assessment. Comprehensive assessment of the costs and benefits should however also take into consideration any gains in the efficiency of electricity generation arising from improved usage of power plants. The following requirements are necessary to achieve this potential: 1) Cross-border methods of generation adequacy assessment need to be further developed in addition to national approaches; 2) International harmonisation of generation adequacy assessment processes. This also impacts the legal and organisational aspects of ensuring generation adequacy; 3) Reliable cross border capacity to ensure domestic security of supply. Parties responsible for security of supply at a national level need a binding guarantee when securing domestic demand with cross-border capacity; 4) Development of grid infrastructure needed alongside the existing planning (e.g. TYNDP), while giving group effects even more consideration. In doing so, obstacles as well as transformation and transaction costs need to be considered. These can be difficult to quantify, but play an important role in practice. We have arrived at the following recommendations based on the study: 1) Harmonisation of standards and processes: Common definitions of security of supply, a coordinated process of generation adequacy assessment and a guarantee of cross-border generation adequacy can contribute to the realisation of a domestic market design, even if the actual costs savings and required costs are difficult to determine. We recommend that these factors be taken into account in electricity market design. 2) Review of the evaluation of wind power

  10. Models of Human Information Requirements: "When Reasonable Aiding Systems Disagree"

    Science.gov (United States)

    Corker, Kevin; Pisanich, Gregory; Shafto, Michael (Technical Monitor)

    1994-01-01

    Aircraft flight management and Air Traffic Control (ATC) automation are under development to maximize the economy of flight and to increase the capacity of the terminal area airspace while maintaining levels of flight safety equal to or better than current system performance. These goals are being realized by the introduction of flight management automation aiding and operations support systems on the flight deck and by new developments of ATC aiding systems that seek to optimize scheduling of aircraft while potentially reducing required separation and accounting for weather and wake vortex turbulence. Aiding systems on both the flight deck and the ground operate through algorithmic functions on models of the aircraft and of the airspace. These models may differ from each other as a result of variations in their models of the immediate environment. The resultant flight operations or ATC commands may differ in their response requirements (e.g. different preferred descent speeds or descent initiation points). The human operators in the system must then interact with the automation to reconcile differences and resolve conflicts. We have developed a model of human performance including cognitive functions (decision-making, rule-based reasoning, procedural interruption recovery and forgetting) that supports analysis of the information requirements for resolution of flight aiding and ATC conflicts. The model represents multiple individuals in the flight crew and in ATC. The model is supported in simulation on a Silicon Graphics' workstation using Allegro Lisp. Design guidelines for aviation automation aiding systems have been developed using the model's specification of information and team procedural requirements. Empirical data on flight deck operations from full-mission flight simulation are provided to support the model's predictions. The paper describes the model, its development and implementation, the simulation test of the model predictions, and the empirical

  11. Employment of personnel of a security service company does not require the consent of the works council

    International Nuclear Information System (INIS)

    Anon.

    1992-01-01

    If a company or institution hires personnel of a security service company to protect its premises, this kind of employment does not mean the company carries on temporary employment business. Within the purview of section 99, sub-section 1 of the BetrVG (Works Constitution Act), the security service personnel is not 'employed' in the proper sense even if the security tasks fulfilled by them are done at other times by regular employees of the company or institution. The court decision also decided that the Works Council need not give consent to employment of foreign security personnel. Federal Labour Court, decision dated May 5, 1992 - 1 ABR 78/91. (orig./HP) [de

  12. Security during the Construction of New Nuclear Power Plants: Technical Basis for Access Authorization and Fitness-For-Duty Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Branch, Kristi M.; Baker, Kathryn A.

    2009-09-01

    A technical letter report to the NRC summarizing the findings of a benchmarking study, literature review, and workshop with experts on current industry standards and expert judgments about needs for security during the construction phase of critical infrastructure facilities in the post-September 11 U.S. context, with a special focus on the construction phase of nuclear power plants and personnel security measures.

  13. Probabilistic modelling of security of supply in gas networks and evaluation of new infrastructure

    International Nuclear Information System (INIS)

    Praks, Pavel; Kopustinskas, Vytis; Masera, Marcelo

    2015-01-01

    The paper presents a probabilistic model to study security of supply in a gas network. The model is based on Monte-Carlo simulations with graph theory, and is implemented in the software tool ProGasNet. The software allows studying gas networks in various aspects including identification of weakest links and nodes, vulnerability analysis, bottleneck analysis, evaluation of new infrastructure etc. In this paper ProGasNet is applied to a benchmark network based on a real EU gas transmission network of several countries with the purpose of evaluating the security of supply effects of new infrastructure, either under construction, recently completed or under planning. The probabilistic model enables quantitative evaluations by comparing the reliability of gas supply in each consuming node of the network. - Highlights: • A Monte-Carlo algorithm for stochastic flow networks is presented. • Network elements can fail according to a given probabilistic model. • Priority supply pattern of gas transmission networks is assumed. • A real-world EU gas transmission network is presented and analyzed. • A risk ratio is used for security of supply quantification of a new infrastructure.

  14. Proactive Security Testing and Fuzzing

    Science.gov (United States)

    Takanen, Ari

    Software is bound to have security critical flaws, and no testing or code auditing can ensure that software is flaw-less. But software security testing requirements have improved radically during the past years, largely due to criticism from security conscious consumers and Enterprise customers. Whereas in the past, security flaws were taken for granted (and patches were quietly and humbly installed), they now are probably one of the most common reasons why people switch vendors or software providers. The maintenance costs from security updates often add to become one of the biggest cost items to large Enterprise users. Fortunately test automation techniques have also improved. Techniques like model-based testing (MBT) enable efficient generation of security tests that reach good confidence levels in discovering zero-day mistakes in software. This technique is called fuzzing.

  15. The French nuclear policy. A model for security policy in North-East Asia

    International Nuclear Information System (INIS)

    Choe, K.

    1998-01-01

    Between the end of the second world war and the collapse of the Berlin wall, the French diplomacy was based on the nuclear policy in a solid and coherent way. This nuclear policy was an 'incarnation' of the national security conception, allowing France to recover its political, military and economical rank on the international scene. The most important characteristic of the French nuclear policy concerns the commercialization of the nuclear energy which aims to ensuring the national security through the building up of a financial, technological and political 'reserve'. In front of the domination of the USA and USSR during the cold war era, NE Asia had a similar geostrategic configuration as Western Europe. It concerns in particular the massive application of nuclear energy for both military and industrial purposes. The bases of the security policy in this region refers to the real use of the nuclear weapon by the USA against Japan in 1945. The French nuclear policy may be considered as a model for the building of the security policy of NE Asia, in particular through the commercialization of the nuclear technology between the countries in concern. This nuclear approach would allow the countries of these region to change their present day national defense policy into an economical and military cooperation. (J.S.)

  16. Security in the data link layer of the OSI model on LANs wired Cisco

    Directory of Open Access Journals (Sweden)

    María Genoveva Moreira Santos

    2018-02-01

    Full Text Available There are no technologies or protocols completely secure in network infrastructures, for this reason, this document aims to demonstrate the importance of configuring security options on network equipments. On this occasion we will focus on the data link layer of the OSI model, which is where controls have begun to be implemented at level of protocols. The tools that are used in the research facilitate the implementation of a virtual laboratory, which consists of a base operating system (windows in which virtualbox is installed to mount linux mint, which will generate attacks; while in VMware, we installed a virtual machine that allows you to add the image of a switch to our network simulation software (GNS3, which integrates all the components. The tests were able to identify the vulnerabilities in MAC, ARP, VLAN and STP, and then to proceed to patch these security aws. Keeping the setting by default or ignoring the characteristics of network equipment are usually the reasons why these vulnerabilities exist. Finally, it was proved how easy it can be to run an attack and at the same time to implement security measures on the layer 2 of the OSI.

  17. Advanced Approach to Information Security Management System Model for Industrial Control System

    Science.gov (United States)

    2014-01-01

    Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS. PMID:25136659

  18. Advanced Approach to Information Security Management System Model for Industrial Control System

    Directory of Open Access Journals (Sweden)

    Sanghyun Park

    2014-01-01

    Full Text Available Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS. ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

  19. Advanced approach to information security management system model for industrial control system.

    Science.gov (United States)

    Park, Sanghyun; Lee, Kyungho

    2014-01-01

    Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

  20. Shift scheduling model considering workload and worker’s preference for security department

    Science.gov (United States)

    Herawati, A.; Yuniartha, D. R.; Purnama, I. L. I.; Dewi, LT

    2018-04-01

    Security department operates for 24 hours and applies shift scheduling to organize its workers as well as in hotel industry. This research has been conducted to develop shift scheduling model considering the workers physical workload using rating of perceived exertion (RPE) Borg’s Scale and workers’ preference to accommodate schedule flexibility. The mathematic model is developed in integer linear programming and results optimal solution for simple problem. Resulting shift schedule of the developed model has equally distribution shift allocation among workers to balance the physical workload and give flexibility for workers in working hours arrangement.

  1. A study of insider threat in nuclear security analysis using game theoretic modeling

    International Nuclear Information System (INIS)

    Kim, Kyo-Nam; Yim, Man-Sung; Schneider, Erich

    2017-01-01

    Highlights: • Implications of an insider threat in nuclear security were quantitatively analyzed. • The analysis was based on of a hypothetical nuclear facility and using game theoretic approach. • Through a sensitivity analysis, vulnerable paths and important parameters were identified. • The methodology can be utilized to prioritize the implementation of PPS improvements in a facility. - Abstract: An Insider poses a greater threat to the security system of a nuclear power plant (NPP) because of their ability to take advantage of their access rights and knowledge of a facility, to bypass dedicated security measures. If an insider colludes with an external terrorist group, this poses a key threat to the safety-security interface. However, despite the importance of the insider threat, few studies have been conducted to quantitatively analyze an insider threat. This research examines the quantitative framework for investigating the implications of insider threat, taking a novel approach. Conventional tools assessing the security threats to nuclear facilities focus on a limited number of attack pathways. These are defined by the modeler and are based on simple probabilistic calculations. They do not capture the adversary’s intentions nor do they account for their response and adaptation to defensive investments. As an alternative way of performing physical protection analysis, this research explores the use of game theoretic modeling of Physical Protection Systems (PPS) analysis by incorporating the implications of an insider threat, to address the issues of intentionality and interactions. The game theoretic approach has the advantage of modeling an intelligent adversary and insider who has an intention to do harm and complete knowledge of the facility. Through a quantitative assessment and sensitivity analysis, vulnerable but important parameters in this model were identified. This made it possible to determine which insider threat is more important. The

  2. Behavioral and physical biometric characteristics modeling used for ITS security improvement

    Directory of Open Access Journals (Sweden)

    Miroslav BAČA

    2009-01-01

    Full Text Available Biometric technologies rely on specific biometric characteristics that are used for recognition. The particular characteristic for a given situation can be described through a serious of descriptive parameters including ease of collecting, permanence, measurably, acceptability, deceptiveness, universality, uniqueness, sample cost, system cost, database size, as well as environmental factors. By using our ontology-based framework for adequacy of biometric systems, we introduce a model for using biometric technologies in ITS. Such technologies increase security, safety and protection of ITS.

  3. Children affected by HIV/AIDS: SAFE, a model for promoting their security, health, and development.

    Science.gov (United States)

    Betancourt, Theresa S; Fawzi, Mary K S; Bruderlein, Claude; Desmond, Chris; Kim, Jim Y

    2010-05-01

    A human security framework posits that individuals are the focus of strategies that protect the safety and integrity of people by proactively promoting children's well being, placing particular emphasis on prevention efforts and health promotion. This article applies this framework to a rights-based approach in order to examine the health and human rights of children affected by HIV/AIDS. The SAFE model describes sources of insecurity faced by children across four fundamental dimensions of child well-being and the survival strategies that children and families may employ in response. The SAFE model includes: Safety/protection; Access to health care and basic physiological needs; Family/connection to others; and Education/livelihoods. We argue that it is critical to examine the situation of children through an integrated lens that effectively looks at human security and children's rights through a holistic approach to treatment and care rather than artificially limiting our scope of work to survival-oriented interventions for children affected by HIV/AIDS. Interventions targeted narrowly at children, in isolation of their social and communal environment as outlined in the SAFE model, may in fact undermine protective resources in operation in families and communities and present additional threats to children's basic security. An integrated approach to the basic security and care of children has implications for the prospects of millions of children directly infected or indirectly affected by HIV/AIDS around the world. The survival strategies that young people and their families engage in must be recognized as a roadmap for improving their protection and promoting healthy development. Although applied to children affected by HIV/AIDS in the present analysis, the SAFE model has implications for guiding the care and protection of children and families facing adversity due to an array of circumstances from armed conflict and displacement to situations of extreme poverty.

  4. Information Systems Security Audit

    OpenAIRE

    Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

    2007-01-01

    The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  5. Formal Requirements Modeling for Reactive Systems with Coloured Petri Nets

    DEFF Research Database (Denmark)

    Tjell, Simon

    This dissertation presents the contributions of seven publications all concerned with the application of Coloured Petri Nets (CPN) to requirements modeling for reactive systems. The publications are introduced along with relevant background material and related work, and their contributions...... to take into concern that the behavior of human actors is less likely to be predictable than the behavior of e.g. mechanical components.   In the second approach, the CPN model is parameterized and utilizes a generic and reusable CPN module operating as an SD interpreter. In addition to distinguishing...... and events. A tool is presented that allows automated validation of the structure of CPN models with respect to the guidelines. Next, three publications on integrating Jackson's Problem Frames with CPN requirements models are presented: The first publication introduces a method for systematically structuring...

  6. Model-based human reliability analysis: prospects and requirements

    International Nuclear Information System (INIS)

    Mosleh, A.; Chang, Y.H.

    2004-01-01

    Major limitations of the conventional methods for human reliability analysis (HRA), particularly those developed for operator response analysis in probabilistic safety assessments (PSA) of nuclear power plants, are summarized as a motivation for the need and a basis for developing requirements for the next generation HRA methods. It is argued that a model-based approach that provides explicit cognitive causal links between operator behaviors and directly or indirectly measurable causal factors should be at the core of the advanced methods. An example of such causal model is briefly reviewed, where due to the model complexity and input requirements can only be currently implemented in a dynamic PSA environment. The computer simulation code developed for this purpose is also described briefly, together with current limitations in the models, data, and the computer implementation

  7. End-to-end Information Flow Security Model for Software-Defined Networks

    Directory of Open Access Journals (Sweden)

    D. Ju. Chaly

    2015-01-01

    Full Text Available Software-defined networks (SDN are a novel paradigm of networking which became an enabler technology for many modern applications such as network virtualization, policy-based access control and many others. Software can provide flexibility and fast-paced innovations in the networking; however, it has a complex nature. In this connection there is an increasing necessity of means for assuring its correctness and security. Abstract models for SDN can tackle these challenges. This paper addresses to confidentiality and some integrity properties of SDNs. These are critical properties for multi-tenant SDN environments, since the network management software must ensure that no confidential data of one tenant are leaked to other tenants in spite of using the same physical infrastructure. We define a notion of end-to-end security in context of software-defined networks and propose a semantic model where the reasoning is possible about confidentiality, and we can check that confidential information flows do not interfere with non-confidential ones. We show that the model can be extended in order to reason about networks with secure and insecure links which can arise, for example, in wireless environments.The article is published in the authors’ wording.

  8. RESEARCH OF OPEN SYSTEMS INTERCONNECTION MODEL IN TERMS OF INFORMATION SECURITY

    OpenAIRE

    Корнієнко, Б.; Національний авіаційний університет

    2013-01-01

    In this article the OSI model in terms of information security classification of vulnerabilities and security measures at the level of model OSI. In order to build a comprehensive information security systems for information and communication systems and networks offer a model to extend the seven- nine levels — through eight levels — level politician and ninth — level users. Рассмотрены модель OSI с точки зрения информационной безопасности, классификация уязвимостей и мероприятий обеспечен...

  9. Knowledge-based computer security advisor

    International Nuclear Information System (INIS)

    Hunteman, W.J.; Squire, M.B.

    1991-01-01

    The rapid expansion of computer security information and technology has included little support to help the security officer identify the safeguards needed to comply with a policy and to secure a computing system. This paper reports that Los Alamos is developing a knowledge-based computer security system to provide expert knowledge to the security officer. This system includes a model for expressing the complex requirements in computer security policy statements. The model is part of an expert system that allows a security officer to describe a computer system and then determine compliance with the policy. The model contains a generic representation that contains network relationships among the policy concepts to support inferencing based on information represented in the generic policy description

  10. Security challenges for virtualization in cloud

    International Nuclear Information System (INIS)

    Tayab, A.

    2015-01-01

    Virtualization is a model that is vastly growing in IT industry. Virtualization provides more than one logical resource in one single physical machine. Infrastructure use cloud services and on behalf of virtualization, cloud computing is also a rapidly growing model of IT industry. Cloud provider and cloud user, both remain ignorant of each other's security. Since virtualization and cloud computing are rapidly expanding and becoming more and more complex in infrastructure, more security is required to protect them from potential attacks and security threats. Virtualization provides various benefits in terms of hardware utilization, resources protection, remote access and other resources. This paper intends to discuss the common exploits of security uses in the virtualized environment and focuses on the security threats from the attacker's perspective. This paper discuss the major areas of virtualized model environment and also address the security concerns. And finally presents a solution for secure valorization in IT infrastructure and to protect inter communication of virtual machines. (author)

  11. Increasing security of supply: The search for stable models of financing for new nuclear build in the European Union

    International Nuclear Information System (INIS)

    Heffron, Raphael James

    2009-01-01

    Full text: This research assesses models for financing of new nuclear build in European Union (EU) member states to find the most stable form. The countries examined in this study are France, the United Kingdom, Finland and Romania. The results attest that due to various historical, political, competition, and electricity market structural conditions Romania has emerged with the most secure and stable model for financing of new nuclear projects. This paper begins with an assessment of the effects on the nuclear sector from energy, environment and competition legislation in the EU. Then the political and economic climate of the afore mentioned EU member states is completed. Following this an overview of the market structure of the electricity sector in those respective countries is conducted. Then the key research on the models of financing of new nuclear build is explored, contrasted and analysed. The research concludes that there are four main models for financing new nuclear projects in Europe. Each model has transcended from different political and economic forces, and consequently each model has met with varied levels of success. Electricity market structures while operating to the same legal requirements, have been dissimilar in their evolution. The combination of the above factors has led to different models for financing new nuclear build. Upon further analysis it is concluded and demonstrated that the Romanian financing model is the most suitable and provides an example for any new nuclear build aspiring nations in the EU and beyond. (author)

  12. Critical Business Requirements Model and Metrics for Intranet ROI

    OpenAIRE

    Luqi; Jacoby, Grant A.

    2005-01-01

    Journal of Electronic Commerce Research, Vol. 6, No. 1, pp. 1-30. This research provides the first theoretical model, the Intranet Efficiency and Effectiveness Model (IEEM), to measure intranet overall value contributions based on a corporation’s critical business requirements by applying a balanced baseline of metrics and conversion ratios linked to key business processes of knowledge workers, IT managers and business decision makers -- in effect, closing the gap of understanding...

  13. NASA Standard for Models and Simulations: Philosophy and Requirements Overview

    Science.gov (United States)

    Blattnig, Steve R.; Luckring, James M.; Morrison, Joseph H.; Sylvester, Andre J.; Tripathi, Ram K.; Zang, Thomas A.

    2013-01-01

    Following the Columbia Accident Investigation Board report, the NASA Administrator chartered an executive team (known as the Diaz Team) to identify those CAIB report elements with NASA-wide applicability and to develop corrective measures to address each element. One such measure was the development of a standard for the development, documentation, and operation of models and simulations. This report describes the philosophy and requirements overview of the resulting NASA Standard for Models and Simulations.

  14. Review on Cyber Security Programs for NPP Application

    Energy Technology Data Exchange (ETDEWEB)

    Oh, Eung Se [KEPRI, Daejeon (Korea, Republic of)

    2010-10-15

    Increased history records of cyber security (CS) attacks and concerns for computers and networks technical mishaps pull out cyber security to open places. In spite of secrete nature of security, transparent and shared knowledge of many security features are more required at modern plant floors. Korea Institute of Nuclear Safety (KINS), US Government and Nuclear Regulatory Commission (NRC) requested to develop cyber security plans and enforce their implementing to the NPPs. [KINS; CFR; RG 5.71] This paper reviews various cyber security guidelines and suggests an applicable cyber security program development models during the life cycle of NPP's Instrumentation and Control (I and C) systems

  15. Review on Cyber Security Programs for NPP Application

    International Nuclear Information System (INIS)

    Oh, Eung Se

    2010-01-01

    Increased history records of cyber security (CS) attacks and concerns for computers and networks technical mishaps pull out cyber security to open places. In spite of secrete nature of security, transparent and shared knowledge of many security features are more required at modern plant floors. Korea Institute of Nuclear Safety (KINS), US Government and Nuclear Regulatory Commission (NRC) requested to develop cyber security plans and enforce their implementing to the NPPs. [KINS] [CFR] [RG 5.71] This paper reviews various cyber security guidelines and suggests an applicable cyber security program development models during the life cycle of NPP's Instrumentation and Control (I and C) systems

  16. 75 FR 2433 - Special Conditions: Boeing Model 747-8/-8F Airplanes, Systems and Data Networks Security...

    Science.gov (United States)

    2010-01-15

    ... Conditions No. 25-401-SC] Special Conditions: Boeing Model 747-8/-8F Airplanes, Systems and Data Networks Security--Protection of Airplane Systems and Data Networks From Unauthorized External Access AGENCY... that effective electronic system security protection strategies are implemented to protect the airplane...

  17. Ministerial Decree of 16 February 1976 relating to approval of the model certificate of financial security for the transport of radioactive materials

    International Nuclear Information System (INIS)

    1976-01-01

    This Decree by the Minister of Industry, Commerce and Crafts, in consultation with the Minister of Transport, approves the model certificate of financial security for the transport of nuclear materials. This type of certificate issued by nuclear insurers is intended to provide detailed information on the nature of the financial security for damage likely to be caused by the materials in the course of transport; it is required to supply the certificate according to the Paris Convention on Third Party Liability in the Field of Nuclear Energy, ratified by Italy in 1975. The standardised presentation of this certificate enables it to be used in international transport between countries parties to the Paris Convention as proof of the existence of the financial security. (N.E.A.)

  18. Kyrgyzstan's security problems today

    OpenAIRE

    Abduvalieva, Ryskul

    2009-01-01

    Regional stability and security consist of two levels-the external security of each country at the regional level and the internal security of each of them individually. A state's external and internal security are closely interrelated concepts. It stands to reason that ensuring internal security and stability is the primary and most important task. But the external aspect also requires attention. This article takes a look at the most important problems of ensuring Kyrgyzstan's security.

  19. Security By Design

    OpenAIRE

    Tanner, M. James

    2009-01-01

    Securing a computer from unwanted intrusion requires astute planning and effort to effectively minimize the security invasions computers are plagued with today. While all of the efforts to secure a computer are needed, it seems that the underlying issue of what is being secured has been overlooked. The operating system is at the core of the security issue. Many applications and devices have been put into place to add layers of protection to an already weak operating system. Security did not u...

  20. Generic skills requirements (KSA model) towards future mechanical ...

    African Journals Online (AJOL)

    ... Statistics and Discriminant Analysis (DA) as required to achieve the objective of the study. This study will guide all future engineers, especially in the field of Mechanical Engineering in Malaysia to penetrate the job market according to the current market needs. Keywords: generic skills; KSA model; mechanical engineers; ...

  1. Fusing Quantitative Requirements Analysis with Model-based Systems Engineering

    Science.gov (United States)

    Cornford, Steven L.; Feather, Martin S.; Heron, Vance A.; Jenkins, J. Steven

    2006-01-01

    A vision is presented for fusing quantitative requirements analysis with model-based systems engineering. This vision draws upon and combines emergent themes in the engineering milieu. "Requirements engineering" provides means to explicitly represent requirements (both functional and non-functional) as constraints and preferences on acceptable solutions, and emphasizes early-lifecycle review, analysis and verification of design and development plans. "Design by shopping" emphasizes revealing the space of options available from which to choose (without presuming that all selection criteria have previously been elicited), and provides means to make understandable the range of choices and their ramifications. "Model-based engineering" emphasizes the goal of utilizing a formal representation of all aspects of system design, from development through operations, and provides powerful tool suites that support the practical application of these principles. A first step prototype towards this vision is described, embodying the key capabilities. Illustrations, implications, further challenges and opportunities are outlined.

  2. Models of protein and amino acid requirements for cattle

    Directory of Open Access Journals (Sweden)

    Luis Orlindo Tedeschi

    2015-03-01

    Full Text Available Protein supply and requirements by ruminants have been studied for more than a century. These studies led to the accumulation of lots of scientific information about digestion and metabolism of protein by ruminants as well as the characterization of the dietary protein in order to maximize animal performance. During the 1980s and 1990s, when computers became more accessible and powerful, scientists began to conceptualize and develop mathematical nutrition models, and to program them into computers to assist with ration balancing and formulation for domesticated ruminants, specifically dairy and beef cattle. The most commonly known nutrition models developed during this period were the National Research Council (NRC in the United States, Agricultural Research Council (ARC in the United Kingdom, Institut National de la Recherche Agronomique (INRA in France, and the Commonwealth Scientific and Industrial Research Organization (CSIRO in Australia. Others were derivative works from these models with different degrees of modifications in the supply or requirement calculations, and the modeling nature (e.g., static or dynamic, mechanistic, or deterministic. Circa 1990s, most models adopted the metabolizable protein (MP system over the crude protein (CP and digestible CP systems to estimate supply of MP and the factorial system to calculate MP required by the animal. The MP system included two portions of protein (i.e., the rumen-undegraded dietary CP - RUP - and the contributions of microbial CP - MCP as the main sources of MP for the animal. Some models would explicitly account for the impact of dry matter intake (DMI on the MP required for maintenance (MPm; e.g., Cornell Net Carbohydrate and Protein System - CNCPS, the Dutch system - DVE/OEB, while others would simply account for scurf, urinary, metabolic fecal, and endogenous contributions independently of DMI. All models included milk yield and its components in estimating MP required for lactation

  3. Workshop on Current Issues in Predictive Approaches to Intelligence and Security Analytics: Fostering the Creation of Decision Advantage through Model Integration and Evaluation

    Energy Technology Data Exchange (ETDEWEB)

    Sanfilippo, Antonio P.

    2010-05-23

    The increasing asymmetric nature of threats to the security, health and sustainable growth of our society requires that anticipatory reasoning become an everyday activity. Currently, the use of anticipatory reasoning is hindered by the lack of systematic methods for combining knowledge- and evidence-based models, integrating modeling algorithms, and assessing model validity, accuracy and utility. The workshop addresses these gaps with the intent of fostering the creation of a community of interest on model integration and evaluation that may serve as an aggregation point for existing efforts and a launch pad for new approaches.

  4. Quality of Security Service: Adaptive Security

    National Research Council Canada - National Science Library

    Levin, Timothy E; Irvine, Cynthia E; Spyropoulou, Evdoxia

    2004-01-01

    The premise of Quality of Security Service is that system and network management functions can be more effective if variable levels of security services and requirements can be presented to users or network tasks...

  5. Business Model for the Security of a Large-Scale PACS, Compliance with ISO/27002:2013 Standard.

    Science.gov (United States)

    Gutiérrez-Martínez, Josefina; Núñez-Gaona, Marco Antonio; Aguirre-Meneses, Heriberto

    2015-08-01

    Data security is a critical issue in an organization; a proper information security management (ISM) is an ongoing process that seeks to build and maintain programs, policies, and controls for protecting information. A hospital is one of the most complex organizations, where patient information has not only legal and economic implications but, more importantly, an impact on the patient's health. Imaging studies include medical images, patient identification data, and proprietary information of the study; these data are contained in the storage device of a PACS. This system must preserve the confidentiality, integrity, and availability of patient information. There are techniques such as firewalls, encryption, and data encapsulation that contribute to the protection of information. In addition, the Digital Imaging and Communications in Medicine (DICOM) standard and the requirements of the Health Insurance Portability and Accountability Act (HIPAA) regulations are also used to protect the patient clinical data. However, these techniques are not systematically applied to the picture and archiving and communication system (PACS) in most cases and are not sufficient to ensure the integrity of the images and associated data during transmission. The ISO/IEC 27001:2013 standard has been developed to improve the ISM. Currently, health institutions lack effective ISM processes that enable reliable interorganizational activities. In this paper, we present a business model that accomplishes the controls of ISO/IEC 27002:2013 standard and criteria of security and privacy from DICOM and HIPAA to improve the ISM of a large-scale PACS. The methodology associated with the model can monitor the flow of data in a PACS, facilitating the detection of unauthorized access to images and other abnormal activities.

  6. Cloud Computing Security: A Survey

    Directory of Open Access Journals (Sweden)

    Issa M. Khalil

    2014-02-01

    Full Text Available Cloud computing is an emerging technology paradigm that migrates current technological and computing concepts into utility-like solutions similar to electricity and water systems. Clouds bring out a wide range of benefits including configurable computing resources, economic savings, and service flexibility. However, security and privacy concerns are shown to be the primary obstacles to a wide adoption of clouds. The new concepts that clouds introduce, such as multi-tenancy, resource sharing and outsourcing, create new challenges to the security community. Addressing these challenges requires, in addition to the ability to cultivate and tune the security measures developed for traditional computing systems, proposing new security policies, models, and protocols to address the unique cloud security challenges. In this work, we provide a comprehensive study of cloud computing security and privacy concerns. We identify cloud vulnerabilities, classify known security threats and attacks, and present the state-of-the-art practices to control the vulnerabilities, neutralize the threats, and calibrate the attacks. Additionally, we investigate and identify the limitations of the current solutions and provide insights of the future security perspectives. Finally, we provide a cloud security framework in which we present the various lines of defense and identify the dependency levels among them. We identify 28 cloud security threats which we classify into five categories. We also present nine general cloud attacks along with various attack incidents, and provide effectiveness analysis of the proposed countermeasures.

  7. Required experimental accuracy to select between supersymmetrical models

    Science.gov (United States)

    Grellscheid, David

    2004-03-01

    We will present a method to decide a priori whether various supersymmetrical scenarios can be distinguished based on sparticle mass data alone. For each model, a scan over all free SUSY breaking parameters reveals the extent of that model's physically allowed region of sparticle-mass-space. Based on the geometrical configuration of these regions in mass-space, it is possible to obtain an estimate of the required accuracy of future sparticle mass measurements to distinguish between the models. We will illustrate this algorithm with an example. This talk is based on work done in collaboration with B C Allanach (LAPTH, Annecy) and F Quevedo (DAMTP, Cambridge).

  8. Communication security in open health care networks.

    Science.gov (United States)

    Blobel, B; Pharow, P; Engel, K; Spiegel, V; Krohn, R

    1999-01-01

    Fulfilling the shared care paradigm, health care networks providing open systems' interoperability in health care are needed. Such communicating and co-operating health information systems, dealing with sensitive personal medical information across organisational, regional, national or even international boundaries, require appropriate security solutions. Based on the generic security model, within the European MEDSEC project an open approach for secure EDI like HL7, EDIFACT, XDT or XML has been developed. The consideration includes both securing the message in an unsecure network and the transport of the unprotected information via secure channels (SSL, TLS etc.). Regarding EDI, an open and widely usable security solution has been specified and practically implemented for the examples of secure mailing and secure file transfer (FTP) via wrapping the sensitive information expressed by the corresponding protocols. The results are currently prepared for standardisation.

  9. CRYPTOGRAPHIC SECURE CLOUD STORAGE MODEL WITH ANONYMOUS AUTHENTICATION AND AUTOMATIC FILE RECOVERY

    Directory of Open Access Journals (Sweden)

    Sowmiya Murthy

    2014-10-01

    Full Text Available We propose a secure cloud storage model that addresses security and storage issues for cloud computing environments. Security is achieved by anonymous authentication which ensures that cloud users remain anonymous while getting duly authenticated. For achieving this goal, we propose a digital signature based authentication scheme with a decentralized architecture for distributed key management with multiple Key Distribution Centers. Homomorphic encryption scheme using Paillier public key cryptosystem is used for encrypting the data that is stored in the cloud. We incorporate a query driven approach for validating the access policies defined by an individual user for his/her data i.e. the access is granted to a requester only if his credentials matches with the hidden access policy. Further, since data is vulnerable to losses or damages due to the vagaries of the network, we propose an automatic retrieval mechanism where lost data is recovered by data replication and file replacement with string matching algorithm. We describe a prototype implementation of our proposed model.

  10. Global maize trade and food security: implications from a social network model.

    Science.gov (United States)

    Wu, Felicia; Guclu, Hasan

    2013-12-01

    In this study, we developed a social network model of the global trade of maize: one of the most important food, feed, and industrial crops worldwide, and critical to food security. We used this model to analyze patterns of maize trade among nations, and to determine where vulnerabilities in food security might arise if maize availability was decreased due to factors such as diversion to nonfood uses, climatic factors, or plant diseases. Using data on imports and exports from the U.N. Commodity Trade Statistics Database for each year from 2000 to 2009 inclusive, we summarized statistics on volumes of maize trade between pairs of nations for 217 nations. There is evidence of market segregation among clusters of nations; with three prominent clusters representing Europe, Brazil and Argentina, and the United States. The United States is by far the largest exporter of maize worldwide, whereas Japan and the Republic of Korea are the largest maize importers. In particular, the star-shaped cluster of the network that represents U.S. maize trade to other nations indicates the potential for food security risks because of the lack of trade these other nations conduct with other maize exporters. If a scenario arose in which U.S. maize could not be exported in as large quantities, maize supplies in many nations could be jeopardized. We discuss this in the context of recent maize ethanol production and its attendant impacts on food prices elsewhere worldwide. © 2013 Society for Risk Analysis.

  11. Android Security Framework: Enabling Generic and Extensible Access Control on Android

    OpenAIRE

    Backes, Michael; Bugiel, Sven; Gerling, Sebastian; von Styp-Rekowsky, Philipp

    2014-01-01

    We introduce the Android Security Framework (ASF), a generic, extensible security framework for Android that enables the development and integration of a wide spectrum of security models in form of code-based security modules. The design of ASF reflects lessons learned from the literature on established security frameworks (such as Linux Security Modules or the BSD MAC Framework) and intertwines them with the particular requirements and challenges from the design of Android's software stack. ...

  12. 76 FR 10529 - Special Conditions: Gulfstream Model GVI Airplane; Electronic Systems Security Protection From...

    Science.gov (United States)

    2011-02-25

    ... Security Protection From Unauthorized External Access AGENCY: Federal Aviation Administration (FAA), DOT... electronic system security protection for the aircraft control domain and airline information domain from... identified and assessed, and that effective electronic system security protection strategies are implemented...

  13. 76 FR 36863 - Special Conditions: Gulfstream Model GVI Airplane; Electronic Systems Security Protection From...

    Science.gov (United States)

    2011-06-23

    ... Security Protection From Unauthorized External Access AGENCY: Federal Aviation Administration (FAA), DOT... for Gulfstream GVI airplanes. 1. The applicant must ensure electronic system security protection for... that effective electronic system security protection strategies are implemented to protect the airplane...

  14. Cognition and procedure representational requirements for predictive human performance models

    Science.gov (United States)

    Corker, K.

    1992-01-01

    Models and modeling environments for human performance are becoming significant contributors to early system design and analysis procedures. Issues of levels of automation, physical environment, informational environment, and manning requirements are being addressed by such man/machine analysis systems. The research reported here investigates the close interaction between models of human cognition and models that described procedural performance. We describe a methodology for the decomposition of aircrew procedures that supports interaction with models of cognition on the basis of procedures observed; that serves to identify cockpit/avionics information sources and crew information requirements; and that provides the structure to support methods for function allocation among crew and aiding systems. Our approach is to develop an object-oriented, modular, executable software representation of the aircrew, the aircraft, and the procedures necessary to satisfy flight-phase goals. We then encode in a time-based language, taxonomies of the conceptual, relational, and procedural constraints among the cockpit avionics and control system and the aircrew. We have designed and implemented a goals/procedures hierarchic representation sufficient to describe procedural flow in the cockpit. We then execute the procedural representation in simulation software and calculate the values of the flight instruments, aircraft state variables and crew resources using the constraints available from the relationship taxonomies. The system provides a flexible, extensible, manipulative and executable representation of aircrew and procedures that is generally applicable to crew/procedure task-analysis. The representation supports developed methods of intent inference, and is extensible to include issues of information requirements and functional allocation. We are attempting to link the procedural representation to models of cognitive functions to establish several intent inference methods

  15. Mathematical model and coordination algorithms for ensuring complex security of an organization

    Science.gov (United States)

    Novoseltsev, V. I.; Orlova, D. E.; Dubrovin, A. S.; Irkhin, V. P.

    2018-03-01

    The mathematical model of coordination when ensuring complex security of the organization is considered. On the basis of use of a method of casual search three types of algorithms of effective coordination adequate to mismatch level concerning security are developed: a coordination algorithm at domination of instructions of the coordinator; a coordination algorithm at domination of decisions of performers; a coordination algorithm at parity of interests of the coordinator and performers. Assessment of convergence of the algorithms considered above it was made by carrying out a computing experiment. The described algorithms of coordination have property of convergence in the sense stated above. And, the following regularity is revealed: than more simply in the structural relation the algorithm, for the smaller number of iterations is provided to those its convergence.

  16. An Analysis of Cloud Model-Based Security for Computing Secure Cloud Bursting and Aggregation in Real Environment

    OpenAIRE

    Pritesh Jain; Vaishali Chourey; Dheeraj Rane

    2011-01-01

    Cloud Computing has emerged as a major information and communications technology trend and has been proved as a key technology for market development and analysis for the users of several field. The practice of computing across two or more data centers separated by the Internet is growing in popularity due to an explosion in scalable computing demands. However, one of the major challenges that faces the cloud computing is how to secure and protect the data and processes the data of the user. ...

  17. Junos Security

    CERN Document Server

    Cameron, Rob; Giecco, Patricio; Eberhard, Timothy; Quinn, James

    2010-01-01

    Junos® Security is the complete and authorized introduction to the new Juniper Networks SRX hardware series. This book not only provides a practical, hands-on field guide to deploying, configuring, and operating SRX, it also serves as a reference to help you prepare for any of the Junos Security Certification examinations offered by Juniper Networks. Network administrators and security professionals will learn how to use SRX Junos services gateways to address an array of enterprise data network requirements -- including IP routing, intrusion detection, attack mitigation, unified threat manag

  18. Security Protocols in a Nutshell

    OpenAIRE

    Toorani, Mohsen

    2016-01-01

    Security protocols are building blocks in secure communications. They deploy some security mechanisms to provide certain security services. Security protocols are considered abstract when analyzed, but they can have extra vulnerabilities when implemented. This manuscript provides a holistic study on security protocols. It reviews foundations of security protocols, taxonomy of attacks on security protocols and their implementations, and different methods and models for security analysis of pro...

  19. Information Models, Data Requirements, and Agile Data Curation

    Science.gov (United States)

    Hughes, John S.; Crichton, Dan; Ritschel, Bernd; Hardman, Sean; Joyner, Ron

    2015-04-01

    The Planetary Data System's next generation system, PDS4, is an example of the successful use of an ontology-based Information Model (IM) to drive the development and operations of a data system. In traditional systems engineering, requirements or statements about what is necessary for the system are collected and analyzed for input into the design stage of systems development. With the advent of big data the requirements associated with data have begun to dominate and an ontology-based information model can be used to provide a formalized and rigorous set of data requirements. These requirements address not only the usual issues of data quantity, quality, and disposition but also data representation, integrity, provenance, context, and semantics. In addition the use of these data requirements during system's development has many characteristics of Agile Curation as proposed by Young et al. [Taking Another Look at the Data Management Life Cycle: Deconstruction, Agile, and Community, AGU 2014], namely adaptive planning, evolutionary development, early delivery, continuous improvement, and rapid and flexible response to change. For example customers can be satisfied through early and continuous delivery of system software and services that are configured directly from the information model. This presentation will describe the PDS4 architecture and its three principle parts: the ontology-based Information Model (IM), the federated registries and repositories, and the REST-based service layer for search, retrieval, and distribution. The development of the IM will be highlighted with special emphasis on knowledge acquisition, the impact of the IM on development and operations, and the use of shared ontologies at multiple governance levels to promote system interoperability and data correlation.

  20. Protecting America's economy, environment, health, and security against invasive species requires a strong federal program in systematic biology

    Science.gov (United States)

    Hilda Diaz-Soltero; Amy Y. Rossman

    2011-01-01

    Systematics is the science that identifies and groups organisms by understanding their origins, relationships, and distributions. It is fundamental to understanding life on earth, our crops, wildlife, and diseases, and it provides the scientific foundation to recognize and manage invasive species. Protecting America's economy, environment, health, and security...