WorldWideScience

Sample records for policy information security

  1. Staffing Policy for Solving the Information Security

    Directory of Open Access Journals (Sweden)

    A. I. Tolstoy

    2012-06-01

    Full Text Available Determining staffing policy implementation of information security tasks is given. The basic requirements that must be taken into account when developing policies are defined. The policy framework is determined and recommendations for the design of such policies are formulated. Requirements for the implementation of the policy are defined.

  2. Validity of information security policy models

    Directory of Open Access Journals (Sweden)

    Joshua Onome Imoniana

    Full Text Available Validity is concerned with establishing evidence for the use of a method to be used with a particular set of population. Thus, when we address the issue of application of security policy models, we are concerned with the implementation of a certain policy, taking into consideration the standards required, through attribution of scores to every item in the research instrument. En today's globalized economic scenarios, the implementation of information security policy, in an information technology environment, is a condition sine qua non for the strategic management process of any organization. Regarding this topic, various studies present evidences that, the responsibility for maintaining a policy rests primarily with the Chief Security Officer. The Chief Security Officer, in doing so, strives to enhance the updating of technologies, in order to meet all-inclusive business continuity planning policies. Therefore, for such policy to be effective, it has to be entirely embraced by the Chief Executive Officer. This study was developed with the purpose of validating specific theoretical models, whose designs were based on literature review, by sampling 10 of the Automobile Industries located in the ABC region of Metropolitan São Paulo City. This sampling was based on the representativeness of such industries, particularly with regards to each one's implementation of information technology in the region. The current study concludes, presenting evidence of the discriminating validity of four key dimensions of the security policy, being such: the Physical Security, the Logical Access Security, the Administrative Security, and the Legal & Environmental Security. On analyzing the Alpha of Crombach structure of these security items, results not only attest that the capacity of those industries to implement security policies is indisputable, but also, the items involved, homogeneously correlate to each other.

  3. Information security policy development for compliance

    CERN Document Server

    Williams, Barry L

    2013-01-01

    Although compliance standards can be helpful guides to writing comprehensive security policies, many of the standards state the same requirements in slightly different ways. Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0 provides a simplified way to write policies that meet the major regulatory requirements, without having to manually look up each and every control. Explaining how to write policy statements that address multiple compliance standards and regulatory requirements, the book will he

  4. Unification of Information Security Policies for Network Security Solutions

    Directory of Open Access Journals (Sweden)

    D.S. Chernyavskiy

    2012-03-01

    Full Text Available Diversity of command languages on network security solutions’ (NSS interfaces causes problems in a process of information security policy (ISP deployment. Unified model for security policy representation and implementation in NSS could aid to avoid such problems and consequently enhance efficiency of the process. The proposed solution is Unified language for network security policy (ULNSP. The language is based on formal languages theory, and being coupled with its translator, ULNSP makes it possible to formalize and implement ISP independently of particular NSS.

  5. Information systems security policies: a survey in Portuguese public administration

    OpenAIRE

    Lopes, Isabel Maria; Sá-Soares, Filipe de

    2010-01-01

    Information Systems Security is a relevant factor for present organizations. Among the security measures, policies assume a central role in literature. However, there is a reduced number of empirical studies about the adoption of information systems security policies. This paper contributes to mitigate this flaw by presenting the results of a survey in the adoption of Information System Security Policies in Local Public Administration in Portugal. The results are discussed in light of literat...

  6. Three Essays on Information Security Policies

    Science.gov (United States)

    Yang, Yubao

    2011-01-01

    Information security breaches pose a significant and increasing threat to national security and economic well-being. In the Symantec Internet Security Threat Report (2003), companies surveyed experienced an average of about 30 attacks per week. Anecdotal evidence suggests that losses from cyber-attacks can run into millions of dollars. The CSI-FBI…

  7. Information Security Policy Modeling for Network Security Systems

    Directory of Open Access Journals (Sweden)

    Dmitry Sergeevich Chernyavskiy

    2014-12-01

    Full Text Available Policy management for network security systems (NSSs is one of the most topical issues of network security management. Incorrect configurations of NSSs lead to system outages and appearance of vulnerabilities. Moreover, policy management process is a time-consuming task, which includes significant amount of manual work. These factors reduce efficiency of NSSs’ utilization. The paper discusses peculiarities of policy management process and existing approaches to policy modeling, presents a model aimed to formalize policies for NSSs independently on NSSs’ platforms and select the most effective NSSs for implementation of the policies.

  8. 75 FR 10507 - Information Security Oversight Office; National Industrial Security Program Policy Advisory...

    Science.gov (United States)

    2010-03-08

    ... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office; National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and Records... individuals planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later...

  9. Information security policies and procedures a practitioner's reference

    CERN Document Server

    Peltier, Thomas R

    2004-01-01

    INFORMATION SECURITY POLICIES AND PROCEDURES Introduction Corporate Policies Organizationwide (Tier 1) Policies Organizationwide Policy Document Legal Requirements Duty of Loyalty Duty of Care Other Laws and Regulations Business Requirements Where to Begin? Summary Why Manage This Process as a Project? Introduction First Things First: Identify the Sponsor Defining the Scope of Work Time Management Cost Management Planning for Quality Managing Human Resources Creating a Communications Plan Summary Planning and Preparation Introduction Objectives of Policies, Stand

  10. An Integrative Behavioral Model of Information Security Policy Compliance

    Directory of Open Access Journals (Sweden)

    Sang Hoon Kim

    2014-01-01

    Full Text Available The authors found the behavioral factors that influence the organization members’ compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members’ attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1 the study is expected to play a role of the baseline for future research about organization members’ compliance with the information security policy, (2 the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3 the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training

  11. An integrative behavioral model of information security policy compliance.

    Science.gov (United States)

    Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

    2014-01-01

    The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing

  12. Information security policy: contributions from internal marketing for its effectiveness

    Directory of Open Access Journals (Sweden)

    Cristiane Ellwanger

    2012-06-01

    Full Text Available Protecting sources of information has become a great challenge to the organizations, due to the advance of the information technologies, the integration between them and the constant stream of information that flows through the communication networks. The establishment of an Information Security Policy – PSI may resolve a part of the problems related to security, but it cannot totally solve them, since the human resources present in the internal environment of the organizations may spoil the effectiveness of the PSI. Given the importance of the human aspects in the context of the information security, the present work discusses the use of internal marketing as a management strategy in order to obtain or reestablish the commitment of the users to the principles defined in the PSI, and demonstrates, through an experimental research, the impact of using internal marketing techniques to the effectiveness of that policy. The results of this experiment make quantitatively evident how relevant the use of these techniques may be in order to have the procedures described in the PSI actually carried out by the users, and demonstrates a 402,4% increase in the support to the information security policy, considering the procedures indicated in the PSI that were totally executed.

  13. Reviewing and reforming policy in health enterprise information security

    Science.gov (United States)

    Sostrom, Kristen; Collmann, Jeff R.

    2001-08-01

    Health information management policies usually address the use of paper records with little or no mention of electronic health records. Information Technology (IT) policies often ignore the health care business needs and operational use of the information stored in its systems. Representatives from the Telemedicine & Advanced Technology Research Center, TRICARE and Offices of the Surgeon General of each Military Service, collectively referred to as the Policies, Procedures and Practices Work Group (P3WG), examined military policies and regulations relating to computer-based information systems and medical records management. Using a system of templates and matrices created for the purpose, P3WG identified gaps and discrepancies in DoD and service compliance with the proposed Health Insurance Portability and Accountability Act (HIPAA) Security Standard. P3WG represents an unprecedented attempt to coordinate policy review and revision across all military health services and the Office of Health Affairs. This method of policy reform can identify where changes need to be made to integrate health management policy and IT policy in to an organizational policy that will enable compliance with HIPAA standards. The process models how large enterprises may coordinate policy revision and reform across broad organizational and work domains.

  14. A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education Institutions

    Science.gov (United States)

    Waddell, Stanie Adolphus

    2013-01-01

    Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and…

  15. Hybrid Security Policies

    Directory of Open Access Journals (Sweden)

    Radu CONSTANTINESCU

    2006-01-01

    Full Text Available Policy is defined as the rules and regulations set by the organization. They are laid down by management in compliance with industry regulations, law and internal decisions. Policies are mandatory. Security policies rules how the information is protected against security vulnerabilities and they are the basis for security awareness, training and vital for security audits. Policies are focused on desired results. The means of achieving the goals are defined on controls, standards and procedures.

  16. Information System Security: Army Web Site Administration, Policies, and Practices

    National Research Council Canada - National Science Library

    2002-01-01

    .... The Policy requires heads of DoD Components to establish a process to identify appropriate information for posting to Web sites and to review all information placed on publicly accessible Web sites...

  17. Expanding Protection Motivation Theory: The Role of Individual Experience in Information Security Policy Compliance

    Science.gov (United States)

    Mutchler, Leigh Ann

    2012-01-01

    The purpose of the present study is to make contributions to the area of behavioral information security in the field of Information Systems and to assist in the improved development of Information Security Policy instructional programs to increase the policy compliance of individuals. The role of an individual's experience in the context of…

  18. Information security policies for governmental organisations, the minimum criteria

    CSIR Research Space (South Africa)

    Ngobeni, SJ

    2009-07-01

    Full Text Available and retention of documents. 18) Incident response. The policy discusses issues concerning how an organisation responds quickly and effectively to a system or network security breach [13]. 19) Contingency planning. The policy needs to address contingency... _ 17. Document destruction and retention X _ X X 18. Incident response X X X X 19. Contingency planning X _ X X 20. Telecommuting and mobile computing _ _ X _ 21. Intrusion Detection Systems X X X X From Table 1 it can be detained that not all...

  19. Measuring Efficacy of Information Security Policies : A Case Study of UAE based company

    OpenAIRE

    Qureshi, Muhammad Sohail

    2012-01-01

    Nowadays information security policies are operative in many organizations. Currently few organizations take the pain of verifying the efficacy of these policies. Different standards and procedures exist about methods of measuring efficacy of information security policies. Choosing and implementing them depends mainly on the key performance indicators (KPIs) and key risk indicators (KRIs) of any particular organization. This thesis is a case study of an organization in United Arab Emirates (U...

  20. Information Systems Security Audit

    OpenAIRE

    Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

    2007-01-01

    The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  1. A Quantitative Study on the Relationship of Information Security Policy Awareness, Enforcement, and Maintenance to Information Security Program Effectiveness

    Science.gov (United States)

    Francois, Michael T.

    2016-01-01

    Today's organizations rely heavily on information technology to conduct their daily activities. Therefore, their information security systems are an area of heightened security concern. As a result, organizations implement information security programs to address and mitigate that concern. However, even with the emphasis on information security,…

  2. Evaluating Factors of Security Policy on Information Security Effectiveness in Developing Nations: A Case of Nigeria

    Science.gov (United States)

    Okolo, Nkiru Benjamin

    2016-01-01

    Information systems of today face more potential security infringement than ever before. The regular susceptibility of data to breaches is a function of systems users' disinclination to follow appropriate security measures. A well-secured system maintains integrity, confidentiality, and availability, while providing appropriate and consistent…

  3. Information security in academic libraries: the role of the librarian in planning and introducing institutional policies

    Directory of Open Access Journals (Sweden)

    Juliana Soares Lima

    2017-04-01

    Full Text Available This study presents a short discussion about the role of the librarian as a mediator at planning, developing and implementing an Information Security Policy in Academic Libraries, by working together with professionals in the field of Information Technology. It also discusses the main virtual threats and some risks that are prone to infect computers in libraries. Based on the current legislation and on some normative documents about information security, it is confirmed the importance of the librarian take part in the main decision-making related to information security, such as planning a consistent Information Security Policy which be able to see the specific needs of Academic Libraries as institutions prone to cyberattacks. The main topics and guidelines to carry out an Information Security Policy are presented based on the results that were obtained through an action research, by visiting libraries to fill in application forms and to compose reports whose content was analyzed. Finally, the study concludes that Information Security Policy must be validated by managers of sectors or departments which the Academic Library is hierarchically subordinate to.

  4. Electronic healthcare information security

    CERN Document Server

    Dube, Kudakwashe; Shoniregun, Charles A

    2010-01-01

    The ever-increasing healthcare expenditure and pressing demand for improved quality and efficiency of patient care services are driving innovation in healthcare information management. The domain of healthcare has become a challenging testing ground for information security due to the complex nature of healthcare information and individual privacy. ""Electronic Healthcare Information Security"" explores the challenges of e-healthcare information and security policy technologies. It evaluates the effectiveness of security and privacy implementation systems for anonymization methods and techniqu

  5. National Cyber Security Policy

    Indian Academy of Sciences (India)

    National Cyber Security Policy. Salient Features: Caters to ... Creating a secure cyber ecosystem. Creating an assurance framework. Encouraging Open Standards. Strengthening the Regulatory framework. Creating mechanisms for security threat early warning, vulnerability management and response to security threats.

  6. Policy revision in health enterprise information security: P3WG final report

    Science.gov (United States)

    Sostrom, Kristen; Collmann, Jeff R.

    2003-05-01

    Health information management policies usually address the use of paper records with little or no mention of electronic health records. Information Technology (IT) policies often ignore the health care business needs and operational use of the information stored in its systems. Representatives from the Telemedicine & Advanced Technology Research Center (TATRC), TRICARE and Offices of the Surgeon General of each Military Service, collectively referred to as the Policies, Procedures and Practices Work Group (P3WG) examined military policies and regulations relating to computer-based information systems and medical records management. Using an interdisciplinary and interservice QA approach they compared existing military policies with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to identify gaps and discrepancies. The final report, including a plain English explanation of the individual standards and relevance to the Department of Defense (DoD), a comparative analysis and recommendations, will feed in to the security management process and HIPAA implementation efforts at multiple levels within the DoD. In light of High Reliability Theory, this process models how large enterprises may coordinate policy revision and reform across broad organizational and work domains, building consensus on key policy reforms among military stakeholders across different disciplines, levels of command hierarchy and services.

  7. Analysis of Russian Federation Foreign Policy in the Field of International Information Security

    Directory of Open Access Journals (Sweden)

    Elena S. Zinovieva

    2014-01-01

    Full Text Available Information and communication technologies (ICT play an essential role in the improvement of the quality of life, economic and socio-political of individual countries and humanity in general. However, ICT development is fraught with new challenges and threats to international and national security. Interstate rivalry in the information sphere generates conflicts, an extreme form of which is an information war. Since 1998, the Russian initiative supports the international cooperation on information security at the global and regional level as well as within the framework of the bilateral relations. The article analyzes the characteristics of the global information society, which has a decisive influence on the international security in the information age, as well as international cooperation in this field. The analysis of Russian foreign policy initiatives in the field of international information security is also presented. Today more than 130 countries develop cyber capabilities, both defensive and offensive, that pose serious threats to the international stability. It's difficult to trace the source of information attacks and its consequences can be devastating and cause retaliation, including the use of conventional weapons. In this situation Russian approach, advocating for the development of the rules of conduct of States and demilitarization of information space in order to ensure its safety, seems urgent and relevant with the international situation.

  8. Adoption of an information systems security policy in small and medium sized enterprises.

    Directory of Open Access Journals (Sweden)

    Isabel Maria Lopes

    2017-03-01

    Full Text Available Information Systems Security (ISS is a relevant fact for current organizations. This paper focuses on Small and Medium Sized Enterprises (SMEs. This article aims to constitute an empirical study on the applicability of the Action Research (AR method in information systems, more specifically by assessing the adoption of an ISS policy in six SMEs, and identifying the critical success factors in adopting an ISS policy. The research question we intend to answer is to what extent this research method is adequate to reach the proposed goal. The results of the study suggest that AR is a promising means for the evaluation of ISS policies adoption. It can both act as a research method that improves the understanding about the reasons why the policy has been abandoned, and as a change method, assisting practitioners to overcome barriers and suggesting measures to be implemented.

  9. Defining Information Security.

    Science.gov (United States)

    Lundgren, Björn; Möller, Niklas

    2017-11-15

    This article proposes a new definition of information security, the 'Appropriate Access' definition. Apart from providing the basic criteria for a definition-correct demarcation and meaning concerning the state of security-it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called 'soft issues' of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security-the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.

  10. Information Security

    NARCIS (Netherlands)

    Hartel, Pieter H.; Suryana Herman, Nanna; Leukfeldt, E.R.; Stol, W.Ph.

    2012-01-01

    Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is

  11. Indirect effect of management support on users' compliance behaviour towards information security policies.

    Science.gov (United States)

    Humaidi, Norshima; Balakrishnan, Vimala

    2018-01-01

    Health information systems are innovative products designed to improve the delivery of effective healthcare, but they are also vulnerable to breaches of information security, including unauthorised access, use, disclosure, disruption, modification or destruction, and duplication of passwords. Greater openness and multi-connectedness between heterogeneous stakeholders within health networks increase the security risk. The focus of this research was on the indirect effects of management support (MS) on user compliance behaviour (UCB) towards information security policies (ISPs) among health professionals in selected Malaysian public hospitals. The aim was to identify significant factors and provide a clearer understanding of the nature of compliance behaviour in the health sector environment. Using a survey design and stratified random sampling method, self-administered questionnaires were distributed to 454 healthcare professionals in three hospitals. Drawing on theories of planned behaviour, perceived behavioural control (self-efficacy (SE) and MS components) and the trust factor, an information system security policies compliance model was developed to test three related constructs (MS, SE and perceived trust (PT)) and their relationship to UCB towards ISPs. Results showed a 52.8% variation in UCB through significant factors. Partial least squares structural equation modelling demonstrated that all factors were significant and that MS had an indirect effect on UCB through both PT and SE among respondents to this study. The research model based on the theory of planned behaviour in combination with other human and organisational factors has made a useful contribution towards explaining compliance behaviour in relation to organisational ISPs, with trust being the most significant factor. In adopting a multidimensional approach to management-user interactions via multidisciplinary concepts and theories to evaluate the association between the integrated management

  12. Strategic information security

    CERN Document Server

    Wylder, John

    2003-01-01

    Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

  13. Information Security

    OpenAIRE

    2005-01-01

    Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is trusted to actually handle an asset. Two concepts complement authorisation. Authentication deter-mines who makes a request to handle an asset. To decide who is authorised, a system needs to au-the...

  14. A Quantitative Study on Japanese Internet User's Awareness to Information Security: Necessity and Importance of Education and Policy

    OpenAIRE

    Toshihiko Takemura; Atsushi Umino

    2009-01-01

    In this paper, the authors examine whether or not there Institute for Information and Communications Policy shows are differences of Japanese Internet users awareness to information security based on individual attributes by using analysis of variance based on non-parametric method. As a result, generally speaking, it is found that Japanese Internet users' awareness to information security is different by individual attributes. Especially, the authors verify that the users who received the in...

  15. 76 FR 34761 - Classified National Security Information

    Science.gov (United States)

    2011-06-14

    ... MARINE MAMMAL COMMISSION Classified National Security Information [Directive 11-01] AGENCY: Marine... Commission's (MMC) policy on classified information, as directed by Information Security Oversight Office... of Executive Order 13526, ``Classified National Security Information,'' and 32 CFR part 2001...

  16. Information Security

    National Research Council Canada - National Science Library

    Buddenberg, Rex

    2002-01-01

    ...) "Overarching Wireless Policy"; and presents examples of problems that can occur (e.g., credit card transactions over the internet and the Walker insider attack against the Navy' worldwide communications system...

  17. Cybersecurity via Intermediaries : Analyzing Security Measurements to Understand Intermediary Incentives and Inform Public Policy

    NARCIS (Netherlands)

    Asghari, H.

    2016-01-01

    Research in the field of information security economics has clarified how attacker and defender incentives affect cybersecurity. It has also highlighted the role of intermediaries in strengthening cybersecurity. Intermediaries are organizations and firms that provide the Internet’s infrastructure

  18. A Policy-Based Framework for Preserving Confidentiality in BYOD Environments: A Review of Information Security Perspectives

    Directory of Open Access Journals (Sweden)

    Chalee Vorakulpipat

    2017-01-01

    Full Text Available Today, many organizations allow their employees to bring their own smartphones or tablets to work and to access the corporate network, which is known as a bring your own device (BYOD. However, many such companies overlook potential security risks concerning privacy and confidentiality. This paper provides a review of existing literature concerning the preservation of privacy and confidentiality, with a focus on recent trends in the use of BYOD. This review spans a large spectrum of information security research, ranging from management (risk and policy to technical aspects of privacy and confidentiality in BYOD. Furthermore, this study proposes a policy-based framework for preserving data confidentiality in BYOD. This framework considers a number of aspects of information security and corresponding techniques, such as policy, location privacy, centralized control, cryptography, and operating system level security, which have been omitted in previous studies. The main contribution is to investigate recent trends concerning the preservation of confidentiality in BYOD from the perspective of information security and to analyze the critical and comprehensive factors needed to strengthen data privacy in BYOD. Finally, this paper provides a foundation for developing the concept of preserving confidentiality in BYOD and describes the key technical and organizational challenges faced by BYOD-friendly organizations.

  19. Information security fundamentals

    CERN Document Server

    Peltier, Thomas R

    2013-01-01

    Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise's effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.The book examines the elements of computer security, employee roles and r

  20. Informed policies

    International Development Research Centre (IDRC) Digital Library (Canada)

    INTERNATIONAL DEVELOPMENT RESEARCH CENTRE. Informed ... more evidence-based policy on social ... Community involvement is key to the success of CBMS in reducing poverty. IDRC ... nationwide network of “telecentres” that ... and holidays for young people to use for ... National Conference on Youth led to the.

  1. INFORMATION SYSTEM SECURITY (CYBER SECURITY

    Directory of Open Access Journals (Sweden)

    Muhammad Siddique Ansari

    2016-03-01

    Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers

  2. Information Security Service Branding – beyond information security awareness

    Directory of Open Access Journals (Sweden)

    Rahul Rastogi

    2012-12-01

    Full Text Available End-users play a critical role in the effective implementation and running of an information security program in any organization. The success of such a program depends primarily on the effective implementation and execution of associated information security policies and controls and the resultant behavior and actions of end-users. However, end-users often have negative perception of information security in the organization and exhibit non-compliance. In order to improve compliance levels, it is vital to improve the image of information security in the minds of end-users. This paper borrows the concepts of brands and branding from the domain of marketing to achieve this objective and applies these concepts to information security. The paper also describes a process for creating the information security service brand in the organization.

  3. Information Security Management System toolkit

    OpenAIRE

    Καραμανλής, Μάνος; Karamanlis, Manos

    2016-01-01

    Secure management of information is becoming critical for any organization because information is one of the most valuable assets in organization’s business operations. An Information security management system (ISMS) consists of the policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its information assets. An ISMS is a systematic approach for establishing, implementing, operating, mon...

  4. Security Economics and European Policy

    Science.gov (United States)

    Anderson, Ross; Böhme, Rainer; Clayton, Richard; Moor, Tyler

    In September 2007, we were awarded a contract by the European Network and Information Security Agency (ENISA) to investigate failures in the market for secure electronic communications within the European Union, and come up with policy recommendations. In the process, we spoke to a large number of stakeholders, and held a consultative meeting in December 2007 in Brussels to present draft proposals, which established most had wide stakeholder support. The formal outcome of our work was a detailed report, “Security Economics and the Internal Market”, published by ENISA in March 2008. This paper presents a much abridged version: in it, we present the recommendations we made, along with a summary of our reasoning.

  5. Towards Information Security Awareness

    OpenAIRE

    Marius Petrescu; Delia Mioara Popescu; Nicoleta Sirbu

    2010-01-01

    Information security has come to be recognized as increasingly important because global communication and information systems allow a potentially large number of unauthorized users to access and possibly alter information from around the world. As the dependence on information systems grows, so the security of information networks becomes ever more critical to any entity, no matter if it is a company or a public institution. Information security involves both technology and people. Any securi...

  6. 76 FR 4079 - Information Technology (IT) Security

    Science.gov (United States)

    2011-01-24

    ... Security, consistent with Federal policies for the security of unclassified information and information... Certification Program, and provide a Web site link within a contract clause to a library where contractors can... Security should be addressed through government-wide policies, standards, and requirements. NASA response...

  7. Medical Information Security

    OpenAIRE

    William C. Figg, Ph.D.; Hwee Joo Kam, M.S.

    2011-01-01

    Modern medicine is facing a complex environment, not from medical technology but rather government regulations and information vulnerability. HIPPA is the government’s attempt to protect patient’s information yet this only addresses traditional record handling. The main threat is from the evolving security issues. Many medical offices and facilities have multiple areas of information security concerns. Physical security is often weak, office personnel are not always aware of security needs an...

  8. Secure Communication and Information Exchange using Authenticated Ciphertext Policy Attribute-Based Encryption in Mobile Ad-hoc Network

    Directory of Open Access Journals (Sweden)

    Samsul Huda

    2016-08-01

    Full Text Available MANETs are considered as suitable for commercial applications such as law enforcement, conference meeting, and sharing information in a student classroom and critical services such as military operations, disaster relief, and rescue operations. Meanwhile, in military operation especially in the battlefield in freely medium which naturally needs high mobility and flexibility. Thus, applying MANETs make these networks vulnerable to various types of attacks such aspacket eavesdropping, data disseminating, message replay, message modification, and especially privacy issue. In this paper, we propose a secure communication and information exchange in MANET with considering secure adhoc routing and secure information exchange. Regarding privacy issue or anonymity, we use a reliable asymmetric encryption which protecting user privacy by utilizing insensitive user attributes as user identity, CP-ABE (Ciphertext-Policy Attribute-Based Encryption cryptographic scheme. We also design protocols to implement the proposed scheme for various battlefied scenarios in real evironment using embedded devices. Our experimental results showed that the additional of HMAC (Keyed-Hash Message Authentication Code and AES (Advanced Encryption standard schemes using processor 1.2GHz only take processing time about 4.452 ms,  we can confirm that our approach by using CP-ABE with added HMAC and AES schemes make low overhead.

  9. Security and policy driven computing

    CERN Document Server

    Liu, Lei

    2010-01-01

    Security and Policy Driven Computing covers recent advances in security, storage, parallelization, and computing as well as applications. The author incorporates a wealth of analysis, including studies on intrusion detection and key management, computer storage policy, and transactional management.The book first describes multiple variables and index structure derivation for high dimensional data distribution and applies numeric methods to proposed search methods. It also focuses on discovering relations, logic, and knowledge for policy management. To manage performance, the text discusses con

  10. Information security management handbook

    CERN Document Server

    2002-01-01

    The Information Security Management Handbook continues its tradition of consistently communicating the fundamental concepts of security needed to be a true CISSP. In response to new developments, Volume 4 supplements the previous volumes with new information covering topics such as wireless, HIPAA, the latest hacker attacks and defenses, intrusion detection, and provides expanded coverage on security management issues and applications security. Even those that don't plan on sitting for the CISSP exam will find that this handbook is a great information security reference.The changes in the tech

  11. Information Security - Data Loss Prevention Procedure

    Science.gov (United States)

    The purpose of this procedure is to extend and provide specificity to the Environmental Protection Agency (EPA) Information Security Policy regarding data loss prevention and digital rights management.

  12. Alignment of Organizational Security Policies -- Theory and Practice

    NARCIS (Netherlands)

    Dimkov, T.

    2012-01-01

    To address information security threats, an organization defines security policies that state how to deal with sensitive information. These policies are high-level policies that apply for the whole organization and span the three security domains: physical, digital and social. One example of a

  13. Aspects with Program Analysis for Security Policies

    DEFF Research Database (Denmark)

    Yang, Fan

    Enforcing security policies to IT systems, especially for a mobile distributed system, is challenging. As society becomes more IT-savvy, our expectations about security and privacy evolve. This is usually followed by changes in regulation in the form of standards and legislation. In many cases......, small modification of the security requirement might lead to substantial changes in a number of modules within a large mobile distributed system. Indeed, security is a crosscutting concern which can spread to many business modules within a system, and is difficult to be integrated in a modular way....... This dissertation explores the principles of adding challenging security policies to existing systems with great flexibility and modularity. The policies concerned cover both classical access control and explicit information flow policies. We built our solution by combining aspect-oriented programming techniques...

  14. Information security cost management

    CERN Document Server

    Bazavan, Ioana V

    2006-01-01

    While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner.Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book demonstrates how to design the best security strategy with the resources you have available. Organized into five sections, the book-Focuses on setting the right road map so that you can be most effective in your information security implementationsDiscusses cost-effective staffing, the single biggest expense to the security organizationPresents practical ways to build and manage the documentation that details strategy, provides resources for operating annual audits, and illustrates how to advertise accomplishments to senior management effectivelyI...

  15. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2003-01-01

    Since 1993, the Information Security Management Handbook has served not only as an everyday reference for information security practitioners but also as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination. Now completely revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a complete understanding of all the items in it. This is a ...must have... book, both for preparing for the CISSP exam and as a c

  16. Information security employee handbook: November 2010

    OpenAIRE

    2013-01-01

    This handbook is a quick reference guide to some of the most important points of the London 2012 information security policy. This information security handbook outlines the policies that all staff, secondees, volunteers and certain third parties who process LOCOG information must comply with.

  17. 77 FR 76076 - Information Security Oversight Office; State, Local, Tribal, and Private Sector Policy Advisory...

    Science.gov (United States)

    2012-12-26

    ..., Tribal, and Private Sector Policy Advisory Committee (SLTPS-PAC) AGENCY: National Archives and Records... made for the committee meeting of the State, Local, Tribal, and Private Sector Policy Advisory..., Local, Tribal, and Private Sector Entities. DATES: The meeting will be held on January 30, 2013, 10:00 a...

  18. 76 FR 67484 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2011-11-01

    ... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... made for the following committee meeting to discuss National Industrial Security Program policy matters...

  19. 76 FR 28099 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2011-05-13

    ... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... made for the following committee meeting to discuss National Industrial Security Program policy matters...

  20. 76 FR 6636 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2011-02-07

    ... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... made for the following committee meeting. To discuss National Industrial Security Program policy...

  1. ITIL® and information security

    International Nuclear Information System (INIS)

    Jašek, Roman; Králík, Lukáš; Popelka, Miroslav

    2015-01-01

    This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework

  2. Information security management principles

    CERN Document Server

    Taylor, Andy; Finch, Amanda; Sutton, David; Taylor, Andy

    2013-01-01

    In today's technology-driven environment, there is an ever-increasing demand for information delivery. A compromise has to be struck between security and availability. This book is a pragmatic guide to information assurance for both business professionals and technical experts. This second edition includes the security of cloud-based resources.

  3. Cyber security policy guidebook

    CERN Document Server

    Bayuk, nifer L; Rohmeyer, l; Sachs, cus; Schmidt, frey; Weiss, eph

    2012-01-01

    This book is a taxonomy and thesaurus of current cybersecurity policy issues, including a thorough description of each issue and a corresponding list of pros and cons with respect to identified stances on each issue. It documents policy alternatives for the sake of clarity with respect to policy alone, and dives into organizational implementation issues. Without using technical jargon, the book emphasizes the importance of critical and analytical thinking when making policy decisions.  It also equips the reader with descriptions of the impact of specific policy ch

  4. Human security policy challenges

    Directory of Open Access Journals (Sweden)

    Andrew Morton

    2008-10-01

    Full Text Available All evidence points towards climate- and environmentallyinduced migration becoming one of the major policychallenges of this century. Adequate planning for andmanagement of this phenomenon will be critical forhuman security.

  5. Information-educational Portal MEPHIST: a Security Policy at Access Differentiation to Objects

    Directory of Open Access Journals (Sweden)

    A. I. Guseva

    2010-09-01

    Full Text Available The article is devoted to working out of an information-educational portal for National Research Nuclear University “MEPhI”, executed within the limits of realization “Innovative programs of engineering-physical education for a new stage of development of a nuclear science and the industry”of the priority national project “Education”. The basic attention is given to requirements of information safety.

  6. Analyzing Security-Enhanced Linux Policy Specifications

    National Research Council Canada - National Science Library

    Archer, Myla

    2003-01-01

    NSA's Security-Enhanced (SE) Linux enhances Linux by providing a specification language for security policies and a Flask-like architecture with a security server for enforcing policies defined in the language...

  7. The Shaping of Managers' Security Objectives through Information Security Awareness Training

    Science.gov (United States)

    Harris, Mark A.

    2010-01-01

    Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…

  8. Informing National Food and Water Security Policy through Water Footprint Assessment: the Case of Iran

    Directory of Open Access Journals (Sweden)

    Fatemeh Karandish

    2017-10-01

    Full Text Available Iran’s focus on food self-sufficiency has led to an emphasis on increasing water volumes available for irrigation with little attention to water use efficiency, and no attention at all to the role of consumption and trade. To better understand the development of water consumption in relation to food production, consumption, and trade, we carried out the first comprehensive water footprint assessment (WFA for Iran, for the period 1980–2010, and estimated the water saving per province associated with interprovincial and international crop trade. Based on the AquaCrop model, we estimated the green and blue water footprint (WF related to both the production and consumption of 26 crops, per year and on a daily basis, for 30 provinces of Iran. We find that, in the period 1980–2010, crop production increased by 175%, the total WF of crop production by 122%, and the blue WF by 20%. The national population grew by 92%, and the crop consumption per capita by 20%, resulting in a 130% increase in total food consumption and a 110% increase in the total WF of national crop consumption. In 2010, 26% of the total water consumption in the semi-arid region served the production of crops for export to other regions within Iran (mainly cereals or abroad (mainly fruits and nuts. Iran’s interprovincial virtual water trade grew by a factor of 1.6, which was mainly due to increased interprovincial trade in cereals, nuts, and fruits. Current Iranian food and water policy could be enriched by reducing the WFs of crop production to certain benchmark levels per crop and climatic region and aligning cropping patterns to spatial differences in water availability and productivities, and by paying due attention to the increasing food consumption per capita in Iran.

  9. When Information Improves Information Security

    Science.gov (United States)

    Grossklags, Jens; Johnson, Benjamin; Christin, Nicolas

    This paper presents a formal, quantitative evaluation of the impact of bounded-rational security decision-making subject to limited information and externalities. We investigate a mixed economy of an individual rational expert and several naïve near-sighted agents. We further model three canonical types of negative externalities (weakest-link, best shot and total effort), and study the impact of two information regimes on the threat level agents are facing.

  10. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2006-01-01

    Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Application Program Security. Cryptography. Computer, System, and Security Architecture. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigation and Ethics. Physical Security.

  11. Information Warfare, Threats and Information Security

    Directory of Open Access Journals (Sweden)

    Dmitriy Nikolaevich Bespalov

    2014-01-01

    Full Text Available The article presents the opposite, but dependent on each other's reality - Revolutionary War information,information security goals and objectives of their study within the scheme "challenge-response", methodological and analytical support, the role of elites and the information society in promoting information security. One of the features of contemporaneityis the global spread of ICT, combined with poor governance and other difficulties in the construction of innovation infrastructures that are based on them in some countries. This leads to the reproduction of threats, primarily related to the ability to use ICT for purposes that are inconsistent with the objectives of maintaining international peace and security, compliance with the principles of non-use of force, non-interference in the internal affairs of states, etc. In this regard, include such terms as "a threat of information warfare", "information terrorism" and so forth. Information warfare, which stay in the policy declared the struggle for existence, and relationships are defined in terms of "friend-enemy", "ours-foreign". Superiority over the opponent or "capture of its territory" is the aim of political activity. And information security, serving activities similar process of political control, including a set of components, is a technology until their humanitarian. From the context and the decision itself is the ratio of the achieved results of information and political influence to the target - a positive image of Russia. Bringing its policy in line with the demands of a healthy public opinion provides conductivity of theauthorities initiatives in the country and increases the legitimacy of the Russian Federation actions in the world.

  12. Security classification of information

    Energy Technology Data Exchange (ETDEWEB)

    Quist, A.S.

    1993-04-01

    This document is the second of a planned four-volume work that comprehensively discusses the security classification of information. The main focus of Volume 2 is on the principles for classification of information. Included herein are descriptions of the two major types of information that governments classify for national security reasons (subjective and objective information), guidance to use when determining whether information under consideration for classification is controlled by the government (a necessary requirement for classification to be effective), information disclosure risks and benefits (the benefits and costs of classification), standards to use when balancing information disclosure risks and benefits, guidance for assigning classification levels (Top Secret, Secret, or Confidential) to classified information, guidance for determining how long information should be classified (classification duration), classification of associations of information, classification of compilations of information, and principles for declassifying and downgrading information. Rules or principles of certain areas of our legal system (e.g., trade secret law) are sometimes mentioned to .provide added support to some of those classification principles.

  13. 75 FR 65526 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2010-10-25

    ... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office..., announcement is made for the following committee meeting, to discuss National Industrial Security Program...

  14. US-Africa Security Policy

    DEFF Research Database (Denmark)

    Møller, Nicolai Stahlfest

    This paper will discuss the United States security policy towards Africa based on the National Security Strategy from 2006 and the founding of US Africa Command, the new military combatant command that is supposed to unify US military efforts on the African continent. The paper will discuss whether...... AFRICOM and US actions in Africa could be seen as a true (newfound) American interest in Africa or whether actions that are considered low-key and low-budget in Washington are to be regarded as a true asymmetry because African states regard US action as important and significant. The paper will explain...

  15. Development and analysis of security policies in security enhanced Android

    OpenAIRE

    Rimando, Ryan A.

    2012-01-01

    Approved for public release; distribution is unlimited. This thesis examines Security Enhanced Android. Both its policy and its additional security features are explored. The policy is examined in depth, providing a better understanding of the security provided by SE Android. We analyze the default SE Android policy. We identify a potential weakness and change the policy to facilitate control over communication channels. A proof-of-concept set of applications is developed to demonstrate ho...

  16. Energy security and national policy

    International Nuclear Information System (INIS)

    Martin, W.F.

    1987-01-01

    To achieve an energy secure future, energy cannot be viewed as an isolated concern. It is part and parcel of a nation's economic, social, and political context. In the past important implications for the economy and national security have been ignored. Crash programs to deal with oil shortages in the seventies, crashed. In the eighties, oil surplus has been enjoyed. The energy situation could be quite different in the nineties. Statistics on energy supply and consumption of oil, coal, natural gas and electricity from nuclear power show that much progress has been made worldwide. However, about half of the world's oil will come from the Persian Gulf by 1995. Continued low oil prices could raise US imports to 60% of consumption by 1995. Persian Gulf tensions serve as reminders of the link between energy policy and national security policy. Energy policy must be based on market forces and concerns for national security. Strategic oil reserves will expand along with the availability of domestic oil and gas resources. Increased attention to conservation, diversification of energy resources, and use of alternative fuels can help reduce imports. Continued high-risk long term research and development is needed. Improved technology can reduce environmental impacts. Global markets need global cooperation. Energy has emerged as an important aspect of East-West relations. Europeans need to diversify their sources of energy. The soviets have proposed expanded collaboration in magnetic fusion science. A series of initiatives are proposed that together will ensure that economies will not become overly dependent on a single source of energy

  17. 78 FR 9431 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2013-02-08

    ... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and Records... meeting to discuss National Industrial Security Program policy matters. DATES: The meeting will be held on...

  18. 78 FR 38077 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2013-06-25

    ... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office [NARA-13-0030] National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and... following committee meeting to discuss National Industrial Security Program policy matters. DATES: The...

  19. 78 FR 64024 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2013-10-25

    ... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office [NARA-2014-001] National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and... following committee meeting to discuss National Industrial Security Program policy matters. DATES: The...

  20. 77 FR 63893 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2012-10-17

    ... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and Records... meeting to discuss National Industrial Security Program policy matters. DATES: The meeting will be held on...

  1. Security Policy Alignment: A Formal Approach

    NARCIS (Netherlands)

    Pieters, Wolter; Dimkov, T.; Pavlovic, Dusko

    2013-01-01

    Security policy alignment concerns the matching of security policies specified at different levels in socio-technical systems, and delegated to different agents, technical and human. For example, the policy that sales data should not leave an organization is refined into policies on door locks,

  2. The Personal Information Security Assistant

    NARCIS (Netherlands)

    Kegel, Roeland Hendrik,Pieter

    The human element is often found to be the weakest link in the information security chain. The Personal Information Security Assistant project aims to address this by improving the privacy and security awareness of end-users and by aligning the user's personal IT environment to the user's security

  3. How the Russian Federation Uses the Informational Instrument of National Power to Influence the Republic of Moldovas Strategic Security Policy

    Science.gov (United States)

    2017-06-09

    describes what media and special techniques Russia uses to influence its target audience in Moldova. The final step outlines the effects of the Russian... social , economic and security problems, is vulnerable to the Russian Federation’s information influence . However, that does not mean that the Republic...of national power. Commonly, these three terms cover actions, activities, symbols, thoughts, beliefs, and media that an actor uses to influence public

  4. [Information security in health care].

    Science.gov (United States)

    Ködmön, József; Csajbók, Zoltán Ernő

    2015-07-05

    Doctors, nurses and other medical professionals are spending more and more time in front of the computer, using applications developed for general practitioners, specialized care, or perhaps an integrated hospital system. The data they handle during healing and patient care are mostly sensitive data and, therefore, their management is strictly regulated. Finding our way in the jungle of laws, regulations and policies is not simple. Notwithstanding, our lack of information does not waive our responsibility. This study summarizes the most important points of international recommendations, standards and legal regulations of the field, as well as giving practical advices for managing medical and patient data securely and in compliance with the current legal regulations.

  5. 32 CFR 2400.45 - Information Security Program Review.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Program Review. 2400.45... SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45 Information Security Program Review. (a) The Director, OSTP, shall require an annual formal review of the OSTP...

  6. Security Information System Digital Simulation

    OpenAIRE

    Tao Kuang; Shanhong Zhu

    2015-01-01

    The study built a simulation model for the study of food security information system relay protection. MATLAB-based simulation technology can support the analysis and design of food security information systems. As an example, the food security information system fault simulation, zero-sequence current protection simulation and transformer differential protection simulation are presented in this study. The case studies show that the simulation of food security information system relay protect...

  7. Information Security Maturity Model

    OpenAIRE

    Information Security Maturity Model

    2011-01-01

    To ensure security, it is important to build-in security in both the planning and the design phases andadapt a security architecture which makes sure that regular and security related tasks, are deployedcorrectly. Security requirements must be linked to the business goals. We identified four domains thataffect security at an organization namely, organization governance, organizational culture, thearchitecture of the systems, and service management. In order to identify and explore the strengt...

  8. Information security principles and practice

    CERN Document Server

    Stamp, Mark

    2011-01-01

    Now updated-your expert guide to twenty-first century information security Information security is a rapidly evolving field. As businesses and consumers become increasingly dependent on complex multinational information systems, it is more imperative than ever to protect the confidentiality and integrity of data. Featuring a wide array of new information on the most current security issues, this fully updated and revised edition of Information Security: Principles and Practice provides the skills and knowledge readers need to tackle any information security challenge. Taking a pract

  9. Information Assurance Security in the Information Environment

    CERN Document Server

    Blyth, Andrew

    2006-01-01

    Intended for IT managers and assets protection professionals, this work aims to bridge the gap between information security, information systems security and information warfare. It covers topics such as the role of the corporate security officer; Corporate cybercrime; Electronic commerce and the global marketplace; Cryptography; and, more.

  10. 77 FR 12623 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2012-03-01

    ... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and Records... discuss National [[Page 12624

  11. Information Support of Foreign Policy

    Directory of Open Access Journals (Sweden)

    Olga A. Melnikova

    2015-01-01

    Full Text Available Informatization and modern information technologies cover the most various areas of social, spiritual and material human life and have become the dominating globalization factor with major impact on world events. Modern international relations present new challenges and threats ofcross-border nature, which fall within the area of information security. This brings issues of informational influence on international policy to the fore. In this context the question of improvement and modernization of policy instruments for more effective use of modern means of implementation of foreign policy priorities, including information support of international activities, achieves fundamental importance. Given the complexity of modern international relations and tasks facing foreign affairs departments, diplomatic success in many cases depends onthe efficiency of information support. The article analyses current objectives and methods of information support of foreign policy in the context of modern Russian legislation. The author examines the approach of the Information and Press Department of the Russian Ministryof Foreign Affairs,a subdivision responsible for information support and international cooperation in the media sphere. The article specifies the key role of new information technologies for informing the audience expeditiously and to the full extent in regard to Russian approaches to the solution of international problems, foreign policy initiatives and actions of the Russian Federation, and for counteracting attempts to discredit Russian foreign policy.

  12. Implementing an Information Security Program

    Energy Technology Data Exchange (ETDEWEB)

    Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.; O' Neil, Lori Ross; Leitch, Rosalyn; Johnson, Christopher; Lewis, John G.; Rodger, Robert M.

    2017-11-01

    The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to cover information security best practices, planning for an information security management system, and implementing security controls for information security.

  13. Information security becoming a priority for utilities

    Energy Technology Data Exchange (ETDEWEB)

    Nicolaides, S. [Numerex, Atlanta, GA (United States)

    2009-10-15

    As part of North America's national critical infrastructure, utilities are finding themselves at the forefront of a security issue. In October 2007, a leading security service provider reported a 90 per cent increase in the number of hackers attempting to attack its utility clients in just one year. Utilities are vulnerable to cyber attacks that could disrupt power production and the transmission system. This article discussed the need for intelligent technologies in securely enabling resource management and operational efficiency of the utilities market. It discussed the unique security challenges that utilities face at a time of greater regulatory activity, heightened environmental concerns, tighter data security requirements and an increasing need for remote monitoring and control. A new tool has emerged for cyber security in the form of an international standard that may offer a strong guideline to work toward 11 security domains. These include security policy; organization of information security; asset management; human resources security; physical and environmental security; communications and operations management; access control; information systems acquisition; development and maintenance; information security incident management; business continuity management; and compliance. 2 figs.

  14. Iran's Security Policy in the Post-Revolutionary Era

    National Research Council Canada - National Science Library

    Byman, Daniel

    2001-01-01

    This report assesses Iran's security policy. It examines broad drivers of Iran's security policy, describes important security institutions, explores decisionmaking, and reviews Iran's relations with key countries...

  15. Audit for Information Systems Security

    Directory of Open Access Journals (Sweden)

    Ana-Maria SUDUC

    2010-01-01

    Full Text Available The information and communication technologies advances made available enormous and vast amounts of information. This availability generates also significant risks to computer systems, information and to the critical operations and infrastructures they support. In spite of significant advances in the information security area many information systems are still vulnerable to inside or outside attacks. The existence of an internal audit for information system security increases the probability of adopting adequate security measures and preventing these attacks or lowering the negative consequences. The paper presents an exploratory study on informatics audit for information systems security.

  16. 32 CFR 154.42 - Evaluation of personnel security information.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 1 2010-07-01 2010-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

  17. Network Paradigm of Information Security

    Directory of Open Access Journals (Sweden)

    Alexandr Diomidovich Afanasyev

    2016-03-01

    Full Text Available An issue of topological analysis has been claimed as a key one while creating robust and secure network systems. Some examples of complex network applications in information security domain have been cited.

  18. A Security Audit Framework to Manage Information System Security

    Science.gov (United States)

    Pereira, Teresa; Santos, Henrique

    The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

  19. 75 FR 39582 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2010-07-09

    ... Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office..., announcement is made for a meeting of the National Industrial Security Program Policy Advisory Committee. The meeting will be held to discuss National Industrial Security Program policy matters. DATES: The meeting...

  20. Outsourcing information security

    CERN Document Server

    Axelrod, Warren

    2004-01-01

    This comprehensive and timely resource examines security risks related to IT outsourcing, clearly showing you how to recognize, evaluate, minimize, and manage these risks. Unique in its scope, this single volume offers you complete coverage of the whole range of IT security services and fully treats the IT security concerns of outsourcing. The book helps you deepen your knowledge of the tangible and intangible costs and benefits associated with outsourcing IT and IS functions.

  1. Generating WS-SecurityPolicy documents via security model transformation

    DEFF Research Database (Denmark)

    Jensen, Meiko

    2009-01-01

    When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriat...... security model definition and transformation approach, targeting the WS-SecurityPolicy and WS-BPEL specifications, in order to enable a Web-Service-based secure business process development.......When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriate...

  2. Teaching RFID Information Systems Security

    Science.gov (United States)

    Thompson, Dale R.; Di, Jia; Daugherty, Michael K.

    2014-01-01

    The future cyber security workforce needs radio frequency identification (RFID) information systems security (INFOSEC) and threat modeling educational materials. A complete RFID security course with new learning materials and teaching strategies is presented here. A new RFID Reference Model is used in the course to organize discussion of RFID,…

  3. Communications and information infrastructure security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Communication and Information Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering strategies for protecting the telecommunications sector, wireless security, advanced web based technology for emergency situations. Science and technology for critical infrastructure consequence mitigation are also discussed.

  4. Research on network information security model and system construction

    OpenAIRE

    Wang Haijun

    2016-01-01

    It briefly describes the impact of large data era on China’s network policy, but also brings more opportunities and challenges to the network information security. This paper reviews for the internationally accepted basic model and characteristics of network information security, and analyses the characteristics of network information security and their relationship. On the basis of the NIST security model, this paper describes three security control schemes in safety management model and the...

  5. To The Question Of The Concepts "National Security", "Information Security", "National Information Security" Meanings

    OpenAIRE

    Alexander A. Galushkin

    2015-01-01

    In the present article author analyzes value of the concepts "national security", "information security", "national information security". Author gives opinions of scientists-jurists, definitions given by legislators and normotvorets in various regulations.

  6. INFORMATION SECURITY MANAGEMENT IN ORGANIZATIONS

    OpenAIRE

    Ndungu , Maryanne; Kandel, Sushila

    2015-01-01

    In today's globally interconnected economy, information security has become one of the most complex issues of concern at the world's leading organizations. The capital value of information is significantly increasing and forming a large part of the shareholder value due to increased dependence on information. Organizations that want to achieve competitive advantage amongst other goals have information security at the centre of their concerns. It is now evident that information is a busin...

  7. Information risk and security modeling

    Science.gov (United States)

    Zivic, Predrag

    2005-03-01

    This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

  8. Information security foundations, technologies and applications

    CERN Document Server

    Awad, Ali Ismail; Fairhurst, Michael

    2018-01-01

    This book outlines key emerging trends in information security from the foundations and technologies in biometrics, cybersecurity, and big data security to applications in hardware and embedded systems security, computer forensics, the Internet of Things security, and network security.

  9. Managing information technology security risk

    Science.gov (United States)

    Gilliam, David

    2003-01-01

    Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

  10. INFORMATION SECURITY IN LOGISTICS COOPERATION

    Directory of Open Access Journals (Sweden)

    Tomasz Małkus

    2015-03-01

    Full Text Available Cooperation of suppliers of raw materials, semi-finished products, finished products, wholesalers, retailers in the form of the supply chain, as well as outsourcing of specialized logistics service require ensuring adequate support of information. It concerns the use of appropriate computer tools. The security of information in such conditions of collaboration becomes the important problem for parties of contract. The objective of the paper is to characterize main issues relating to security of information in logistics cooperation.

  11. Information technology - Security techniques - Information security management systems - Requirements

    CERN Document Server

    International Organization for Standardization. Geneva

    2005-01-01

    ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

  12. Trust in Security-Policy Enforcement Mechanisms

    National Research Council Canada - National Science Library

    Schneider, Fred B; Morrisett, Greg

    2006-01-01

    .... but provides the strong security guarantees of modern languages such as Java. A second avenue of language-based work explored a general class of policy enforcement mechanism based on in-line reference monitors (IRM...

  13. Guide to National Security Policy and Strategy

    National Research Council Canada - National Science Library

    Bartholomees, Jr, J. B

    2006-01-01

    ...: Theory of War and Strategy and National Security Policy and Strategy. The result for this book is the expansion of the block on strategic theory and the introduction of a block on specific strategic issues...

  14. Verification of Security Policy Enforcement in Enterprise Systems

    Science.gov (United States)

    Gupta, Puneet; Stoller, Scott D.

    Many security requirements for enterprise systems can be expressed in a natural way as high-level access control policies. A high-level policy may refer to abstract information resources, independent of where the information is stored; it controls both direct and indirect accesses to the information; it may refer to the context of a request, i.e., the request’s path through the system; and its enforcement point and enforcement mechanism may be unspecified. Enforcement of a high-level policy may depend on the system architecture and the configurations of a variety of security mechanisms, such as firewalls, host login permissions, file permissions, DBMS access control, and application-specific security mechanisms. This paper presents a framework in which all of these can be conveniently and formally expressed, a method to verify that a high-level policy is enforced, and an algorithm to determine a trusted computing base for each resource.

  15. Information Security and the Internet.

    Science.gov (United States)

    Doddrell, Gregory R.

    1996-01-01

    As business relies less on "fortress" style central computers and more on distributed systems, the risk of disruption increases because of inadequate physical security, support services, and site monitoring. This article discusses information security and why protection is required on the Internet, presents a best practice firewall, and…

  16. Many-to-Many Information Flow Policies

    DEFF Research Database (Denmark)

    Baldan, Paolo; Beggiato, Alessandro; Lluch Lafuente, Alberto

    2017-01-01

    Information flow techniques typically classify information according to suitable security levels and enforce policies that are based on binary relations between individual levels, e.g., stating that information is allowed to flow from one level to another. We argue that some information flow...... of competing agencies might agree to disclose their secrets, with individual disclosures being undesired, etc. Motivated by this we propose a simple language for expressing information flow policies where the usual admitted flow relation between individual security levels is replaced by a relation between sets...... of security levels, thus allowing to capture coordinated flows of information. The flow of information is expressed in terms of causal dependencies and the satisfaction of a policy is defined with respect to an event structure that is assumed to capture the causal structure of system computations. We suggest...

  17. Computer and information security handbook

    CERN Document Server

    Vacca, John R

    2012-01-01

    The second edition of this comprehensive handbook of computer and information security provides the most complete view of computer security and privacy available. It offers in-depth coverage of security theory, technology, and practice as they relate to established technologies as well as recent advances. It explores practical solutions to many security issues. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors' respective areas of expertise. The book is organized into 10 parts comprised of 70 contributed

  18. Japan's National Security: Structures, norms, and policies

    International Nuclear Information System (INIS)

    Katzenstein, P.J.; Okawara, N.

    1993-01-01

    Japan's national security policy has two distinctive aspects that deserve analysis. First, Japan's definition of national security goes far beyond traditional military notions. National security is viewed in comprehensive terms that also include economic and political dimensions. The second feature of Japan's security policy worth explanation is a distinctive mixture of flexibility and rigidity in the process of policy adaptation to change: flexibility on issues of economic security, rigidity on issues of military security, and flexibility combined with rigidity on issues of political security. With the end of the Cold War and changes in the structure of the international system, it is only natural that we ask whether and how Japan's national security policy will change as well. Optimists insist that the Asian balance of power and the US-Japan relationship will make Japan aspire to be a competitive, noninterventionist trading state that heeds the universal interest of peace and profit rather than narrow aspirations for national power. Pessimists warn us instead that the new international system will finally confirm Herman Kahn's prediction of 1970: Japan will quickly change to the status of a nuclear superpower, spurred perhaps by what some see as a dangerous rise of Japanese militarism in the 1970s and 1980s

  19. Federal Information Security and Data Breach Notification Laws

    Science.gov (United States)

    2009-01-29

    The following report describes information security and data breach notification requirements included in the Privacy Act, the Federal Information...information for unauthorized purposes. Data breach notification laws typically require covered entities to implement a breach notification policy, and...Feinstein), S. 495 (Leahy), and S. 1178 (Inouye)--were reported favorably out of Senate committees. Those bills include information security and data

  20. Conducting an information security audit

    Directory of Open Access Journals (Sweden)

    Prof. Ph.D . Gheorghe Popescu

    2008-05-01

    Full Text Available The rapid and dramatic advances in information technology (IT in recent years have withoutquestion generated tremendous benefits. At the same time, information technology has created significant,nunprecedented risks to government and to entities operations. So, computer security has become muchmore important as all levels of government and entities utilize information systems security measures toavoid data tampering, fraud, disruptions in critical operations, and inappropriate disclosure of sensitiveinformation. Obviously, uses of computer security become essential in minimizing the risk of malicious attacksfrom individuals and groups, considering that there are many current computer systems with onlylimited security precautions in place.As we already know financial audits are the most common examinations that a business manager en-counters.This is a familiar area for most executives: they know that financial auditors are going to examine the financial records and how those records are used. They may even be familiar with physical securityaudits. However, they are unlikely to be acquainted with information security audits; that is an audit ofhow the confidentiality, availability and integrity of an organization’s information are assured. Any way,if not, they should be, especially that an information security audit is one of the best ways to determine thesecurity of an organization’s information without incurring the cost and other associated damages of a securityincident.

  1. Health Information Security in Hospitals: the Application of Security Safeguards.

    Science.gov (United States)

    Mehraeen, Esmaeil; Ayatollahi, Haleh; Ahmadi, Maryam

    2016-02-01

    A hospital information system has potentials to improve the accessibility of clinical information and the quality of health care. However, the use of this system has resulted in new challenges, such as concerns over health information security. This paper aims to assess the status of information security in terms of administrative, technical and physical safeguards in the university hospitals. This was a survey study in which the participants were information technology (IT) managers (n=36) who worked in the hospitals affiliated to the top ranked medical universities (university A and university B). Data were collected using a questionnaire. The content validity of the questionnaire was examined by the experts and the reliability of the questionnaire was determined using Cronbach's coefficient alpha (α=0.75). The results showed that the administrative safeguards were arranged at a medium level. In terms of the technical safeguards and the physical safeguards, the IT managers rated them at a strong level. According to the results, among three types of security safeguards, the administrative safeguards were assessed at the medium level. To improve it, developing security policies, implementing access control models and training users are recommended.

  2. Graphs for information security control in software defined networks

    Science.gov (United States)

    Grusho, Alexander A.; Abaev, Pavel O.; Shorgin, Sergey Ya.; Timonina, Elena E.

    2017-07-01

    Information security control in software defined networks (SDN) is connected with execution of the security policy rules regulating information accesses and protection against distribution of the malicious code and harmful influences. The paper offers a representation of a security policy in the form of hierarchical structure which in case of distribution of resources for the solution of tasks defines graphs of admissible interactions in a networks. These graphs define commutation tables of switches via the SDN controller.

  3. Security Policy and Developments in Central Asia : Security Documents Compared with Security Challenges

    NARCIS (Netherlands)

    Haas, de M.

    2016-01-01

    This article examines the security policy of the Central Asian (CA) states, by comparing theory (security documents) with practice (the actual security challenges). The lack of CA regional (security) cooperation and authoritarian rule puts political and economic stability at stake. The internal and

  4. Methods of Organizational Information Security

    Science.gov (United States)

    Martins, José; Dos Santos, Henrique

    The principle objective of this article is to present a literature review for the methods used in the security of information at the level of organizations. Some of the principle problems are identified and a first group of relevant dimensions is presented for an efficient management of information security. The study is based on the literature review made, using some of the more relevant certified articles of this theme, in international reports and in the principle norms of management of information security. From the readings that were done, we identified some of the methods oriented for risk management, norms of certification and good practice of security of information. Some of the norms are oriented for the certification of the product or system and others oriented to the processes of the business. There are also studies with the proposal of Frameworks that suggest the integration of different approaches with the foundation of norms focused on technologies, in processes and taking into consideration the organizational and human environment of the organizations. In our perspective, the biggest contribute to the security of information is the development of a method of security of information for an organization in a conflicting environment. This should make available the security of information, against the possible dimensions of attack that the threats could exploit, through the vulnerability of the organizational actives. This method should support the new concepts of "Network centric warfare", "Information superiority" and "Information warfare" especially developed in this last decade, where information is seen simultaneously as a weapon and as a target.

  5. Energy supply security and foreign policy

    International Nuclear Information System (INIS)

    2006-05-01

    The title memo has been sent to the Dutch Lower House. This memo reflects the response of the cabinet to the advice on Energetic Foreign Policy of the Dutch Advisory Council on International Affairs (AIV) and the Dutch Energy Council (AER). Moreover, the development of foreign policy with respect to energy supply security is depicted. [mk] [nl

  6. Improving Information Security Risk Management

    Science.gov (United States)

    Singh, Anand

    2009-01-01

    manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…

  7. Information Security and Integrity Systems

    Science.gov (United States)

    1990-01-01

    Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

  8. Security policies and trust in ubiquitous computing.

    Science.gov (United States)

    Joshi, Anupam; Finin, Tim; Kagal, Lalana; Parker, Jim; Patwardhan, Anand

    2008-10-28

    Ubiquitous environments comprise resource-constrained mobile and wearable devices and computational elements embedded in everyday artefacts. These are connected to each other using both infrastructure-based as well as short-range ad hoc networks. Limited Internet connectivity limits the use of conventional security mechanisms such as public key infrastructures and other forms of server-centric authentication. Under these circumstances, peer-to-peer interactions are well suited for not just information interchange, but also managing security and privacy. However, practical solutions for protecting mobile devices, preserving privacy, evaluating trust and determining the reliability and accuracy of peer-provided data in such interactions are still in their infancy. Our research is directed towards providing stronger assurances of the reliability and trustworthiness of information and services, and the use of declarative policy-driven approaches to handle the open and dynamic nature of such systems. This paper provides an overview of some of the challenges and issues, and points out directions for progress.

  9. The European Security and Defence Policy

    DEFF Research Database (Denmark)

    Adler-Nissen, Rebecca

    2009-01-01

    The European Security and Defence Policy (ESDP), which is the operational military and civilian dimension of the Common Foreign and Security Policy (CFSP), is today one of the most dynamic areas of the European Union. However, it is only recently that the EU has acquired explicit military decision....... The Union is thus gradually emerging as an important player on the international scene, with a strategic vision, as well as diplomatic, civilian and military crisis-management instruments that complement the existing economic, commercial, humanitarian and development policies on which the EU has hitherto...... built its reputation as a ‘soft power'. Despite its rapid development, many still regard the EU as weak and ineffi cient when it comes to security and defence policy. Moreover, the EU struggles with internal divisions and has a strained relationship with NATO. Nonetheless, there are good reasons...

  10. 75 FR 28777 - Information Collection; Financial Information Security Request Form

    Science.gov (United States)

    2010-05-24

    ... Collection; Financial Information Security Request Form AGENCY: Forest Service, USDA. ACTION: Notice; Request... currently approved information collection; Financial Information Security Request Form. DATES: Comments must... Standard Time, Monday through Friday. SUPPLEMENTARY INFORMATION: Title: Financial Information Security...

  11. From the Weakest Link to the Best Defense: Exploring the Factors That Affect Employee Intention to Comply with Information Security Policies

    Science.gov (United States)

    Aurigemma, Salvatore

    2013-01-01

    Information and information systems have become embedded in the fabric of contemporary organizations throughout the world. As the reliance on information technology has increased, so too have the threats and costs associated with protecting organizational information resources. To combat potential information security threats, organizations rely…

  12. Development of an Internet Security Policy for health care establishments.

    Science.gov (United States)

    Ilioudis, C; Pangalos, G

    2000-01-01

    The Internet provides unprecedented opportunities for interaction and data sharing among health care providers, patients and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality and integrity of information. This paper defines the basic security requirements that must be addressed in order to use the Internet to safely transmit patient and/or other sensitive Health Care information. It describes a suitable Internet Security Policy for Health Care Establishments and provides the set of technical measures that are needed for its implementation. The proposed security policy and technical approaches have been based on an extensive study of the related recommendations from the security and standard groups both in EU amid USA and our related work and experience. The results have been utilized in the framework of the Intranet Health Clinic project, where the use of the Internet for the transmission of sensitive Health Care information is of vital importance.

  13. Energy security of supply under EU climate policies

    International Nuclear Information System (INIS)

    Groenenberg, H.; Wetzelaer, B.J.H.W.

    2006-12-01

    The implications of various climate policies for the security of supply in the EU-25 were investigated. The security of supply was quantified using the Supply/Demand (S/D) Index. This index aggregates quantitative information on a country's energy system into one single figure. It takes a value between 0 and 100, with higher values indicating a more secure energy system. The S/D Index was calculated for the year 2020 based on the information in a series of policy scenarios, including a baseline (S/D Index 50.7), an energy efficiency scenario (53.8), two renewable energy scenarios (52.6 and 53.3) and two scenarios with combined policies (55.9 and 55.6).The S/D Index proved a useful indicator for assessing the implications of climate policies for the security of supply. As climate policies become more stringent, CO2 index fall, and the S/D index increases. The magnitude of the changes in the two indices is not always similar however. Major falls in CO2 indices in the order of 20% for two scenarios with combined energy efficiency and renewable energy polices lead to less noteworthy improvements in the associated S/D indices. Nevertheless, this combination of policies leads to the greatest improvements in the security of supply

  14. Energy security and climate policy. Assessing interactions

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    2007-03-28

    World energy demand is surging. Oil, coal and natural gas still meet most global energy needs, creating serious implications for the environment. One result is that CO2 emissions, the principal cause of global warming, are rising. This new study underlines the close link between efforts to ensure energy security and those to mitigate climate change. Decisions on one side affect the other. To optimise the efficiency of their energy policy, OECD countries must consider energy security and climate change mitigation priorities jointly. The book presents a framework to assess interactions between energy security and climate change policies, combining qualitative and quantitative analyses. The quantitative analysis is based on the development of energy security indicators, tracking the evolution of policy concerns linked to energy resource concentration. The 'indicators' are applied to a reference scenario and CO2 policy cases for five case-study countries: The Czech Republic, France, Italy, the Netherlands, and the United Kingdom. Simultaneously resolving energy security and environmental concerns is a key challenge for policy makers today. This study helps chart the course.

  15. Developing Scalable Information Security Systems

    Directory of Open Access Journals (Sweden)

    Valery Konstantinovich Ablekov

    2013-06-01

    Full Text Available Existing physical security systems has wide range of lacks, including: high cost, a large number of vulnerabilities, problems of modification and support system. This paper covers an actual problem of developing systems without this list of drawbacks. The paper presents the architecture of the information security system, which operates through the network protocol TCP/IP, including the ability to connect different types of devices and integration with existing security systems. The main advantage is a significant increase in system reliability, scalability, both vertically and horizontally, with minimal cost of both financial and time resources.

  16. Theoretical foundations of information security investment security companies

    Directory of Open Access Journals (Sweden)

    G.V. Berlyak

    2015-03-01

    Full Text Available Methodological problems related to the lack of guidance in the provisions (standards of accounting on the reflection in the accounting and financial reporting of the research object. In this connection, it is proposed to amend the provisions (standards of accounting. This will allow to come to the consistency of accounting methods of operations with elements of investment activity. Based on analysis of the information needs of users suggested indicators identikativnye blocks (block corporate finance unit assess the relationship with financial institutions, block the fulfillment of obligations according to the calculations, the investment unit, a science and innovation, investment security and developed forms of internal accounting controls and improvements to existing forms financial statements for the investment activities of the enterprise. Using enterprise data reporting forms provide timely and reliable information on the identity and structure of investment security and enable the company to effectively plan and develop personnel policies for enterprise management.

  17. Directed Security Policies: A Stateful Network Implementation

    Directory of Open Access Journals (Sweden)

    Cornelius Diekmann

    2014-05-01

    Full Text Available Large systems are commonly internetworked. A security policy describes the communication relationship between the networked entities. The security policy defines rules, for example that A can connect to B, which results in a directed graph. However, this policy is often implemented in the network, for example by firewalls, such that A can establish a connection to B and all packets belonging to established connections are allowed. This stateful implementation is usually required for the network's functionality, but it introduces the backflow from B to A, which might contradict the security policy. We derive compliance criteria for a policy and its stateful implementation. In particular, we provide a criterion to verify the lack of side effects in linear time. Algorithms to automatically construct a stateful implementation of security policy rules are presented, which narrows the gap between formalization and real-world implementation. The solution scales to large networks, which is confirmed by a large real-world case study. Its correctness is guaranteed by the Isabelle/HOL theorem prover.

  18. US oil policy and energy security

    International Nuclear Information System (INIS)

    Noel, P.

    2002-05-01

    Although the energy dependence reached its historical maximum and will continue to increase for the next 20 years, the USA keep their oil policy. For the economist this policy is reasonable because of the poor room for the US imports reduction costs. To explain these conclusions the author discusses on the following topics: the links between the oil dependence and the energy security, the oil policy after Reagan, the oil policy evolution - or no evolution - facing the increasing dependency and the Cheney report. (A.L.B.)

  19. Food security policies in India and China

    DEFF Research Database (Denmark)

    Yu, Wusheng; Elleby, Christian; Zobbe, Henrik

    2015-01-01

    dependence on price-based measures causes relatively larger and more volatile fiscal burdens, thereby likely making it more vulnerable in dealing with similar events in the future. These findings have important implications for food policy and food security in the two countries in the future.......Food insecurity is a much more serious concern in India than China. In addition to income and poverty differences, we argue in this paper that differences in food policies can further explain the different food security outcomes across the two countries. First, India mostly uses price-based input...

  20. THE SECURITY AUDIT WITHIN INFORMATION SYSTEMS

    OpenAIRE

    Dan Constantin TOFAN

    2011-01-01

    The information security audit is definitely a tool for determining, achieving, and maintaining a proper level of security in an organization. This article offers a comprehensive review of the world's most popular standards related to information systems security audit.

  1. Aspects regarding the implementation of information security standards in organizations

    Directory of Open Access Journals (Sweden)

    Mihai Bârsan

    2017-03-01

    Full Text Available Information security is one of the major challenges of the information and knowledge based society. The preoccupation of organizations to ensure the security of information in the digital environment has led to the emergence of specific standards in the field. Thus, ISO 27000 brings together reference standards in the field. Starting from ISO 27001, which summarizes policies and procedures on physical, legal and technological security risks, this paper looks at the steps the organization must undertake to implement the standards.

  2. Cyber security awareness toolkit for national security: an approach to South Africa's cyber security policy implementation

    CSIR Research Space (South Africa)

    Phahlamohlaka, LJ

    2011-05-01

    Full Text Available The aim of this paper is to propose an approach that South Africa could follow in implementing its proposed cyber security policy. The paper proposes a Cyber Security Awareness Toolkit that is underpinned by key National Security imperatives...

  3. Information security management with ITIL V3

    CERN Document Server

    Cazemier, Jacques A; Peters, Louk

    2010-01-01

    This groundbreaking new title looks at Information Security from defining what security measures positively support the business, to implementation to maintaining the required level and anticipating required changes. It covers:Fundamentals of information security ? providing readers insight and give background about what is going to be managed. Topics covered include: types of security controls, business benefits and the perspectives of business, customers, partners, service providers, and auditors.Fundamentals of management of information security - explains what information security manageme

  4. Security Force Assistance: Cases and Policy

    Science.gov (United States)

    2018-02-02

    theory , cases, and policy implications presented. 3 Methods, Assumptions, and Procedures The analytical narrative method was used to test the...underlying theory --developed separately as a principal-agent model with capacity building in the DwP project. These two cases were chosen as part...the following implications for U.S. national security policy: o Use aid to create incentives , especially via conditionality. Avoid apolitical

  5. Updating energy security and environmental policy: Energy security theories revisited.

    Science.gov (United States)

    Proskuryakova, L

    2018-06-18

    The energy security theories are based on the premises of sufficient and reliable supply of fossil fuels at affordable prices in centralized supply systems. Policy-makers and company chief executives develop energy security strategies based on the energy security theories and definitions that dominate in the research and policy discourse. It is therefore of utmost importance that scientists revisit these theories in line with the latest changes in the energy industry: the rapid advancement of renewables and smart grid, decentralization of energy systems, new environmental and climate challenges. The study examines the classic energy security concepts (neorealism, neoliberalism, constructivism and international political economy) and assesses if energy technology changes are taken into consideration. This is done through integrative literature review, comparative analysis, identification of 'international relations' and 'energy' research discourse with the use of big data, and case studies of Germany, China, and Russia. The paper offers suggestions for revision of energy security concepts through integration of future technology considerations. Copyright © 2018 Elsevier Ltd. All rights reserved.

  6. Information Security Risk Assessment in Hospitals.

    Science.gov (United States)

    Ayatollahi, Haleh; Shagerdi, Ghazal

    2017-01-01

    To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies.

  7. Modelling mobility aspects of security policies

    NARCIS (Netherlands)

    Hartel, Pieter H.; van Eck, Pascal; Etalle, Sandro; Wieringa, Roelf J.; Barthe, G.; Burdy, L.; Huisman, Marieke; Lanet, J.-L.; Muntean, T.

    Security policies are rules that constrain the behaviour of a system. Different, largely unrelated sets of rules typically govern the physical and logical worlds. However, increased hardware and software mobility forces us to consider those rules in an integrated fashion. We present SPIN models of

  8. Information security : the moving target

    CSIR Research Space (South Africa)

    Dlamini, MT

    2009-01-01

    Full Text Available -product to an integral part of business operations (Conner and Coviello, 2004). This paper gives an overview of the following: � Where did information security come from? (the past) � How did it get to where it is today? (the present) � In what direction... operators were permitted to use these computers. Other users would submit their jobs to the operator through protected slots (batch processing). The key security issue during this era was ensuring that only the privileged computer operator (one user one...

  9. Xenon Formal Security Policy Model

    Science.gov (United States)

    2007-08-14

    munication primitives such as locks or semaphores , machine instruction results, hypercall results, traps, and interrupts. For an informal example...communicated on the corresponding side of the parallel oper- ator. Events that are in X ∪ Y are synchronized over the two processes. So if we define

  10. Building Land Information Policies

    DEFF Research Database (Denmark)

    Enemark, Stig

    2004-01-01

    The paper presents a conceptual understanding in the areas of Cadastre, Land Administration, and Land Management as a basis for building adequate land information policies. To develop this understanding the paper looks at each area as a system or an infrastructure designed for handling specific...... of measurement science, spatial information, management, and land management. (2) To establish national professional associations which accommodate a modern interdisciplinary profile. (3) To assess the capacity needs in land administration and to develop the capacity needed at societal, institutional...... and personal level.    (4) To establish appropriate institutional and organisational infrastructures to manage the integration of topographic mapping and cadastral information into a coherent land administration system for sustainable development. The paper aims to establish the basic understanding for dealing...

  11. The Flask Security Architecture: System Support for Diverse Security Policies

    Science.gov (United States)

    2006-01-01

    Flask microkernel -based operating sys­ tem, that successfully overcomes these obstacles to pol- icy flexibility. The cleaner separation of mechanism and...other object managers in the system to en- force those access control decisions. Although the pro­ totype system is microkernel -based, the security...mecha­ nisms do not depend on a microkernel architecture and will easily generalize beyond it. The resulting system provides policy flexibility. It sup

  12. Engineering Information Security The Application of Systems Engineering Concepts to Achieve Information Assurance

    CERN Document Server

    Jacobs, Stuart

    2011-01-01

    Information security is the act of protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction. This book discusses why information security is needed and how security problems can have widespread impacts. It covers the complete security lifecycle of products and services, starting with requirements and policy development and progressing through development, deployment, and operations, and concluding with decommissioning. Professionals in the sciences, engineering, and communications fields will turn to this resource to understand the many legal,

  13. Invalidating Policies using Structural Information

    DEFF Research Database (Denmark)

    Kammuller, Florian; Probst, Christian W.

    2013-01-01

    by invalidating policies using structural information of the organisational model. Based on this structural information and a description of the organisation's policies, our approach invalidates the policies and identifies exemplary sequences of actions that lead to a violation of the policy in question. Based...... on these examples, the organisation can identify real attack vectors that might result in an insider attack. This information can be used to refine access control system or policies....

  14. Analysing Information Systems Security In Higher Learning Institutions Of Uganda

    OpenAIRE

    Mugyenyi Raymond

    2017-01-01

    Information communication technology has increased globalisation in higher learning institution all over the world. This has been achieved through introduction of systems that ease operations related to information handling in the institutions. The paper assessed and analysed the information systems security performance status in higher learning institutions of Uganda. The existing policies that govern the information security have also been analysed together with the current status of inform...

  15. Study on defensive security concepts and policies

    International Nuclear Information System (INIS)

    1993-01-01

    The report begins by describing the background against which the proposal for the study emerged-the welcome developments brought about by the end of the cold war but also the emergence of new threats and the reappearance of long-standing problems. The study proceeds to examine current trends in the international security environment and how they may influence the peaceful settlement of dispute and the effecting of restraint and a defensive orientation in the development, maintenance and use of armed forces. A discussion of the substance and main features of defensive security concepts and policies follows. Existing studies and models designed to eliminate the offensive character of military force postures by effecting a defensive orientation of capabilities are surveyed. In addition, the study discusses political and military aspects of defensive security, pointing out how defensive security differs from those existing models

  16. Pragmatic security metrics applying metametrics to information security

    CERN Document Server

    Brotby, W Krag

    2013-01-01

    Other books on information security metrics discuss number theory and statistics in academic terms. Light on mathematics and heavy on utility, PRAGMATIC Security Metrics: Applying Metametrics to Information Security breaks the mold. This is the ultimate how-to-do-it guide for security metrics.Packed with time-saving tips, the book offers easy-to-follow guidance for those struggling with security metrics. Step by step, it clearly explains how to specify, develop, use, and maintain an information security measurement system (a comprehensive suite of metrics) to

  17. Audit Characteristics for Information System Security

    OpenAIRE

    Marius POPA; Mihai DOINEA

    2007-01-01

    The paper presents the main aspects regarding the development of the information security and assurance of their security. The information systems, standards and audit processes definitions are offered. There are presented the most important security standards used in information system security assessment

  18. Information security of Smart Factories

    Science.gov (United States)

    Iureva, R. A.; Andreev, Y. S.; Iuvshin, A. M.; Timko, A. S.

    2018-05-01

    In several years, technologies and systems based on the Internet of things (IoT) will be widely used in all smart factories. When processing a huge array of unstructured data, their filtration and adequate interpretation are a priority for enterprises. In this context, the correct representation of information in a user-friendly form acquires special importance, for which the market today presents advanced analytical platforms designed to collect, store and analyze data on technological processes and events in real time. The main idea of the paper is the statement of the information security problem in IoT and integrity of processed information.

  19. European Union security policy through strategic culture

    Directory of Open Access Journals (Sweden)

    Beriša Hatidža

    2014-01-01

    Full Text Available In this paper, we shall pay attention to the security policy of the European Union, through the strategic culture, starting from the existing various options for cooperation in the field of security and defense. Our goal is to look at the implementation of the Strategic Culture of the European Union (EU SK, research ways to improve the international position of the Union and its impact on policy cooperation and trust with other collectives. Analysis of flexible cooperation between the European Union, as well as access to special procedures in the field of security and defense policy, we will follow the ambition and capacity in implementing the same. Paper aims to introduce the idea of the European Union, which allows its members to rationally consider and check the box of options available to decision makers. In this regard, the EU seeks to build its own armed forces to protect the association of interests-investment terms. Reviewing and understanding the strategic culture of the EU by countries that are not its members can be seen as reasons for strengthening the capacity of the Union for the realization of the impact of the global security as well as predicting its future steps.

  20. Detailed Information Security in Cloud Computing

    OpenAIRE

    Pavel Valerievich Ivonin

    2013-01-01

    The object of research in this article is technology of public clouds, structure and security system of clouds. Problems of information security in clouds are considered, elements of security system in public clouds are described.

  1. Is Seeing Believing? Training Users on Information Security: Evidence from Java Applets

    Science.gov (United States)

    Ayyagari, Ramakrishna; Figueroa, Norilyz

    2017-01-01

    Information Security issues are one of the top concerns of CEOs. Accordingly, information systems education and research have addressed security issues. One of the main areas of research is the behavioral issues in Information Security, primarily focusing on users' compliance to information security policies. We contribute to this literature by…

  2. Cartographic Communication and Information Policy.

    Science.gov (United States)

    van de Waal, E. Hans

    Trends in information policy are discussed as they impact on cartographic information, stressing particularly the relationships between cartographic communication, documentation, and policy making. Distinction is made between cartographic communication as a subject for information policy and cartographic communication as an expedient in public…

  3. Database and applications security integrating information security and data management

    CERN Document Server

    Thuraisingham, Bhavani

    2005-01-01

    This is the first book to provide an in-depth coverage of all the developments, issues and challenges in secure databases and applications. It provides directions for data and application security, including securing emerging applications such as bioinformatics, stream information processing and peer-to-peer computing. Divided into eight sections, each of which focuses on a key concept of secure databases and applications, this book deals with all aspects of technology, including secure relational databases, inference problems, secure object databases, secure distributed databases and emerging

  4. Relationship between stakeholders' information value perception and information security behaviour

    Science.gov (United States)

    Tajuddin, Sharul; Olphert, Wendy; Doherty, Neil

    2015-02-01

    The study, reported in this paper, aims to explore the relationship between the stakeholders' perceptions about the value of information and their resultant information security behaviours. Moreover, this study seeks to explore the role of national and organisational culture in facilitating information value assignment. Information Security is a concept that formed from the recognition that information is valuable and that there is a need to protect it. The ISO 27002 defines information as an asset, which, like other important business assets, is essential to an organisation's business and consequently needs to be appropriately protected. By definition, an asset has a value to the organisation hence it requires protection. Information protection is typically accomplished through the implementation of countermeasures against the threats and vulnerabilities of information security, for example, implementation of technological processes and mechanisms such as firewall and authorization and authentication systems, set-up of deterrence procedures such as password control and enforcement of organisational policy on information handling procedures. However, evidence routinely shows that despite such measures, information security breaches and incidents are on the rise. These breaches lead to loss of information, personal records, or other data, with consequent implications for the value of the information asset. A number of studies have suggested that such problems are not related primarily to technology problems or procedural deficiencies, but rather to stakeholders' poor compliance with the security measures that are in place. Research indicates that compliance behaviour is affected by many variables including perceived costs and benefits, national and organisational culture and norms. However, there has been little research to understand the concept of information value from the perspective of those who interact with the data, and the consequences for information

  5. Visa Security Policy: Roles of the Departments of State and Homeland Security

    Science.gov (United States)

    2011-06-30

    Cong., 2nd sess., April 20, 1950. 13 8 U.S.C. 1104 . 14 8 U.S.C. 1201. AILA InfoNet Doc. No. 11071267. (Posted 07/12/11) Visa Security Policy...Biometric 2-print fingerprint system (IDENT); and Advanced Passenger Information System ( APIS ). They also have access to selected legacy- INS automated

  6. Modeling Security-Enhanced Linux Policy Specifications for Analysis (Preprint)

    National Research Council Canada - National Science Library

    Archer, Myla; Leonard, Elizabeth; Pradella, Matteo

    2003-01-01

    Security-Enhanced (SE) Linux is a modification of Linux initially released by NSA in January 2001 that provides a language for specifying Linux security policies and, as in the Flask architecture, a security server...

  7. Encyclopedia of Information Ethics and Security

    Directory of Open Access Journals (Sweden)

    Reviewed by Yavuz AKBULUT

    2008-01-01

    andcommunication technologies provided in the source can help educationaladministrators and policy-makers. Table of contents along with the names ofcontributors are provided below: 3D Avatars and Collaborative Virtual Environments/Koon-Ying Raymond Li,James Sofra, and Mark Power Access Control for Healthcare/Yifeng Shen Advertising in the Networked Environment/Savvas Papagiannidis and MichaelBourlakis Anonymous Peer-to-Peer Systems/Wenbing Zhao Argumentation and Computing/Ephraim Nissan Argumentation with Wigmore Charts and Computing/Ephraim Nissan Artificial Intelligence Tools for Handling Legal Evidence/Ephraim Nissan Barriers Facing African American Women in Technology/Jianxia Du, George H.Pate, Deneen Sherrod, and Wei-Chieh Yu B-POS Secure Mobile Payment System/Antonio Grillo, Alessandro Lentini, andGianluigi Me Building Secure and Dependable Information Systems/Wenbing Zhao Classifying Articles in Information Ethics and Security/Zack Jourdan, R. KellyRainer Jr., and Thomas E. Marshall Computational Ethics/Alicia I. Ruvinsky Computer Ethics and Intelligent Technologies/Yefim Kats Computer Worms, Detection, and Defense/Robert J. Cole and Chao-Hsien Chu Conflicting Value of Digital Music Piracy/Matthew Butler Content Filtering Methods for Internet Pornography/Jengchung V. Chen andShaoYu F. Huang Cyber-Terrorism in Australia/Christopher Beggs Data Security and Chase/Zbigniew W. Ras and Seunghyun Im Defending against Distributed Denial of Service/Yang Xiang and Wanlei Zhou Digital Divide Implications and Trends/Irene Chen and Terry T. Kidd Digital Rights Management Metadata and Standards/Jo Anne Cote and Eun G.Park235 Dilemmas of Online Identity Theft/Omer Mahmood Document Security in the Ancient World/Christopher H. Walker DRM Practices in the E-Publication Industry/Bong Wee Kiau and NorshuhadaShiratuddin Educational Technology Practitioner-Research Ethics/Kathleen Gray E-Health and Ensuring Quality

  8. Information Security Management in Context of Globalization

    OpenAIRE

    Wawak, Slawomir

    2012-01-01

    Modern information technologies are the engine of globalization. At the same time, the global market influences the way of looking at information security. Information security thus becomes an increasingly important field. The article discuses the results of research on information security management systems in public administration in Poland.

  9. Enhancing Food Security through Information and Communication ...

    International Development Research Centre (IDRC) Digital Library (Canada)

    ... national food security, and prior approval of the government's National Food Security and Nutrition Policy 2006-2015. In alignment with these governmental commitments, this project will enable researchers to provide policymakers with practical and sustainable solutions that directly respond to national food security goals ...

  10. Canadian Government Electronic Information Policy.

    Science.gov (United States)

    Nilsen, Kirsti

    1993-01-01

    Examines development and evolution of Canadian government information policy in response to issues of preservation of data, information industry involvement in government data development and marketing, role of Crown copyright, and public access to government information in electronic formats. Six key information policy instruments are also…

  11. An Agile Enterprise Regulation Architecture for Health Information Security Management

    Science.gov (United States)

    Chen, Ying-Pei; Hsieh, Sung-Huai; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

    2010-01-01

    Abstract Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital. PMID:20815748

  12. An agile enterprise regulation architecture for health information security management.

    Science.gov (United States)

    Chen, Ying-Pei; Hsieh, Sung-Huai; Cheng, Po-Hsun; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

    2010-09-01

    Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital.

  13. Optimal Aide Security Information Search (OASIS)

    National Research Council Canada - National Science Library

    Kapadia, Chetna

    2005-01-01

    The purpose of the Optimal AIDE Security Information Search (OASIS) effort was to investigate and prototype a tool that can assist the network security analyst in collecting useful information to defend the networks they manage...

  14. Internet security information system implement method

    International Nuclear Information System (INIS)

    Liu Baoxu; Mei Jie; Xu Rongsheng; An Dehai; Yu Mingjian; Chen Xiangyang; Zheng Peng

    1999-01-01

    On the basis of analysis of the key elements that will affect the Internet Security Information System, the author takes UNIX Operating System as an example, and provides the important stages that must be considered when implementing the Internet Security Information System. An implemental model of the Internet Security Information System is given

  15. 76 FR 10262 - Information Security Program

    Science.gov (United States)

    2011-02-24

    ... FEDERAL MARITIME COMMISSION 46 CFR Part 503 [Docket No. 11-01] RIN 3072-AC40 Information Security... (FMC or Commission) amends its regulations relating to its Information Security Program to reflect the changes implemented by Executive Order 13526--Classified National Security Information--that took effect...

  16. 76 FR 62630 - Information Security Regulations

    Science.gov (United States)

    2011-10-11

    ... CENTRAL INTELLIGENCE AGENCY 32 CFR Part 1902 Information Security Regulations AGENCY: Central... information security regulations which have become outdated. The Executive Order upon which the regulations... CFR Part 1902 Information security regulations. PART 1902 [REMOVED AND RESERVED] Sec. 1902.13 [Removed...

  17. Physical protection educational program - information security aspects

    International Nuclear Information System (INIS)

    Tolstoy, A.

    2002-01-01

    Full text: Conceptual approaches for designing an expert training program on object physical protection taking into account information security aspects are examined. A special educational course does not only address the immediate needs for an educational support but also ensures that new professionals include new concepts and knowledge in their practice and encourages current practitioners towards such practice. Features of the modern physical protection systems (PPS) and classification of information circulating at them are pointed out. The requirements to the PPS information protection subsystem are discussed. During the PPS expert training on information security (IS) aspects they should receive certain knowledge, on the basis of which they could competently define and carry out the PPS IS policy for a certain object. Thus, it is important to consider minimally necessary volume of knowledge taught to the PPS experts for independent and competent implementation of the above listed tasks. For the graduate PPS IS expert training it is also necessary to examine the normative and legal acts devoted to IS as a whole and the PPS IS in particular. It is caused by necessity of conformity of methods and information protection tools implemented on a certain object to the federal and departmental IS requirements. The departmental normative IS requirements define an orientation of the PPS expert training. By curriculum development it is necessary to precisely determine for whom the PPS experts are taught. The curriculum should reflect common features of the PPS functioning of the certain object type, i.e. it should be adapted to a certain customer of the experts. The specified features were taken into account by development of an educational course 'Information security of the nuclear facility physical protection systems', taught at the Moscow Engineering Physics Institute (State University) according to the Russian-American educational program 'Master in Physical

  18. Invalidating Policies using Structural Information

    DEFF Research Database (Denmark)

    Kammuller, Florian; Probst, Christian W.

    2014-01-01

    by invalidating policies using structural information of the organisational model. Based on this structural information and a description of the organisation’s policies, our approach invalidates the policies and identifies exemplary sequences of actions that lead to a violation of the policy in question. Based...... on these examples, the organisation can identify real attack vectors that might result in an insider attack. This information can be used to refine access control systems or policies. We provide case studies showing how mechanical verification tools, i.e. modelchecking with MCMAS and interactive theorem proving...

  19. Ethical Hacking in Information Security Curricula

    Science.gov (United States)

    Trabelsi, Zouheir; McCoey, Margaret

    2016-01-01

    Teaching offensive security (ethical hacking) is becoming a necessary component of information security curricula with a goal of developing better security professionals. The offensive security components extend curricula beyond system defense strategies. This paper identifies and discusses the learning outcomes achieved as a result of hands-on…

  20. Incentive Issues in Information Security Management

    Science.gov (United States)

    Lee, Chul Ho

    2012-01-01

    This dissertation studies three incentive issues in information security management. The first essay studies contract issues between a firm that outsources security functions and a managed security service provider (MSSP) that provides security functions to the firm. Since MSSP and firms cannot observe each other's actions, both can suffer…

  1. Security Price Informativeness with Delegated Traders

    OpenAIRE

    Gary Gorton; Ping He; Lixin Huang

    2010-01-01

    Trade in securities markets is conducted by agents acting for principals, using "mark-to-market" contracts whereby performance is assessed using security market prices. We endogenize contract choices, information production, informed trading, and security price informativeness. But there is a contract externality. Prices are informative only because other principals induce their agents to trade based on privately produced information. The agent-traders then have an incentive to coordinate and...

  2. Security Engine Management of Router based on Security Policy

    OpenAIRE

    Su Hyung Jo; Ki Young Kim; Sang Ho Lee

    2007-01-01

    Security management has changed from the management of security equipments and useful interface to manager. It analyzes the whole security conditions of network and preserves the network services from attacks. Secure router technology has security functions, such as intrusion detection, IPsec(IP Security) and access control, are applied to legacy router for secure networking. It controls an unauthorized router access and detects an illegal network intrusion. This paper re...

  3. Nuclear Cyber Security Issues and Policy Recommendations

    International Nuclear Information System (INIS)

    Lee, Cheol-Kwon; Lee, Dong-Young; Lee, Na-Young; Hwang, Young-Soo

    2015-01-01

    The cyber-attack against computer systems causes the loss of function which brings about the big economic loss, and it becomes a national-wide issue. In recent days the cyber threat has occurred in the national critical infrastructure around the world. In the nuclear industry, while discussing responses to various threats against nuclear facilities since 2006, cyber-terrorism was also discussed. But at that time, cyber-attacks against control networks in nuclear facilities were not seriously considered because those networks were isolated from the Internet thoroughly and it was evaluated that cyber penetration would not be possible. However Stuxnet worm virus which attacked Iran's nuclear facilities confirmed that the cyber security problem could occur even in other nuclear facilities. The facilities were isolated from the Internet. After the cyber incident, we began to discuss the topic of NPP cyber security. It is very difficult to predict whether or when or how the cyber-attack will be occurred, which is a characteristic of cyber-attack. They could be always detected only after when an incident had occurred. This paper summarizes the report, 'Nuclear Cyber Security Issues and Policy Recommendations' by issue committee in the Korea Nuclear Society, which reviewed the cyber security framework for nuclear facilities in the Republic of Korea being established to prevent nuclear facilities from cyber-attacks and to respond systematically. As a result this paper proposes several comments to improve the security and furthermore safety of nuclear facilities Digital technology will be used more widely at the national critical infrastructure including nuclear facilities in the future, and moreover wireless technologies and mobile devices will be soon introduced to nuclear industry. It is therefore anticipated that the rapid advance in digital technology will accelerate the opportunity of hacking these facilities

  4. Nuclear Cyber Security Issues and Policy Recommendations

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Cheol-Kwon; Lee, Dong-Young [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of); Lee, Na-Young; Hwang, Young-Soo [Korea Institute of Nuclear Nonproliferation and Control, Daejeon (Korea, Republic of)

    2015-10-15

    The cyber-attack against computer systems causes the loss of function which brings about the big economic loss, and it becomes a national-wide issue. In recent days the cyber threat has occurred in the national critical infrastructure around the world. In the nuclear industry, while discussing responses to various threats against nuclear facilities since 2006, cyber-terrorism was also discussed. But at that time, cyber-attacks against control networks in nuclear facilities were not seriously considered because those networks were isolated from the Internet thoroughly and it was evaluated that cyber penetration would not be possible. However Stuxnet worm virus which attacked Iran's nuclear facilities confirmed that the cyber security problem could occur even in other nuclear facilities. The facilities were isolated from the Internet. After the cyber incident, we began to discuss the topic of NPP cyber security. It is very difficult to predict whether or when or how the cyber-attack will be occurred, which is a characteristic of cyber-attack. They could be always detected only after when an incident had occurred. This paper summarizes the report, 'Nuclear Cyber Security Issues and Policy Recommendations' by issue committee in the Korea Nuclear Society, which reviewed the cyber security framework for nuclear facilities in the Republic of Korea being established to prevent nuclear facilities from cyber-attacks and to respond systematically. As a result this paper proposes several comments to improve the security and furthermore safety of nuclear facilities Digital technology will be used more widely at the national critical infrastructure including nuclear facilities in the future, and moreover wireless technologies and mobile devices will be soon introduced to nuclear industry. It is therefore anticipated that the rapid advance in digital technology will accelerate the opportunity of hacking these facilities.

  5. Ethical aspects of information security and privacy

    NARCIS (Netherlands)

    Brey, Philip A.E.; Petkovic, Milan; Jonker, Willem

    2007-01-01

    This chapter reviews ethical aspects of computer and information security and privacy. After an introduction to ethical approaches to information technology, the focus is first on ethical aspects of computer security. These include the moral importance of computer security, the relation between

  6. Developing an Undergraduate Information Systems Security Track

    Science.gov (United States)

    Sharma, Aditya; Murphy, Marianne C.; Rosso, Mark A.; Grant, Donna

    2013-01-01

    Information Systems Security as a specialized area of study has mostly been taught at the graduate level. This paper highlights the efforts of establishing an Information Systems (IS) Security track at the undergraduate level. As there were many unanswered questions and concerns regarding the Security curriculum, focus areas, the benefit of…

  7. 78 FR 5116 - NASA Information Security Protection

    Science.gov (United States)

    2013-01-24

    ... 2700-AD61 NASA Information Security Protection AGENCY: National Aeronautics and Space Administration..., projects, plans, or protection services relating to the national security; or (h) The development... implement the provisions of Executive Order (E.O.) 13526, Classified National Security Information, and...

  8. reputation Risks through Information Security Incidents

    Directory of Open Access Journals (Sweden)

    Vitaly Eduardovich Dorokhov

    2014-05-01

    Full Text Available The article deals with accounting reputational risks arising through information security breaches in the management of a business entity. Security breach incidents which results to the loss of reputation are identified. Based on this analysis the definition of reputational risk in information security is given.

  9. Convergence of Corporate and Information Security

    OpenAIRE

    Syed; Rahman, M.; Donahue, Shannon E.

    2010-01-01

    As physical and information security boundaries have become increasingly blurry many organizations are experiencing challenges with how to effectively and efficiently manage security within the corporate. There is no current standard or best practice offered by the security community regarding convergence; however many organizations such as the Alliance for Enterprise Security Risk Management (AESRM) offer some excellent suggestions for integrating a converged security program. This paper rep...

  10. 78 FR 73819 - Information Collection; Financial Information Security Request Form

    Science.gov (United States)

    2013-12-09

    ... DEPARTMENT OF AGRICULTURE Forest Service Information Collection; Financial Information Security..., Financial Information Security Request Form. DATES: Comments must be received in writing on or before... Information Security Request Form. OMB Number: 0596-0204. Expiration Date of Approval: 02/28/2014. Type of...

  11. Policy Makers, Information and Learning.

    Science.gov (United States)

    Beers, Pieter J.; van Asselt, Marjolein B. A.; Vermunt, Jan D.; Kirschner, Paul A.

    2003-01-01

    Interviews explored the information needs of seven Dutch policymakers dealing with global sustainability. They sought information on cultural perspectives and linkages. Information gathering emphasized filtering to find specific information. Most used an application-oriented working style that, combined with policy-driven information seeking, was…

  12. STUDY ON COMPANY SECURITY POLICIES FROM DIGITAL MEDIA

    Directory of Open Access Journals (Sweden)

    CRISTINA-MARIA RĂDULESCU

    2015-12-01

    Full Text Available The Internet development has brought both new opportunities and risks for either retailers or consumers. For example, electronic commerce is much faster and less expensive, but this openness makes it difficult to secure. People are aware of the fact that online businesses collecting, process and distribute enormous amounts of personal data and therefore, are concerned about their unauthorized use or their use in other purposes than intended by third parties in order to gain unauthorized access to them. There are more examples of cyber criminal activities, such as: hacking, software piracy, passwords attack, service prohibition attacks, scamming, etc. Such fears led to the editing of protection policies meant to secure personal data and to develop some mechanisms to ensure the reliability and confidentiality of electronic information. Security measures include access control devices, installation of firewalls and intrusion detection devices, of some security procedures to identify and authenticate authorized users of network systems. Such mechanisms constitute the core of this study. We will also analyze security and confidentiality policy of personal data of Google Inc.

  13. Information technology security system engineering methodology

    Science.gov (United States)

    Childs, D.

    2003-01-01

    A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.

  14. 32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

    Science.gov (United States)

    2010-07-01

    ... Information Security Oversight Office. 2400.19 Section 2400.19 National Defense Other Regulations Relating to... SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19 Declassification by the Director of the Information Security Oversight Office. If the Director of the Information...

  15. The Firewall and Security of Information Systems

    OpenAIRE

    Radut Carmen; Albici Mihaela; Tenovici Cristina Otilia

    2010-01-01

    Information security is a broader concept which refers to ensuring the integrity, confidentiality and availability of information. The dynamics of information technology to induce new risks to which organizations must implement new measures of control. Technological development has been accompanied by security solutions, equipment manufacturers and applications including technical methods of protection performance. However, while in information technology change is exponential, the human comp...

  16. Security of Nuclear Information. Implementing Guide

    International Nuclear Information System (INIS)

    2015-01-01

    This publication provides guidance on implementing the principle of confidentiality and on the broader aspects of information security (i.e. integrity and availability). It assists States in bridging the gap between existing government and industry standards on information security, the particular concepts and considerations that apply to nuclear security and the special provisions and conditions that exist when dealing with nuclear material and other radioactive material. Specifically it seeks to assist states in the identification, classification, and assignment of appropriate security controls to information that could adversely impact nuclear security if compromised

  17. Information security and business continuity in Tecnatom

    International Nuclear Information System (INIS)

    Fernandez de Miguel, C.

    2013-01-01

    Information security is a key issue for companies that manage and process nuclear business related data. Availability of information systems as well as new data exchange facilities through simple and broad communication networks are the pillars of cooperation between different organizations, generating significant savings in costs and expanding the capacity to minimeze them. In this regard, information security is one of the major challenges for IT departments. This articles presents Tecnatoms experience in the Information Security Management Implementation project. Over several years, since 2004, the information security management has been developed and consolidated as an ongoing and horizontal process. (Author)

  18. Nuclear deception: soviet information policy

    International Nuclear Information System (INIS)

    Hoffmann, E.P.

    1986-01-01

    The effect of the accident at the Chernobyl Unit 4 Reactor on information policies in the USSR is examined. The lack of an agreed-upon information policy and intraparty disagreement over domestic and foreign policy help to explain the delay in disclosure of the accident and conflicting statements concerning long-term health effects. A modest change in policy since Chernobyl has been noted: the willingness of Soviet spokespersons to discuss and debate issues with foreign correspondents, to publish sharply critical letters from citizens and a few foreign officials, and to provide many details about the nature and consequences of the accident

  19. Optical and digital techniques for information security

    CERN Document Server

    2005-01-01

    Optical and Digital Techniques for Information Security is the first book in a series focusing on Advanced Sciences and Technologies for Security Applications. This book encompases the results of research investigation and technologies used to secure, verify, recognize, track, and authenticate objects and information from theft, counterfeiting, and manipulation by unauthorized persons and agencies. This Information Security book will draw on the diverse expertise in optical sciences and engineering, digital image processing, imaging systems, information processing, computer based information systems, sensors, detectors, and biometrics to report innovative technologies that can be applied to information security issues. The Advanced Sciences and Technologies for Security Applications series focuses on research monographs in the areas of: -Recognition and identification (including optical imaging, biometrics, authentication, verification, and smart surveillance systems) -Biological and chemical threat detection...

  20. Information security protecting the global enterprise

    CERN Document Server

    Pipkin, Donald L

    2000-01-01

    In this book, IT security expert Donald Pipkin addresses every aspect of information security: the business issues, the technical process issues, and the legal issues. Pipkin starts by reviewing the key business issues: estimating the value of information assets, evaluating the cost to the organization if they are lost or disclosed, and determining the appropriate levels of protection and response to security incidents. Next, he walks through the technical processes required to build a consistent, reasonable information security system, with appropriate intrusion detection and reporting features. Finally, Pipkin reviews the legal issues associated with information security, including corporate officers' personal liability for taking care that information is protected. The book's coverage is applicable to businesses of any size, from 50 employees to 50,000 or more, and ideal for everyone who needs at least a basic understanding of information security: network/system administrators, managers, planners, archite...

  1. A Layered Trust Information Security Architecture

    Science.gov (United States)

    de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

    2014-01-01

    Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

  2. A layered trust information security architecture.

    Science.gov (United States)

    de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

    2014-12-01

    Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

  3. A Layered Trust Information Security Architecture

    Directory of Open Access Journals (Sweden)

    Robson de Oliveira Albuquerque

    2014-12-01

    Full Text Available Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

  4. Survey of network and information security technology

    International Nuclear Information System (INIS)

    Liu Baoxu; Wang Xiaozhen

    2007-01-01

    With the rapidly development of the computer network technology and informationize working of our Country, Network and Information Security issues becomes the focal point problem that people shows solicitude for. On the basis analysing security threat and challenge of network information and their developing trend. This paper briefly analyses and discusses the main relatively study direction and content about the theory, technology and practice of Network and Information Security. (authors)

  5. Hash functions and information theoretic security

    DEFF Research Database (Denmark)

    Bagheri, Nasoor; Knudsen, Lars Ramkilde; Naderi, Majid

    2009-01-01

    Information theoretic security is an important security notion in cryptography as it provides a true lower bound for attack complexities. However, in practice attacks often have a higher cost than the information theoretic bound. In this paper we study the relationship between information theoretic...

  6. Information Systems Security: Whose Responsibility? | Senzige ...

    African Journals Online (AJOL)

    ... compounded by the increasingly international nature of information systems, this responsibility still rests with managers only. This paper looks at security concerns related to information systems, identifies the threats and suggests how the security of information systems should be handled. African Journal of Finance and ...

  7. Zen and the art of information security

    CERN Document Server

    Winkler, Ira

    2007-01-01

    While security is generally perceived to be a complicated and expensive process, Zen and the Art of Information Security makes security understandable to the average person in a completely non-technical, concise, and entertaining format. Through the use of analogies and just plain common sense, readers see through the hype and become comfortable taking very simple actions to secure themselves. Even highly technical people have misperceptions about security concerns and will also benefit from Ira Winkler's experiences making security understandable to the business world. Mr. Winkler is one of the most popular and highly rated speakers in the field of security, and lectures to tens of thousands of people a year. Zen and the Art of Information Security is based on one of his most well received international presentations.

  8. Information security risk management for computerized health information systems in hospitals: a case study of Iran.

    Science.gov (United States)

    Zarei, Javad; Sadoughi, Farahnaz

    2016-01-01

    In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

  9. Information security risk management for computerized health information systems in hospitals: a case study of Iran

    Science.gov (United States)

    Zarei, Javad; Sadoughi, Farahnaz

    2016-01-01

    Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

  10. "Choice Set" for health behavior in choice-constrained settings to frame research and inform policy: examples of food consumption, obesity and food security.

    Science.gov (United States)

    Dover, Robert V H; Lambert, Estelle V

    2016-03-16

    Using the nexus between food consumption, food security and obesity, this paper addresses the complexity of health behavior decision-making moments that reflect relational social dynamics in context-specific dialogues, often in choice-constrained conditions. A pragmatic review of literature regarding social determinants of health in relation to food consumption, food security and obesity was used to advance this theoretical model. We suggest that health choice, such as food consumption, is based on more than the capacity and volition of individuals to make "healthy" choices, but is dialogic and adaptive. In terms of food consumption, there will always be choice-constrained conditions, along a continuum representing factors over which the individual has little or no control, to those for which they have greater agency. These range from food store geographies and inventories and food availability, logistical considerations such as transportation, food distribution, the structure of equity in food systems, state and non-government food and nutrition programs, to factors where the individual exercises a greater degree of autonomy, such as sociocultural foodways, family and neighborhood shopping strategies, and personal and family food preferences. At any given food decision-making moment, many factors of the continuum are present consciously or unconsciously when the individual makes a decision. These health behavior decision-making moments are mutable, whether from an individual perspective, or within a broader social or policy context. We review the construct of "choice set", the confluence of factors that are temporally weighted by the differentiated and relationally-contextualized importance of certain factors over others in that moment. The choice transition represents an essential shift of the choice set based on the conscious and unconscious weighting of accumulated evidence, such that people can project certain outcomes. Policies and interventions should avoid

  11. Economics of international energy security policy

    International Nuclear Information System (INIS)

    Paik, I.K.

    1992-01-01

    Because there is no inexpensive substitute for crude oil and petroleum products at the present time, an oil supply disruption inevitably leads to higher oil prices and economic losses. Wealth transfer to oil producing nations, reduced output increased unemployment and inflation. For these reasons, major oil-consuming countries currently have in place various oil emergency response measures to protect themselves from adverse economic consequences of oil supply disruptions: stockpiling emergency oil reserves to augment supplies, if necessary, in an emergency; and lowering oil demand through non-price mechanisms. The main purpose of this paper is to show that while, supply enhancement and demand reduction could have the same effect on oil prices in the event of an oil supply shortfall, they may have significantly different effects on the economies. Section I discusses the principal oil emergency response measures of the members of the International Energy Agency (IEA) -- emergency oil stockpiles and demand restraint -- and their policies for implementing the measures. Section II describes the analytical method used to perform comparative economic analysis of releasing emergency stocks and restraining demand in an oil emergency. Section III presents quantitative results of the analysis, and Section IV, conclusions of the analytical results and their energy security policy implications

  12. Data Leakage Prevention for Secure Cross-Domain Information Exchange

    OpenAIRE

    Nordbotten, Nils Agne; Engelstad, Paal E.; Kongsgård, Kyrre Wahl; Haakseth, Raymond; Mancini, Federico

    2017-01-01

    Cross-domain information exchange is an increasingly important capability for conducting efficient and secure operations, both within coalitions and within single nations. A data guard is a common cross-domain sharing solution that inspects the security labels of exported data objects and validates that they are such that they can be released according to policy. While we see that guard solutions can be implemented with high assurance, we find that obtaining an equivalent level of assurance i...

  13. Materials for the information security education

    International Nuclear Information System (INIS)

    Yashiro, Shigeo; Aoki, Kazuhisa; Sato, Tomohiko; Tanji, Kazuhiro

    2014-01-01

    With the rapid progress of the utilization of Information Technology (IT), IT infrastructure (network environment and information system) became crucial as a lifeline for promoting business. At the same time, changes in the circumstances surrounding the IT infrastructure globalize the threat of cyber attacks and increase the risk of the information security such as unlawful access to an information system, viral infection, an alteration of a website, disclosure of subtlety information, destruction of an information system and so on. Information security measure is an important issue in Japan Atomic Energy Agency (JAEA). In order to protect the information property of JAEA from the threat, Center for Computational Science and e-Systems (CCSE) has been taking triadic measures for information security: (1) to lay down a set of information security rules, (2) to introduce security equipments to backbone network and (3) to provide information security education. This report is a summary of the contents of the information security education by e-learning. (author)

  14. Information security management handbook, v.7

    CERN Document Server

    O'Hanley, Richard

    2013-01-01

    Updated annually, the Information Security Management Handbook, Sixth Edition, Volume 7 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations. Reporting on the latest developments in information security and recent changes to the (ISC)2(R) CISSP Common Body of Knowledge (CBK(R)), this volume features 27 new chapters on topics

  15. ITIL{sup ®} and information security

    Energy Technology Data Exchange (ETDEWEB)

    Jašek, Roman; Králík, Lukáš; Popelka, Miroslav [Tomas Bata University in Zlin, Faculty of Applied Informatics NadStranemi 4511, 760 05 Zlin (Czech Republic)

    2015-03-10

    This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework.

  16. Communications and Information: Emission Security

    National Research Council Canada - National Science Library

    1998-01-01

    The Air Force EMSEC process has experienced many changes. Although these changes were attempts to meet the variances of a dynamic world, they require security protection measures far beyond the needs of the average user...

  17. Information Security: USDA Needs to Implement Its Departmentwide Information Security Plan

    National Research Council Canada - National Science Library

    2000-01-01

    USDA has taken positive steps to begin improving its information security by developing its August 1999 Action Plan with recommendations to strengthen department-wide information security and hiring...

  18. Information security risk assessment, aggregation, and mitigation

    NARCIS (Netherlands)

    Lenstra, A.K.; Voss, T.; Wang, H.; Pieprzyk, J.; Varadharajan, V.

    2004-01-01

    As part of their compliance process with the Basel 2 operational risk management requirements, banks must define how they deal with information security risk management. In this paper we describe work in progress on a new quantitative model to assess and aggregate information security risks that is

  19. Social Networks and Corporate Information Security

    Directory of Open Access Journals (Sweden)

    Ekaterina Gennadievna Kondratova

    2013-06-01

    Full Text Available It is defined in the article social networks as a tool in the hands of cyber-criminals to compromise the organization’s data. The author focuses on a list of threats to information security caused by social networks usage, which should be considered in the set up of information security management system of the company.

  20. The (social) construction of information security

    NARCIS (Netherlands)

    Pieters, Wolter

    While the philosophical foundations of information security have been unexamined, there is an implicit philosophy of what protection of information is. This philosophy is based on the notion of containment, taken from analogies with things that offer physical security (e.g., buildings, safes,

  1. A Comparative Analysis of University Information Systems within the Scope of the Information Security Risks

    Directory of Open Access Journals (Sweden)

    Rustu Yilmaz

    2016-05-01

    Full Text Available Universities are the leading institutions that are the sources of educated human population who both produce information and ensure to develop new products and new services by using information effectively, and who are needed in every area. Therefore, universities are expected to be institutions where information and information management are used efficiently. In the present study, the topics such as infrastructure, operation, application, information, policy and human-based information security at universities were examined within the scope of the information security standards which are highly required and intended to be available at each university today, and then a comparative analysis was conducted specific to Turkey. Within the present study, the Microsoft Security Assessment Tool developed by Microsoft was used as the risk analysis tool. The analyses aim to enable the universities to compare their information systems with the information systems of other universities within the scope of the information security awareness, and to make suggestions in this regard.

  2. Problem of Information Security Traffic on Internet

    Directory of Open Access Journals (Sweden)

    Slavko Šarić

    2012-10-01

    Full Text Available Internet information traffic becomes greater and moreimportant. With increasing growth of information importancerequirement for its security becomes indispensable. Theinformation security problem especially affect large and smallcompanies whose prosperity is depending on Internet presence.This affecting the three areas of Internet commerce: credit cardtransactions, virtual private networks and digital certification.To ensure information traffic it is necessary to find a solution,in a proper way, for three major problems: frontier problem,market problem and government problem. While the eventualemergence of security standards for Internet transactions isexpected, it will not automatically result in secure Internettransactions. In future, there is a wealth of security issues thatwill continue to require attention: internal security, continuedhacking, social engineering, malicious code, reliability andperformance, skills shortages and denial of se1vice attacks.

  3. Network Security: Policies and Guidelines for Effective Network Management

    Directory of Open Access Journals (Sweden)

    Jonathan Gana KOLO

    2008-12-01

    Full Text Available Network security and management in Information and Communication Technology (ICT is the ability to maintain the integrity of a system or network, its data and its immediate environment. The various innovations and uses to which networks are being put are growing by the day and hence are becoming complex and invariably more difficult to manage by the day. Computers are found in every business such as banking, insurance, hospital, education, manufacturing, etc. The widespread use of these systems implies crime and insecurity on a global scale. In addition, the tremendous benefits brought about by Internet have also widened the scope of crime and insecurity at an alarming rate. Also, ICT has fast become a primary differentiator for institution/organization leaders as it offers effective and convenient means of interaction with each other across the globe. This upsurge in the population of organizations depending on ICT for business transaction has brought with it a growing number of security threats and attacks on poorly managed and secured networks primarily to steal personal data, particularly financial information and password.This paper therefore proposes some policies and guidelines that should be followed by network administrators in organizations to help them ensure effective network management and security of ICT facilities and data.

  4. Information Security: Past, Present and Future - Impact of Developments in Information Technology on Security

    NARCIS (Netherlands)

    Overbeek, P.L.

    1991-01-01

    The development of information security is addressed in relation to the development of information technology. The leading question is: how has information security developed itself so far, and how should it progress to address tomorrow's security needs. An overwiew is given of the use of

  5. Information security practices emerging threats and perspectives

    CERN Document Server

    Awad, Ahmed; Woungang, Isaac

    2017-01-01

    This book introduces novel research targeting technical aspects of protecting information security and establishing trust in the digital space. New paradigms, and emerging threats and solutions are presented in topics such as application security and threat management; modern authentication paradigms; digital fraud detection; social engineering and insider threats; cyber threat intelligence; intrusion detection; behavioral biometrics recognition; hardware security analysis. The book presents both the important core and the specialized issues in the areas of protection, assurance, and trust in information security practice. It is intended to be a valuable resource and reference for researchers, instructors, students, scientists, engineers, managers, and industry practitioners. .

  6. European security and defense policy and its implications for Turkey

    OpenAIRE

    Özköse, Ö Faruk

    2002-01-01

    Cataloged from PDF version of article. The “European Security and Defense Policy” is an evolving process. Since the Maastricht Treaty (1991), the European Union members have been trying to constitute a common security and defense policy within the framework of Common Foreign and Security Policy, second pillar of the European Union. The efforts to create “separable but not separate” European forces within NATO have increased speed in the last years and changed direction towar...

  7. Special Reports; Homeland Security and Information Management; The Development of Electronic Government in the United States: The Federal Policy Experience; Digital Rights Management: Why Libraries Should Be Major Players; The Current State and Future Promise of Portal Applications; Recruitment and Retention: A Professional Concern.

    Science.gov (United States)

    Relyea, Harold C.; Halchin, L. Elaine; Hogue, Henry B.; Agnew, Grace; Martin, Mairead; Schottlaender, Brian E. C.; Jackson, Mary E.

    2003-01-01

    Theses five reports address five special issues: the effects of the September 11 attacks on information management, including homeland security, Web site information removal, scientific and technical information, and privacy concerns; federal policy for electronic government information; digital rights management and libraries; library Web portal…

  8. Issues with Access to Acquisition Data and Information in the Department of Defense: A Closer Look at the Origins and Implementation of Controlled Unclassified Information Labels and Security Policy

    Science.gov (United States)

    2016-12-19

    directly affect the access and utility of acquisition databases. The current information security environment does not establish a consistent... information ” without a nondisclosure agreement • proposing a legislative amendment to 10 U.S.C. 2320, which allows access to technical data for providing...ISSUES WITH Access to Acquisition Data and Information IN THE DEPARTMENT OF DEFENSE A Closer Look at the Origins and Implementation of

  9. Information fusion for cyber-security analytics

    CERN Document Server

    Karabatis, George; Aleroud, Ahmed

    2017-01-01

    This book highlights several gaps that have not been addressed in existing cyber security research. It first discusses the recent attack prediction techniques that utilize one or more aspects of information to create attack prediction models. The second part is dedicated to new trends on information fusion and their applicability to cyber security; in particular, graph data analytics for cyber security, unwanted traffic detection and control based on trust management software defined networks, security in wireless sensor networks & their applications, and emerging trends in security system design using the concept of social behavioral biometric. The book guides the design of new commercialized tools that can be introduced to improve the accuracy of existing attack prediction models. Furthermore, the book advances the use of Knowledge-based Intrusion Detection Systems (IDS) to complement existing IDS technologies. It is aimed towards cyber security researchers. .

  10. Secure information release in timed automata

    DEFF Research Database (Denmark)

    Vasilikos, Panagiotis; Nielson, Flemming; Nielson, Hanne Riis

    2018-01-01

    . In this paper, we develop a formal approach of information flow for timed automata that allows intentional information leaks. The security of a timed automaton is then defined using a bisimulation relation that takes account of the non-determinism and the clocks of timed automata. Finally, we define...... of security goals for confidentiality and integrity. Notions of security based on Information flow control, such as non-interference, provide strong guarantees that no information is leaked; however, many cyberphysical systems leak intentionally some information in order to achieve their purposes...... an algorithm that traverses a timed automaton and imposes information flow constraints on it and we prove that our algorithm is sound with respect to our security notion....

  11. Trust Account Fraud And Effective Information Security Management

    Directory of Open Access Journals (Sweden)

    Sameera Mubarak

    2010-09-01

    Full Text Available The integrity of lawyers trust accounts has come under scrutiny in the last few years. There are strong possibilities of information technology security breaches happening within the firms, either accidental or deliberate. The damage caused by these security breaches could be extreme. For example, a trust account fund in an Australian law firm was misused in a security breach in which Telstra charged. A$50,000 for phone usage, mainly for ISD calls to Hong Kong.Our study involved interviewing principles of ten law companies to find out solicitors attitudes to computer security and the possibility of breaches of their trust accounts. We simultaneously carried out a survey to see if the trends identified in our case-studies could be backed up with broader quantitative data. We have also conducted in-depth interviews of 5 trust account regulators from the Law society of South Australia to know their view points on security threats on trust accounts. An overall finding highlights that law firms were not current with technology to combat computer crime, and inadequate access control was a major concern in safeguarding account data. Our conclusions revealed the urgent need for law firms to adopt security controls, implement information security policies and procedures and obtain cooperation from management to communicate these policies to staff.

  12. Management of Information Security in Financial Accounting

    OpenAIRE

    Aurel Serb; Constantin Baron; Nicoleta Magdalena Iacob; Costinela-Luminita Defta

    2014-01-01

    Security issues in financial accounting are complex, and the risks are often difficult to stipulate, even for experts. The issues presented in this article try to be formed in a contribution to the consolidation of problems in the field of risk, and former vulnerabilities in cyber security in financial accounting. The use of an information security management system became a requirement for organizations because on the states began adopting mandatory data protection legislation and informatio...

  13. Implementing healthcare information security: standards can help.

    Science.gov (United States)

    Orel, Andrej; Bernik, Igor

    2013-01-01

    Using widely spread common approaches to systems security in health dedicated controlled environments, a level of awareness, confidence and acceptance of relevant standardisation is evaluated. Patients' information is sensitive, so putting appropriate organisational techniques as well as modern technology in place to secure health information is of paramount importance. Mobile devices are becoming the top priorities in advanced information security planning with healthcare environments being no exception. There are less and less application areas in healthcare without having a need for a mobile functionality which represents an even greater information security challenge. This is also true in emergency treatments, rehabilitation and homecare just to mention a few areas outside hospital controlled environments. Unfortunately quite often traditional unsecured communications principles are still in routine use for communicating sensitive health related information. The security awareness level with users, patients and care professionals is not high enough so potential threats and risks may not be addressed and the respective information security management is therefore weak. Standards like ISO/IEC 27000 ISMS family, the ISO/IEC 27799 information security guidelines in health are often not well known, but together with legislation principles such as HIPAA, they can help.

  14. State Policy Against Information War

    Directory of Open Access Journals (Sweden)

    Dmitry Shibaev

    2016-01-01

    Full Text Available The most recent and effective method to resolve aconflict between countries is information war. Information warfare, i.e. propaganda, information sabotage, blackmail, could be more damaging than the effects of the traditional methods of war. The government must be prepared to prevent and counteract the bleeding-edge techniques of warfare that is to work out measures, to oppose enemy’s information weapons , to gain information superiority , to develop a society thatis immune to disinformation, to elaborate a concept of information warfare counteraction.The authors have examined both foreign and Russian sources of law which define the requirements for the government activities to oppose information warfare. They also refer to the opinions of foreign and Russian researchers, politicians and public figures who have commented on the concept and features of such political and legal constructs as information warfare and information weapons. The problem of information warfare must be identified as a profoundly serious and damaging threat. This paper provides the features of information warfare and the methods to resist it as well as the proposals to amend the domestic legislation to create conditions for an accurate understanding of this political and legal phenomenon. In addition, it points out that the amendment of the Information Security Doctrine is not sufficient to counterbalance the threat of information warfare. In a certain document it is necessary to recount all notions, requirements and methods for the government actions aimed to gradually change the situation, particularly, the development of sectoral (information security legislation, specialists training to be able to deal with informational and psychological aggression forming public opinion through the government-run mass media, etc.

  15. Academic Training Lecture Regular Programme: Computer Security - Introduction to information and computer security (1/4)

    CERN Multimedia

    2012-01-01

    Computer Security: Introduction to information and computer security (1/4), by Sebastian Lopienski (CERN).   Monday, 21 May, 2012 from 11:00 to 12:00 (Europe/Zurich) at CERN ( 31-3-004 - IT Auditorium ) Sebastian Lopienski is CERN's Deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and maintains security tools for vulnerability assessment and intrusion detection; provides training and awareness raising; and does incident investigation and response. During his work at CERN since 2001, Sebastian has had various assignments, including designing and developing software to manage and support services hosted in the CERN Computer Centre; providing Central CVS Service for software projects at CERN; and development of applications for accelerator controls in Java. He graduated from the University of Warsaw (MSc in Computer Science) in 2002, and earned an MBA degree at the Enterprise Administration Institute in Ai...

  16. Best practices show the way to information security maturity

    CSIR Research Space (South Africa)

    Lessing, MM

    2008-09-01

    Full Text Available A Security Maturity Model (SMM) provides an organisation with a distinct Information Security framework. Organisations that conform to these models are likely to pursue satisfactory Information Security. Additionally, the use of Security Maturity...

  17. The executive MBA in information security

    CERN Document Server

    Trinckes, John J

    2009-01-01

    Supplying a complete overview of the concepts executives need to know, this book provides the tools needed to ensure your organization has an effective information security management program in place. It also includes a ready-to use security framework for developing workable programs and supplies proven tips for avoiding common pitfalls.

  18. Teaching Information Security Students to "Think thief"

    NARCIS (Netherlands)

    Hartel, Pieter H.; Junger, Marianne

    2012-01-01

    We report on an educational experiment where information security master students were encouraged to think out of the box. Instead of taking the usual point of view of the security engineer we challenged the students to take the point of view of the motivated offender. We report on the exciting

  19. Handbook of space security policies, applications and programs

    CERN Document Server

    Hays, Peter; Robinson, Jana; Moura, Denis; Giannopapa, Christina

    2015-01-01

    Space Security involves the use of space (in particular communication, navigation, earth observation, and electronic intelligence satellites) for military and security purposes on earth and also the maintenance of space (in particular the earth orbits) as safe and secure areas for conducting peaceful activities. The two aspects can be summarized as "space for security on earth" and “the safeguarding of space for peaceful endeavors.” The Handbook will provide a sophisticated, cutting-edge resource on the space security policy portfolio and the associated assets, assisting fellow members of the global space community and other interested policy-making and academic audiences in keeping abreast of the current and future directions of this vital dimension of international space policy. The debate on coordinated space security measures, including relevant 'Transparency and Confidence-Building Measures,' remains at a relatively early stage of development. The book offers a comprehensive description of the variou...

  20. Analysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical Systems

    NARCIS (Netherlands)

    Lenzini, Gabriele; Mauw, Sjouke; Ouchani, Samir; Barthe, Gilles; Markatos, Evangelos; Samarati, Pierangela

    2016-01-01

    A crucial question for an ICT organization wishing to improve its security is whether a security policy together with physical access controls protects from socio-technical threats. We study this question formally. We model the information flow defined by what the organization’s employees do (copy,

  1. ESCAPE. Energy Security and ClimAte Policy Evaluation

    International Nuclear Information System (INIS)

    Kessels, J.R.; Bakker, S.J.A.

    2005-05-01

    Climate change and energy supply security policy are currently not integrated in most countries, despite possible synergies. The ESCAPE approach suggests that linking climate change policy with security of energy supply could improve climate change policy at both a national and international level. The report explores the interaction between policies of energy security and climate change and the options of inclusion of energy security issues into national and international post-2012 climate negotiations. It emphasises the importance of the US in this regard and takes a close look at US energy policy documents. It appears that current US energy policy is not directed towards reducing its reliance on imported fossil fuel, even though the government has a strong preference for this. This study shows that measures to reduce import dependency are mostly synergetic with climate policy and gives some options that can be implemented. On an international level, linkages of energy security into post-2012 climate policy may be possible in sectoral bottom-up approaches or technology frameworks. As well, inclusion of a security of supply criterion in international emission trading instruments may provide potential benefits

  2. Management of information security risks in a federal public institution: a case study

    Directory of Open Access Journals (Sweden)

    Jackson Gomes Soares Souza

    2016-11-01

    Full Text Available Public institutions bound to the Brazilian federal public sector must apply security measures, policies, procedures and guidelines as information assets protection measures. This case study sought to determine whether the management of information security risks is applied in a federal public institution according to Information Technology (I.T. managers perceptions and the results expose the importance of the roles played by people, responsibilities, policies, standards, procedures and their implementation aiming greater control of information security risks and opportunities related to information technology security.

  3. Information Security of Apple Pay

    OpenAIRE

    Chen, Xinru

    2016-01-01

    In the era of high-tech, the mode of payment is no longer just use cash or credit card. There are various payments come to our daily life. Online payment and other kinds of electronic payments are wildly in use by people. Apple Pay is a tool that provides easier and safer payment service for consumer. The main objective of this thesis is to understand deeply and analyze how easy and convenient Apple Pay is to use and why it is known as most secure form of payment. Besides that, there is a ...

  4. Information Security Management: The Study of Lithuanian State Institutions

    OpenAIRE

    Jastiuginas, Saulius

    2012-01-01

    Growing information security cases and scope illustrate that the relevance of information security issues becomes critical and present information security means are not sufficient enough to manage information security. Narrow comprehension of information security merely as technological problem is broadened by the research results of economic, managerial, psychological, legal and other related aspects’ influence to information security. Information is named as the object of information s...

  5. Securing military information systems on public infrastructure

    CSIR Research Space (South Africa)

    Botha, P

    2015-03-01

    Full Text Available to set up in time for scenarios which require real time information. This may force communications to utilise public infrastructure. Securing communications for military mobile and Web based systems over public networks poses a greater challenge compared...

  6. Biometric Feature Script for Information Security

    Directory of Open Access Journals (Sweden)

    N. E. Gunko

    2010-03-01

    Full Text Available Special studies related to the development of rules for making decisions on the psychological characteristics of the offender in his manuscript handwriting with the goal of ensuring information security.

  7. ?Choice Set? for health behavior in choice-constrained settings to frame research and inform policy: examples of food consumption, obesity and food security

    OpenAIRE

    Dover, Robert V. H.; Lambert, Estelle V.

    2016-01-01

    Objectives Using the nexus between food consumption, food security and obesity, this paper addresses the complexity of health behavior decision-making moments that reflect relational social dynamics in context-specific dialogues, often in choice-constrained conditions. Methods A pragmatic review of literature regarding social determinants of health in relation to food consumption, food security and obesity was used to advance this theoretical model. Results and discussion We suggest that heal...

  8. Algorithms, architectures and information systems security

    CERN Document Server

    Sur-Kolay, Susmita; Nandy, Subhas C; Bagchi, Aditya

    2008-01-01

    This volume contains articles written by leading researchers in the fields of algorithms, architectures, and information systems security. The first five chapters address several challenging geometric problems and related algorithms. These topics have major applications in pattern recognition, image analysis, digital geometry, surface reconstruction, computer vision and in robotics. The next five chapters focus on various optimization issues in VLSI design and test architectures, and in wireless networks. The last six chapters comprise scholarly articles on information systems security coverin

  9. INFORMATION SECURITY IN MOBILE MODULAR MEASURING SYSTEMS

    Directory of Open Access Journals (Sweden)

    A. N. Tkhishev

    2017-01-01

    Full Text Available A special aspect of aircraft test is carrying out both flight evaluation and ground operation evaluation in a structure of flying aids and special tools equipment. The specific of flight and sea tests involve metering in offshore zone, which excludes the possibility of fixed geodetically related measuring tools. In this regard, the specific role is acquired by shipbased measurement systems, in particular the mobile modular measuring systems. Information processed in the mobile modular measurement systems is a critical resource having a high level of confidentiality. When carrying out their functions, it should be implemented a proper information control of the mobile modular measurement systems to ensure their protection from the risk of data leakage, modification or loss, i.e. to ensure a certain level of information security. Due to the specific of their application it is difficult to solve the problems of information security in such complexes. The intruder model, the threat model, the security requirements generated for fixed informatization objects are not applicable to mobile systems. It was concluded that the advanced mobile modular measuring systems designed for flight experiments monitoring and control should be created due to necessary information protection measures and means. The article contains a diagram of security requirements formation, starting with the data envelopment analysis and ending with the practical implementation. The information security probabilistic model applied to mobile modular measurement systems is developed. The list of current security threats based on the environment and specific of the mobile measurement system functioning is examined. The probabilistic model of the information security evaluation is given. The problems of vulnerabilities transformation of designed information system into the security targets with the subsequent formation of the functional and trust requirements list are examined.

  10. Information security value in e-entrepreneurship

    OpenAIRE

    Nunes, Sérgio

    2012-01-01

    This paper researches the information security value in e-entrepreneurship by revising the literature that establishes the entrepreneurial domain and by relating it with the development of technological resources that create value for the customer in an online business. It details multiple paradigms regarding consumer’s values of information security, while relating them with common practices and previous researches in technological entrepreneurship. This research presents and discusses the b...

  11. Competing policy packages and the complexity of energy security

    International Nuclear Information System (INIS)

    Sovacool, Benjamin K.; Saunders, Harry

    2014-01-01

    To underscore both the diversity and severity of energy security tradeoffs, this study examines five different energy security policy packages—five distinct strategies aimed at reducing oil dependence, enhancing energy affordability, expanding access to modern energy services, responding to climate change, and minimizing the water intensity of energy production. It identifies both compelling synergies and conflicts between each of the five strategies. The central value of the study is that it turns on its head the widely accepted notion of a “portfolio approach” or “all of the above” strategy to energy policymaking. To make this case, the article begins by elucidating the complexity and multidimensionality of energy security as a concept. It then introduces our five energy security policy packages to illustrate how some energy security objectives complement each other whereas others counteract each other. It concludes by noting that energy security is not an absolute state, and that achieving it only “works” by prioritizing some dimensions, or policy goals and packages, more than others. - Highlights: • Energy security is a complex, multidimensional concept. • Policy packages aimed at achieving energy security often conflict with each other. • Energy security only “works” by prioritizing some dimensions more than others

  12. Encyclopedia of Information Ethics and Security

    OpenAIRE

    Reviewed by Yavuz AKBULUT

    2008-01-01

    233Rapid developments in information andcommunication technologies have created newsecurity threats along with ethical dilemmas. Thesedevelopments have been so fast that appropriatesecurity precautions and ethical codes fail to keeppace with the technological developments. In thisrespect, education of both professionals andordinary citizens regarding information technologyethics carries utmost importance. Encyclopedia ofInformation Ethics and Security serves as anauthentic and comprehensive r...

  13. Information governance and security protecting and managing your company's proprietary information

    CERN Document Server

    Iannarelli, John G

    2014-01-01

    Information Governance and Security shows managers in any size organization how to create and implement the policies, procedures and training necessary to keep their organization's most important asset-its proprietary information-safe from cyber and physical compromise. Many intrusions can be prevented if appropriate precautions are taken, and this book establishes the enterprise-level systems and disciplines necessary for managing all the information generated by an organization. In addition, the book encompasses the human element by considering proprietary information lost, damaged, or destroyed through negligence. By implementing the policies and procedures outlined in Information Governance and Security, organizations can proactively protect their reputation against the threats that most managers have never even thought of. Provides a step-by-step outline for developing an information governance policy that is appropriate for your organization Includes real-world examples and cases to help illustrate key ...

  14. Measuring Information Security: Guidelines to Build Metrics

    Science.gov (United States)

    von Faber, Eberhard

    Measuring information security is a genuine interest of security managers. With metrics they can develop their security organization's visibility and standing within the enterprise or public authority as a whole. Organizations using information technology need to use security metrics. Despite the clear demands and advantages, security metrics are often poorly developed or ineffective parameters are collected and analysed. This paper describes best practices for the development of security metrics. First attention is drawn to motivation showing both requirements and benefits. The main body of this paper lists things which need to be observed (characteristic of metrics), things which can be measured (how measurements can be conducted) and steps for the development and implementation of metrics (procedures and planning). Analysis and communication is also key when using security metrics. Examples are also given in order to develop a better understanding. The author wants to resume, continue and develop the discussion about a topic which is or increasingly will be a critical factor of success for any security managers in larger organizations.

  15. The Encryption Export Policy Controversy: Searching for Balance in the Information Age

    National Research Council Canada - National Science Library

    Miller, Marcus S

    2000-01-01

    .... The federal government s encryption export policy highlights a complex information age issue involving seemingly insurmountable conflicts between national security, law enforcement, privacy, and business interests...

  16. External dimension of Ukraine’s security policy

    Directory of Open Access Journals (Sweden)

    O. S. Vonsovych

    2015-07-01

    Full Text Available Investigation of the external dimension of security policy of Ukraine is stipulated for the need to analyse the current state of relations with organizations such as the Organization for Security and Co-operation in Europe and The Collective Security Treaty Organization, and relations within the Common European Security and Defence Policy. Ukraine’s European Integration means inclusion in the global space security with countries that it shares common values and principles. It does not exclude the collaboration with the countries that belong to other systems of collective security in the scope that is appropriate to basic national interests of Ukraine. It is proved that the activities of the OSCE Special Monitoring Mission is an important contribution to the process of peaceful conflict resolution, and helps to develop democratic principles and foundations of foreign policy. It is determined that the further development of the constructive cooperation between the EU advisory mission under CSDP will provide an opportunity to improve and increase the security of national borders from external threats and challenges, and help to accelerate the process of integration into the European security space. The attention is paid to the fact that, taken into consideration the state of relations with Russia, the further cooperation with the Collective Security Treaty Organization (CSTO may adversely affect the overall security situation in Ukraine and lead to further tension with Russia today.

  17. MOBILE DEVICES AND EFFECTIVE INFORMATION SECURITY

    Directory of Open Access Journals (Sweden)

    Igor Bernik

    2013-05-01

    Full Text Available Rapidly increasing numbers of sophisticated mobile devices (smart phones, tab computers, etc. all over the world mean that ensuring information security will only become a more pronounced problem for individuals and organizations. It’s important to effectively protect data stored on or accessed by mobile devices, and also during transmission of data between devices and between device and information system. Technological and other trends show, that the cyber threats are also rapidly developing and spreading. It's crucial to educate users about safe usage and to increase their awareness of security issues. Ideally, users should keep-up with technological trends and be well equipped with knowledge otherwise mobile technology will significantly increase security risks. Most important is that we start educating youth so that our next generations of employees will be part of a culture of data and information security awareness.

  18. Polish Defense Policy in the Context of National Security Strategy

    National Research Council Canada - National Science Library

    Bieniek, Piotr S

    2006-01-01

    ...) and the North Atlantic Treaty Organization (NATO). Polish security policy and strategy is shaped by its geographical location, which places Poland in NATO's main strategic area opposite the Russian Federation and Belarus...

  19. Polish Defense Policy in the Context of National Security Strategy

    National Research Council Canada - National Science Library

    Bieniek, Piotr S

    2006-01-01

    ... goals to eliminate current threats and risks such as terrorism. As far as Poland is concerned, its priority is to be an active leader in improving common security policy within the boundaries of the European Union (EU...

  20. Critical Perspective on ASEAN's Security Policy Under ASEAN Political and Security Community

    Directory of Open Access Journals (Sweden)

    Irawan Jati

    2016-03-01

    Full Text Available   Despite economic integration challenges, ASEAN faces greater security challenges. It is obvious to assert that a stable economic development requires a secure regional atmosphere. The most probable threats against ASEAN are ranging from hostile foreign entities infiltration, intra and inter states disputes, radical religious movements, human trafficking, drugs and narcotics smuggling, cybercrimes and environmental disasters. In 2009, ASEAN established the ASEAN Political and Security Community as the umbrella of ASEAN’s political and security initiatives. APSC slots in some significant fora; ASEAN Intergovernmental Commission on Human Rights (AICHR, ASEAN Foreign Ministers Meeting (AMM,  ASEAN Regional Forum (ARF, ASEAN Defense Minister’s Meeting (ADMM, ASEAN Law Ministers Meeting (ALAWMM, and ASEAN Ministerial Meeting on Transnational Crimes (AMMTC. The wide array of these forums signify ASEAN efforts to confront double features of security; the traditional and nontraditional or critical security. The traditional security considers state security as the primary object security. While the critical security tends to focus on non-state aspects such as individual human being as its referent object. Even though some argue that APSC has been able to preserve the stability in the region, it still lack of confidence in solving critical issues such as territorial disputes and irregular migrants problems.Therefore, this piece would examine the fundamental questions: How does ASEAN address beyond state security issues in its security policy through APSC? To search for the answer this paper would apply critical security studies approach. Critical security posits that threats are not always for the states but in many cases for the people. Based on the examination of ASEAN security policies, this paper argues that ASEAN’s security policy has touched the non-traditional security issues but showing slow progress on its development and application. 

  1. Protection of National Security Information

    National Research Council Canada - National Science Library

    Elsea, Jennifer K

    2006-01-01

    Recent cases involving alleged disclosures of classified information to the news media or others who are not entitled to receive it have renewed Congress s interest with regard to the possible need...

  2. 78 FR 48037 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

    Science.gov (United States)

    2013-08-07

    ... Clearance and Safeguarding of National Security Information and Restricted Data AGENCY: Nuclear Regulatory... the objectives of Executive Order 13526, Classified National Security Information. The rule allows... signed Executive Order 13526, Classified National Security Information, which was published in the...

  3. 76 FR 40296 - Declassification of National Security Information

    Science.gov (United States)

    2011-07-08

    ... Declassification of National Security Information AGENCY: National Archives and Records Administration. ACTION... classified national security information in records transferred to NARA's legal custody. The rule incorporates changes resulting from issuance of Executive Order 13526, Classified National Security Information...

  4. Using the social security system to deliver housing policy

    OpenAIRE

    Cheung, Louise, Gee Wing

    2016-01-01

    This thesis examines the interaction between housing policy and the social security benefits that support housing costs. Analysis concerns the extent and type of State intervention in housing, thus explaining the dynamic between State and individual responsibility in housing policy. This thesis involves an exploration of the different treatment of the owner-occupied and the rented housing sectors, with reference to the social security benefits which fund ongoing housing costs. This thesis see...

  5. Agriculture development and food security policy in Eritrea - An ...

    African Journals Online (AJOL)

    Agriculture development and food security policy in Eritrea - An analysis. ... per cent of its total food needs and in poor years, it produces no more than 25 per cent. ... food security by introducing modern technology, irrigation, terracing, soil and ...

  6. Information Security: Comments on the Proposed Federal Information Security Management Act of 2002

    National Research Council Canada - National Science Library

    Dacey, Robert

    2002-01-01

    ... 2001.1 Concerned with reports that continuing, pervasive information security weaknesses place federal operations at significant risk of disruption, tampering, fraud, and inappropriate disclosures...

  7. Computer Security: Introduction to information and computer security (1/4)

    CERN Multimedia

    CERN. Geneva

    2012-01-01

    Sebastian Lopienski is CERN's Deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and maintains security tools for vulnerability assessment and intrusion detection; provides training and awareness raising; and does incident investigation and response. During his work at CERN since 2001, Sebastian has had various assignments, including designing and developing software to manage and support services hosted in the CERN Computer Centre; providing Central CVS Service for software projects at CERN; and development of applications for accelerator controls in Java. He graduated from the University of Warsaw (MSc in Computer Science) in 2002, and earned an MBA degree at the Enterprise Administration Institute in Aix-en-Provence and Haute Ecole de Gestion in Geneva in 2010. His professional interests include software and network security, distributed systems, and Web and mobile technologies. With the prevalence of modern information te...

  8. Trust in Security-Policy Enforcement Mechanisms

    National Research Council Canada - National Science Library

    Schneider, Fred B; Morrisett, Greg

    2005-01-01

    .... One avenue of language-based work produced Cyclone, a type-safe variant of C. The Cyclone language retains the familiar syntax and semantics of C code, but provides the strong security guarantees of modem languages such as Java...

  9. The economics of information security and privacy

    CERN Document Server

    Böhme, Rainer

    2013-01-01

    In the late 1990s, researchers began to grasp that the roots of many information security failures can be better explained with the language of economics than by pointing to instances of technical flaws. This led to a thriving new interdisciplinary research field combining economic and engineering insights, measurement approaches and methodologies to ask fundamental questions concerning the viability of a free and open information society. While economics and information security comprise the nucleus of an academic movement that quickly drew the attention of thinktanks, industry, and governmen

  10. INFORMATION SECURITY RISK ASSESSMENT USING EXISTING LEGAL AND METHODOLOGICAL BASE

    Directory of Open Access Journals (Sweden)

    A. I. Trubei

    2015-01-01

    Full Text Available The article provides a survey of the existing regulatory framework for information security riskmanagement. Practical methods for information security risk and vulnerability assessment are proposed.

  11. Information security improving blocklist driven firewall implementation

    OpenAIRE

    Kylmänen, J. (Juha)

    2013-01-01

    Abstract The Internet has become a commodity and with it information security and privacy issues have appeared. Common threats against the end users include malware and phishing. Phishing is a social engineering technique used to mimic legit banking or social networking websites in an attempt to gain sensitive information from the user and malware is software with malicious intent. ...

  12. Speeding decisions. Social security's information exchange program.

    Science.gov (United States)

    Winter, Kitt; Hastings, Bob

    2011-05-01

    The Social Security Administration has plenty of reasons to streamline its records request process-more than 15 million reasons each year, in fact. That's why it has been pioneering information exchange projects with the private sector, including use of the Nationwide Health Information Network.

  13. Considerations When Including Students with Disabilities in Test Security Policies. NCEO Policy Directions. Number 23

    Science.gov (United States)

    Lazarus, Sheryl; Thurlow, Martha

    2015-01-01

    Sound test security policies and procedures are needed to ensure test security and confidentiality, and to help prevent cheating. In this era when cheating on tests draws regular media attention, there is a need for thoughtful consideration of the ways in which possible test security measures may affect accessibility for some students with…

  14. Extension of social security coverage for the informal economy in Indonesia : surveys in the urban and rural informal economy

    OpenAIRE

    Angelini, John; Hirose, Kenichi

    2004-01-01

    This paper focuses on the extension of social security coverage to workers in the informal economy. In particular, the paper presents the results of surveys assessing social security needs of workers in the informal economy in both urban and rural areas. The outcome of these surveys provides primary information for the development of effective policy on social security coverage extension to these groups of workers.

  15. Public Access to Government Electronic Information. Policy Framework.

    Science.gov (United States)

    Bulletin of the American Society for Information Science, 1992

    1992-01-01

    This policy framework provides guidelines for federal agencies on public access to government electronic information. Highlights include reasons for disseminating information; defining user groups; which technology to use; pricing flexibility; security and privacy issues; and the private sector and state and local government roles. (LRW)

  16. Position paper: A generic approach for security policies composition

    DEFF Research Database (Denmark)

    Hernandez, Alejandro Mario; Nielson, Flemming

    2012-01-01

    When modelling access control in distributed systems, the problem of security policies composition arises. Much work has been done on different ways of combining policies, and using different logics to do this. In this paper, we propose a more general approach based on a 4-valued logic, that abst...

  17. Globally reasoning about localised security policies in distributed systems

    DEFF Research Database (Denmark)

    Hernandez, Alejandro Mario

    In this report, we aim at establishing proper ways for model checking the global security of distributed systems, which are designed consisting of set of localised security policies that enforce specific issues about the security expected. The systems are formally specified following a syntax......, defined in detail in this report, and their behaviour is clearly established by the Semantics, also defined in detail in this report. The systems include the formal attachment of security policies into their locations, whose intended interactions are trapped by the policies, aiming at taking access...... control decisions of the system, and the Semantics also takes care of this. Using the Semantics, a Labelled Transition System (LTS) can be induced for every particular system, and over this LTS some model checking tasks could be done. We identify how this LTS is indeed obtained, and propose an alternative...

  18. The Political Economy of Carbon Securities and Environmental Policy

    DEFF Research Database (Denmark)

    Polborn, Sarah

    The costs of the current suboptimal carbon abatement policy are likely in the range of 3 to 6 trillion 2005 US dollars. Using methods from the political economy of environmental policy, the paper develops a new carbon abatement policy instrument, carbon securities. A carbon security entitles its...... owner to a ?xed proportion of ex ante unknown total emissions. This creates an additional group of stakeholders on the side of the issue that has traditionally been underrepresented. The advantages over existing systems include an equilibrium carbon price closer to the social optimum, a more predictable...

  19. Family Economic Security Policies and Child and Family Health.

    Science.gov (United States)

    Spencer, Rachael A; Komro, Kelli A

    2017-03-01

    In this review, we examine the effects of family economic security policies (i.e., minimum wage, earned income tax credit, unemployment insurance, Temporary Assistance to Needy Families) on child and family health outcomes, summarize policy generosity across states in the USA, and discuss directions and possibilities for future research. This manuscript is an update to a review article that was published in 2014. Millions of Americans are affected by family economic security policies each year, many of whom are the most vulnerable in society. There is increasing evidence that these policies impact health outcomes and behaviors of adults and children. Further, research indicates that, overall, policies which are more restrictive are associated with poorer health behaviors and outcomes; however, the strength of the evidence differs across each of the four policies. There is significant diversity in state-level policies, and it is plausible that these policy variations are contributing to health disparities across and within states. Despite increasing evidence of the relationship between economic policies and health, there continues to be limited attention to this issue. State policy variations offer a valuable opportunity for scientists to conduct natural experiments and contribute to evidence linking social policy effects to family and child well-being. The mounting evidence will help to guide future research and policy making for evolving toward a more nurturing society for family and child health and well-being.

  20. Development and Analysis of Security Policies in Security Enhanced Android

    Science.gov (United States)

    2012-12-01

    by Tresys Technology [32]. The suite contains tools for SE policy creation, management, and analysis. Apol provides a graphical interface for...runs under a predefined platform user: system, nfc , radio, etc. The third and fourth checks simply deal with different user strings, with fixed...system user id to the system domain and their application directories to system_data_file. Similarly, applications under the nfc and radio user id

  1. Information Security Assessment of SMEs as Coursework -- Learning Information Security Management by Doing

    Science.gov (United States)

    Ilvonen, Ilona

    2013-01-01

    Information security management is an area with a lot of theoretical models. The models are designed to guide practitioners in prioritizing management resources in companies. Information security management education should address the gap between the academic ideals and practice. This paper introduces a teaching method that has been in use as…

  2. Elements of ESA's policy on space and security

    Science.gov (United States)

    Giannopapa, Christina; Adriaensen, Maarten; Antoni, Ntorina; Schrogl, Kai-Uwe

    2018-06-01

    In the past decade Europe has been facing rising security threats, ranging from climate change, migrations, nearby conflicts and crises, to terrorism. The demand to tackle these critical challenges is increasing in Member States. Space is already contributing, and could further contribute with already existing systems and future ones. The increasing need for security in Europe and for safety and security of Europe's space activities has led to a growing number of activities in ESA in various domains. It has also driven new and strengthened partnerships with security stakeholders in Europe. At the European level, ESA is collaborating closely with the main European institutions dealing with space security. In addition, as an organisation ESA has evolved to conduct security-related projects and programmes and to address the threats to its own activities, thereby securing the investments of the Member States. Over the past years the Agency has set up a comprehensive regulatory framework in order to be able to cope with security related requirements. Over the past years, ESA has increased its exchanges with its Member States. The paper presents main elements of the ESA's policy on space and security. It introduces the current European context for space and security, the European goals in this domain and the specific objectives to which the Agency intends to contribute. Space and security in the ESA context is set out under two components: a) security from space and b) security in space, including the security of ESA's own activities (corporate security and the security of ESA's space missions). Subsequently, ESA's activities are elaborated around these two pillars, composed of different activities conducted in the most appropriate frameworks and in coordination with the relevant stakeholders and shareholders.

  3. 75 FR 45154 - National Security Division; Agency Information Collection Activities:

    Science.gov (United States)

    2010-08-02

    ... DEPARTMENT OF JUSTICE [OMB Number 1124-0003] National Security Division; Agency Information...), National Security Division (NSD), will be submitting the following information collection request to the..., 10th & Constitution Avenue, NW., National Security Division, Counterespionage Section/Registration Unit...

  4. Latvian Security and Defense Policy within the Twenty-First Century Security Environment

    Directory of Open Access Journals (Sweden)

    Rublovskis Raimonds

    2014-12-01

    Full Text Available The aim of this paper is to analyze fundamental factors which form and profoundly shape security and defense policy of the Republic of Latvia. One can argue that historical background, geographical location, common institutional history within the former Soviet Union, the Russia factor, the relative smallness of the territory of state and the population, the ethnic composition of the population, the low density of the population and rather limited financial and manpower resources available for the defense of the Republic of Latvia are the key factors of influence on the state security and defense policy. The core principles of the security and defense policy of Latvia are the membership in powerful global military alliance of NATO and bilateral strategic partnership with the United States. However, security and defense cooperation among the three Baltic States as well as enhanced cooperation within the Baltic-Nordic framework is seen as an important supplementary factor for the increased security of the Republic of Latvia. Latvia has developed a sustainable legal and institutional framework in order to contribute to state security and defense; however, security challenges and significant changes within the global security environment of the twenty-first century will further challenge the ability of the Republic of Latvia to sustain its current legal framework, and more importantly, current institutional structure of Latvian security and defense architecture. Significant internal and external challenges will impact the fundamental pillars of Latvian security and defense policy, such as American strategic shift to the Pacific, and lack of political will to increase defense budgets in European part of NATO. It has to be clear that very independence, security and defense of the Republic of Latvia depend on the ability of NATO to remain an effective organization with timely and efficient decision-making, and the ability of the United States to remain

  5. Security for decentralized health information systems.

    Science.gov (United States)

    Bleumer, G

    1994-02-01

    Health care information systems must reflect at least two basic characteristics of the health care community: the increasing mobility of patients and the personal liability of everyone giving medical treatment. Open distributed information systems bear the potential to reflect these requirements. But the market for open information systems and operating systems hardly provides secure products today. This 'missing link' is approached by the prototype SECURE Talk that provides secure transmission and archiving of files on top of an existing operating system. Its services may be utilized by existing medical applications. SECURE Talk demonstrates secure communication utilizing only standard hardware. Its message is that cryptography (and in particular asymmetric cryptography) is practical for many medical applications even if implemented in software. All mechanisms are software implemented in order to be executable on standard-hardware. One can investigate more or less decentralized forms of public key management and the performance of many different cryptographic mechanisms. That of, e.g. hybrid encryption and decryption (RSA+DES-PCBC) is about 300 kbit/s. That of signing and verifying is approximately the same using RSA with a DES hash function. The internal speed, without disk accesses etc., is about 1.1 Mbit/s. (Apple Quadra 950 (MC 68040, 33 MHz, RAM: 20 MB, 80 ns. Length of RSA modulus is 512 bit).

  6. Developing a secured social networking site using information security awareness techniques

    Directory of Open Access Journals (Sweden)

    Julius O. Okesola

    2014-11-01

    Full Text Available Background: Ever since social network sites (SNS became a global phenomenon in almost every industry, security has become a major concern to many SNS stakeholders. Several security techniques have been invented towards addressing SNS security, but information security awareness (ISA remains a critical point. Whilst very few users have used social circles and applications because of a lack of users’ awareness, the majority have found it difficult to determine the basis of categorising friends in a meaningful way for privacy and security policies settings. This has confirmed that technical control is just part of the security solutions and not necessarily a total solution. Changing human behaviour on SNSs is essential; hence the need for a privately enhanced ISA SNS. Objective: This article presented sOcialistOnline – a newly developed SNS, duly secured and platform independent with various ISA techniques fully implemented. Method: Following a detailed literature review of the related works, the SNS was developed on the basis of Object Oriented Programming (OOP approach, using PhP as the coding language with the MySQL database engine at the back end. Result: This study addressed the SNS requirements of privacy, security and services, and attributed them as the basis of architectural design for sOcialistOnline. SNS users are more aware of potential risk and the possible consequences of unsecured behaviours. Conclusion: ISA is focussed on the users who are often the greatest security risk on SNSs, regardless of technical securities implemented. Therefore SNSs are required to incorporate effective ISA into their platform and ensure users are motivated to embrace it.

  7. Information security architecture an integrated approach to security in the organization

    CERN Document Server

    Killmeyer, Jan

    2000-01-01

    An information security architecture is made up of several components. Each component in the architecture focuses on establishing acceptable levels of control. These controls are then applied to the operating environment of an organization. Functionally, information security architecture combines technical, practical, and cost-effective solutions to provide an adequate and appropriate level of security.Information Security Architecture: An Integrated Approach to Security in the Organization details the five key components of an information security architecture. It provides C-level executives

  8. 76 FR 78009 - Information Collection; Implementation of Information Technology Security Provision

    Science.gov (United States)

    2011-12-15

    ...] Information Collection; Implementation of Information Technology Security Provision AGENCY: General Services... collection requirement regarding Implementation of Information Technology Security Provision. Public comments... Information Collection 3090- 0294, Implementation of Information Technology Security Provision, by any of the...

  9. 12 CFR 605.501 - Information Security Officer.

    Science.gov (United States)

    2010-01-01

    ... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by the...

  10. 32 CFR 2700.51 - Information Security Oversight Committee.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

  11. 14 CFR 1203.201 - Information security objectives.

    Science.gov (United States)

    2010-01-01

    ... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives of...

  12. Information security: where computer science, economics and psychology meet.

    Science.gov (United States)

    Anderson, Ross; Moore, Tyler

    2009-07-13

    Until ca. 2000, information security was seen as a technological discipline, based on computer science but with mathematics helping in the design of ciphers and protocols. That perspective started to change as researchers and practitioners realized the importance of economics. As distributed systems are increasingly composed of machines that belong to principals with divergent interests, incentives are becoming as important to dependability as technical design. A thriving new field of information security economics provides valuable insights not just into 'security' topics such as privacy, bugs, spam and phishing, but into more general areas of system dependability and policy. This research programme has recently started to interact with psychology. One thread is in response to phishing, the most rapidly growing form of online crime, in which fraudsters trick people into giving their credentials to bogus websites; a second is through the increasing importance of security usability; and a third comes through the psychology-and-economics tradition. The promise of this multidisciplinary research programme is a novel framework for analysing information security problems-one that is both principled and effective.

  13. 49 CFR 1548.19 - Security Directives and Information Circulars.

    Science.gov (United States)

    2010-10-01

    ... CARRIER SECURITY § 1548.19 Security Directives and Information Circulars. (a) TSA may issue an Information... aviation, TSA issues a Security Directive setting forth mandatory measures. (1) Each indirect air carrier... Security Directive that TSA issues to it, within the time prescribed in the Security Directive for...

  14. Secure Refactoring with Java Information Flow

    DEFF Research Database (Denmark)

    Helke, Steffen; Kammüunietd kller, Florian; Probst, Christian W.

    2016-01-01

    Refactoring means that a program is changed without changing its behaviour from an observer's point of view. Does the change of behaviour also imply that the security of the program is not affected by the changes? Using Myers and Liskov's distributed information flow control model DLM and its Java...

  15. A process framework for information security management

    Directory of Open Access Journals (Sweden)

    Knut Haufe

    2016-01-01

    Full Text Available Securing sensitive organizational data has become increasingly vital to organizations. An Information Security Management System (ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's information security. Key elements of the operation of an ISMS are ISMS processes. However, and in spite of its importance, an ISMS process framework with a description of ISMS processes and their interaction as well as the interaction with other management processes is not available in the literature. Cost benefit analysis of information security investments regarding single measures protecting information and ISMS processes are not in the focus of current research, mostly focused on economics. This article aims to fill this research gap by proposing such an ISMS process framework as the main contribution. Based on a set of agreed upon ISMS processes in existing standards like ISO 27000 series, COBIT and ITIL. Within the framework, identified processes are described and their interaction and interfaces are specified. This framework helps to focus on the operation of the ISMS, instead of focusing on measures and controls. By this, as a main finding, the systemic character of the ISMS consisting of processes and the perception of relevant roles of the ISMS is strengthened.

  16. Data Security Using Cryptographic Approach | Okoro | Information ...

    African Journals Online (AJOL)

    The need for data security in Information and Communications Technology (ICT) can not be overemphasized. In this paper, the use of symmetric and asymmetric key cryptographies to clearly achieve the required protection by means of prime number system and modular multiplicative inverse has been highlighted and ...

  17. Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

    Science.gov (United States)

    Kraemer, Sara; Carayon, Pascale

    2007-03-01

    This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

  18. National Security Implications of Global Warming Policy

    Science.gov (United States)

    2010-03-01

    Although numerous historical examples demonstrate how actual climate change has contributed to the rise and fall of powers, global warming , in and of...become convinced that global warming is universally bad and humans are the primary cause, political leaders may develop ill-advised policies restricting

  19. Securing the smart grid information exchange

    Energy Technology Data Exchange (ETDEWEB)

    Fries, Steffen; Falk, Rainer [Siemens AG, Corporate Technology, Muenchen (Germany)

    2012-07-01

    The smart grid is based on information exchange between various stakeholders using open communication technologies, to control the physical electric grid through the information grid. Protection against cyber attacks is essential to ensure a reliable operation of the smart grid. This challenge is addressed by various regulatory, standardization, and research activities. After giving an overview of the security demand of a smart grid, existing and appearing standardization activities are described. (orig.)

  20. Group Policy Fundamentals, Security, and the Managed Desktop

    CERN Document Server

    Moskowitz, Jeremy

    2010-01-01

    The ultimate Group Policy guide-now updated for Windows 7 and Server 2008 R2!. IT and network administrators can streamline their Windows Server management tasks by using Group Policy tools to automate or implement rules, processes, or new security across the enterprise. In this comprehensive guide, Microsoft Group Policy MVP Jeremy Moskowitz thoroughly explores Group Policy across all Windows platforms, including the latest on Windows 7 and Server 2008 R2. If you're a Windows network administrator managing scores of users and computers, you need this essential reference on your desk.: Covers

  1. Security Issues and Resulting Security Policies for Mobile Devices

    Science.gov (United States)

    2013-03-01

    session, he drafts one more email to his therapist complaining about stress prior to retiring for the night. The next day, when he wakes up and returns... telecommuters or a web server to make internal information available to employees are identified upfront in the requirements analysis. The results of

  2. Household Food Security Policy Analysis A System Dynamics Perspective

    Directory of Open Access Journals (Sweden)

    Isdore Paterson Guma

    2015-08-01

    Full Text Available Household food security FS is complex and requires multiple stakeholder intervention. Systemic approach aids stakeholders to understand the mechanisms and feedback between complexities in food security providing effective decision making as global resource consumption continues to grow. The study investigated food security challenges and a system dynamics model was developed for evaluating policies and intervention strategies for better livelihood at household level. Dynamic synthesis methodology questionnaires and interview guide were used to unearth food security challenges faced by households. A causal loop diagram was drawn. The model demonstrates a balance between food stock seeds preserved seeds for sale and consumption from crop harvest throughout the food cycles. This research makes contribution to the literature by evaluating dynamic synthesis methodology and FS policy discussions from a feedback point of view.

  3. Security Policy for a Generic Space Exploration Communication Network Architecture

    Science.gov (United States)

    Ivancic, William D.; Sheehe, Charles J.; Vaden, Karl R.

    2016-01-01

    This document is one of three. It describes various security mechanisms and a security policy profile for a generic space-based communication architecture. Two other documents accompany this document- an Operations Concept (OpsCon) and a communication architecture document. The OpsCon should be read first followed by the security policy profile described by this document and then the architecture document. The overall goal is to design a generic space exploration communication network architecture that is affordable, deployable, maintainable, securable, evolvable, reliable, and adaptable. The architecture should also require limited reconfiguration throughout system development and deployment. System deployment includes subsystem development in a factory setting, system integration in a laboratory setting, launch preparation, launch, and deployment and operation in space.

  4. Secure information transfer based on computing reservoir

    Energy Technology Data Exchange (ETDEWEB)

    Szmoski, R.M.; Ferrari, F.A.S. [Department of Physics, Universidade Estadual de Ponta Grossa, 84030-900, Ponta Grossa (Brazil); Pinto, S.E. de S, E-mail: desouzapinto@pq.cnpq.br [Department of Physics, Universidade Estadual de Ponta Grossa, 84030-900, Ponta Grossa (Brazil); Baptista, M.S. [Institute for Complex Systems and Mathematical Biology, SUPA, University of Aberdeen, Aberdeen (United Kingdom); Viana, R.L. [Department of Physics, Universidade Federal do Parana, 81531-990, Curitiba, Parana (Brazil)

    2013-04-01

    There is a broad area of research to ensure that information is transmitted securely. Within this scope, chaos-based cryptography takes a prominent role due to its nonlinear properties. Using these properties, we propose a secure mechanism for transmitting data that relies on chaotic networks. We use a nonlinear on–off device to cipher the message, and the transfer entropy to retrieve it. We analyze the system capability for sending messages, and we obtain expressions for the operating time. We demonstrate the system efficiency for a wide range of parameters. We find similarities between our method and the reservoir computing.

  5. Notification: Follow-up Review of EPA’s Classification of National Security Information

    Science.gov (United States)

    Project #OPE-FY15-0057, July 20, 2015. The EPA OIG plans to begin preliminary research on the OARM actions taken to improve policies and procedures related to the classification of national security information.

  6. Information Security Role Model for Staff of Banking Structures

    Directory of Open Access Journals (Sweden)

    A. O. Vybornov

    2012-12-01

    Full Text Available Categories roles of information security employees of the banking organization are defined. Functional roles are described. The relationship between functional roles, employees, functions and authority are defined. The role of information security employees of the banking organization for information security system and information security management system are described. Recommendations for the implementation phases of the selection and appointment of the functional roles and to control the selection and role assignment information security employees of the banking organization are stated.

  7. The Evolution of the European Security Policy

    Directory of Open Access Journals (Sweden)

    Vasilica Negrut

    2010-06-01

    Full Text Available The process of development of the European Union’s security dimension has known a spectacular evolution in the past years, passing from political consultation to establishing objectives, then commonactions and positions; at a practical level, the Petersburg measures, carried on initially by the Western European Union as an armed branch of the European Union, have been replaced by actions of implication ofthe Union in managing some conflicts. The Lisbon Treaty confirms the commitments of the member states and mentions the fact that the European Union will dispose of the necessary measures for the defense of its objectives and to contribute to world peace and stability.

  8. Climate policy, asymmetric information and firm survival

    International Nuclear Information System (INIS)

    Hagem, C.

    2001-02-01

    The purpose of this paper is to compare the effect of different domestic climate policy instruments under asymmetric information when the regulator wants to secure the survival of a specific firm. It is a well-known result from economic theory that emission taxes lead to a cost-effective distribution of abatement across polluters. However, if the regulator wants to ensure the survival of a specific firm, it may need to design policy instruments that reduce the firm's cost of complying with an emission tax regime. The climate policy instruments considered in this paper are tradable emission permits with distribution of free permits, emission taxes in combination with a fixed subsidy, and two types of voluntary agreements. It demonstrates first that if distributing free tradable permits shall have a preventing effect, the allocation of permits has to be made contingent on production. It further shows that a voluntary agreement where a specific abatement target is set by the regulator can prevent a shutdown but leads to lower welfare than the use of emission taxes in combination with a fixed subsidy. And finally it illustrates that a voluntary agreement designed as a menu of abatement contracts increases social welfare compared to an emission tax regime

  9. Information Security Risks on a University Campus

    Directory of Open Access Journals (Sweden)

    Amer A. Al-Rawas

    2002-06-01

    Full Text Available This paper is concerned with issues relating to security in the provision of information systems (IS services within a campus environment. It is based on experiences with a specific known environment; namely Sultan Qaboos University. In considering the risks and challenges that face us in the provision of IS services we need to consider a number of interwoven subject areas.  These are: the importance of information to campus communities, the types of information utilised, and the risk factors that relate to the provision of IS services. Based on our discussion of the risk factors identified within this paper, we make a number of recommendations for improving security within any environment that wishes to take the matter seriously. These recommendations are classified into three main groups: general, which are applicable to the entire institution; social, aimed at the work attitudes of staff and students; and technical, addressing the skills and technologies required.

  10. 78 FR 48076 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

    Science.gov (United States)

    2013-08-07

    ...-2011-0268] RIN 3150-AJ07 Facility Security Clearance and Safeguarding of National Security Information..., Classified National Security Information. The rule would allow licensees flexibility in determining the means... licensee security education and training programs and enhances the protection of classified information...

  11. 32 CFR 2103.51 - Information Security Oversight Committee.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

  12. 78 FR 7797 - Homeland Security Information Network Advisory Committee (HSINAC)

    Science.gov (United States)

    2013-02-04

    ... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2013-0005] Homeland Security Information Network... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSIN AC) will meet... received by the (Homeland Security Information Network Advisory Committee), go to http://www.regulations...

  13. 76 FR 67750 - Homeland Security Information Network Advisory Committee

    Science.gov (United States)

    2011-11-02

    ... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0107] Homeland Security Information Network... Information Network Advisory Committee. SUMMARY: The Secretary of Homeland Security has determined that the renewal of the Homeland Security Information Network Advisory Committee (HSINAC) is necessary and in the...

  14. Processing multilevel secure test and evaluation information

    Science.gov (United States)

    Hurlburt, George; Hildreth, Bradley; Acevedo, Teresa

    1994-07-01

    The Test and Evaluation Community Network (TECNET) is building a Multilevel Secure (MLS) system. This system features simultaneous access to classified and unclassified information and easy access through widely available communications channels. It provides the necessary separation of classification levels, assured through the use of trusted system design techniques, security assessments and evaluations. This system enables cleared T&E users to view and manipulate classified and unclassified information resources either using a single terminal interface or multiple windows in a graphical user interface. TECNET is in direct partnership with the National Security Agency (NSA) to develop and field the MLS TECNET capability in the near term. The centerpiece of this partnership is a state-of-the-art Concurrent Systems Security Engineering (CSSE) process. In developing the MLS TECNET capability, TECNET and NSA are providing members, with various expertise and diverse backgrounds, to participate in the CSSE process. The CSSE process is founded on the concepts of both Systems Engineering and Concurrent Engineering. Systems Engineering is an interdisciplinary approach to evolve and verify an integrated and life cycle balanced set of system product and process solutions that satisfy customer needs (ASD/ENS-MIL STD 499B 1992). Concurrent Engineering is design and development using the simultaneous, applied talents of a diverse group of people with the appropriate skills. Harnessing diverse talents to support CSSE requires active participation by team members in an environment that both respects and encourages diversity.

  15. Report: Information Security Series: Security Practices Safe Drinking Water Information System

    Science.gov (United States)

    Report #2006-P-00021, March 30, 2006. We found that the Office of Water (OW) substantially complied with many of the information security controls reviewed and had implemented practices to ensure production servers are monitored.

  16. Information Security – Guidance for Manually Completing the Information Security Awareness Training

    Science.gov (United States)

    The purpose of this guidance is to provide an alternative manual process for disseminating EPA Information Security Awareness Training (ISAT) materials and collecting results from EPA users who elect to complete the ISAT manually.

  17. Security Clearances and the Protection of National Security Information: Law and Procedures

    National Research Council Canada - National Science Library

    Cohen, Sheldon

    2000-01-01

    ... designed to protect National Security information. The report provides an authoritative compendium for lawyers, security officers and for managers of corporations who must deal with the legal and procedural aspects of security clearances...

  18. Novel approach to information security management of confidential ...

    African Journals Online (AJOL)

    Novel approach to information security management of confidential and propriety information ... Journal of Fundamental and Applied Sciences ... valuable information by using steganography it can have a major impact security management.

  19. 39 CFR 267.4 - Information security standards.

    Science.gov (United States)

    2010-07-01

    ... 39 Postal Service 1 2010-07-01 2010-07-01 false Information security standards. 267.4 Section 267... INFORMATION § 267.4 Information security standards. (a) The Postal Service will operate under a uniform set of information security standards which address the following functional aspects of information flow and...

  20. The effects of a social media policy on pharmacy students' facebook security settings.

    Science.gov (United States)

    Williams, Jennifer; Feild, Carinda; James, Kristina

    2011-11-10

    To examine how students entering a doctor of pharmacy (PharmD) program used Facebook privacy settings before and after the college's social media policy was presented to them. The Facebook profiles of all entering first-year pharmacy students across 4 campuses of a college of pharmacy were evaluated. Ten dichotomous variables of interest were viewed and recorded for each student's Facebook account at 3 time points: before the start of the semester, after presentation of the college's social media policy, and at the end of the semester. Data on whether a profile could be found and what portions of the profile were viewable also were collected. After introduction of the policy, a significant number of students increased their security settings (made information not visible to the public) related to Facebook walls, information pages, and links. Making pharmacy students aware of a college's social media policy had a positive impact on their behaviors regarding online security and privacy.

  1. 49 CFR 1544.305 - Security Directives and Information Circulars.

    Science.gov (United States)

    2010-10-01

    ... threat assessment or to a specific threat against civil aviation, TSA issues a Security Directive setting... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRCRAFT OPERATOR...

  2. Modern Quantum Technologies of Information Security

    OpenAIRE

    Korchenko, Oleksandr; Vasiliu, Yevhen; Gnatyuk, Sergiy

    2010-01-01

    In this paper, the systematisation and classification of modern quantum technologies of information security against cyber-terrorist attack are carried out. The characteristic of the basic directions of quantum cryptography from the viewpoint of the quantum technologies used is given. A qualitative analysis of the advantages and disadvantages of concrete quantum protocols is made. The current status of the problem of practical quantum cryptography use in telecommunication networks is consider...

  3. Features of modern security policy UK political parties

    Directory of Open Access Journals (Sweden)

    A. V. Stalovierova

    2015-12-01

    Full Text Available The security policy of the British coalition government of D. Cameron (2010-2015 is summarized; it’s been proved that political forces of Tory and Liberal Democrat should have compromised to carry out unanimous course in the scope of national security, and the problems of the security strategy on parliamentary elections in 2015 are analyzed, particularly the comparative analysis of the modern safety strategy of leading British parties is exercised. Under conditions of the appearance of new challenges and threats, transformation of international safety system, the questions of safety policy often become the object of attention of the British community and experts. The absence of cross-party consensus on most terms of safety strategy of the United Kingdom during the election campaign in 2015 makes the discussion about perspectives of the British safety policy still more urgent. During the election campaign there was no unity on any aspect of security subject between parties. First of all, Labourists, Liberal Democrats, Scottish National Party and Green Party made a statement about readiness to develop cooperation with the EU and the Conservatives and the UK Independence Party were on the side of the Eurosceptics. The opinions of the parties were also divided on military operations abroad, financing and force level. In terms of one-party government and presence of majority in the House of Commons, the Conservatives have opportunities to realize their own vision of British safety policy.

  4. Emergent information technologies and enabling policies for counter-terrorism

    CERN Document Server

    Popp, R

    2006-01-01

    Explores both counter-terrorism and enabling policy dimensions of emerging information technologies in national security After the September 11th attacks, "connecting the dots" has become the watchword for using information and intelligence to protect the United States from future terrorist attacks. Advanced and emerging information technologies offer key assets in confronting a secretive, asymmetric, and networked enemy. Yet, in a free and open society, policies must ensure that these powerful technologies are used responsibly, and that privacy and civil liberties remain protected. Emergent Information Technologies and Enabling Policies for Counter-Terrorism provides a unique, integrated treatment of cutting-edge counter-terrorism technologies and their corresponding policy options. Featuring contributions from nationally recognized authorities and experts, this book brings together a diverse knowledge base for those charged with protecting our nation from terrorist attacks while preserving our civil liberti...

  5. A Secure Information Framework with APRQ Properties

    Science.gov (United States)

    Rupa, Ch.

    2017-08-01

    Internet of the things is the most trending topics in the digital world. Security issues are rampant. In the corporate or institutional setting, security risks are apparent from the outset. Market leaders are unable to use the cryptographic techniques due to their complexities. Hence many bits of private information, including ID, are readily available for third parties to see and to utilize. There is a need to decrease the complexity and increase the robustness of the cryptographic approaches. In view of this, a new cryptographic technique as good encryption pact with adjacency, random prime number and quantum code properties has been proposed. Here, encryption can be done by using quantum photons with gray code. This approach uses the concepts of physics and mathematics with no external key exchange to improve the security of the data. It also reduces the key attacks by generation of a key at the party side instead of sharing. This method makes the security more robust than with the existing approach. Important properties of gray code and quantum are adjacency property and different photons to a single bit (0 or 1). These can reduce the avalanche effect. Cryptanalysis of the proposed method shows that it is resistant to various attacks and stronger than the existing approaches.

  6. Visa Security Policy: Roles of the Departments of State and Homeland Sec

    Science.gov (United States)

    2010-03-08

    report pursuant to S. Res.137., committee print, 81st Cong., 2nd sess., April 20, 1950. 11 8 U.S.C. 1104 . 12 8 U.S.C. 1201. Visa Security Policy...Biometric 2-print fingerprint system (IDENT); and Advanced Passenger Information System ( APIS ). They also have access to selected legacy- INS

  7. European Energy Policy and Its Effects on Gas Security

    Science.gov (United States)

    Radu, Victorita Stefana Anda

    The goal of this study is to examine the effects of the energy policies of the European Union (EU) on its gas security in the period 2006 to 2016. While energy security is often given a broad meaning, this paper focuses on its external dimension: the EU?s relations with external gas suppliers. It is grounded on four pillars drawing from the compounded institutionalist and liberal theoretical frameworks: regulatory state, rational-choice, external governance, and regime effectiveness. The research question was investigated through a qualitative methodology with two main components: a legislative analysis and four case studies representing the main gas supply options--Russia, North African exporting countries, Norway, and liquefied natural gas (LNG). They highlighted that the EU framed the need for gas security mainly in the context of political risks associated with Russian gas supply, but it almost never took into account other equally important risks. Moreover, the research revealed two main issues. First, that the deeper and the more numerous EU?s energy policies were, the bigger was the magnitude of the effect. Specifically, competitiveness and infrastructure policies had the largest magnitude, while the sustainability and security of supply policies had the smallest effect. Second, EU energy policies only partially diminished the economic and political risks in relation to foreign gas suppliers. To conclude, to a certain extent the EU?s efforts made a positive contribution to the external dimension of the EU?s gas security, but the distinguishing trait remains that there is no consistency in terms of the magnitude of the effect and its nature.

  8. Analysis of information security reliability: A tutorial

    International Nuclear Information System (INIS)

    Kondakci, Suleyman

    2015-01-01

    This article presents a concise reliability analysis of network security abstracted from stochastic modeling, reliability, and queuing theories. Network security analysis is composed of threats, their impacts, and recovery of the failed systems. A unique framework with a collection of the key reliability models is presented here to guide the determination of the system reliability based on the strength of malicious acts and performance of the recovery processes. A unique model, called Attack-obstacle model, is also proposed here for analyzing systems with immunity growth features. Most computer science curricula do not contain courses in reliability modeling applicable to different areas of computer engineering. Hence, the topic of reliability analysis is often too diffuse to most computer engineers and researchers dealing with network security. This work is thus aimed at shedding some light on this issue, which can be useful in identifying models, their assumptions and practical parameters for estimating the reliability of threatened systems and for assessing the performance of recovery facilities. It can also be useful for the classification of processes and states regarding the reliability of information systems. Systems with stochastic behaviors undergoing queue operations and random state transitions can also benefit from the approaches presented here. - Highlights: • A concise survey and tutorial in model-based reliability analysis applicable to information security. • A framework of key modeling approaches for assessing reliability of networked systems. • The framework facilitates quantitative risk assessment tasks guided by stochastic modeling and queuing theory. • Evaluation of approaches and models for modeling threats, failures, impacts, and recovery analysis of information systems

  9. 48 CFR 1339.107-70 - Information security.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

  10. 49 CFR 8.9 - Information Security Review Committee.

    Science.gov (United States)

    2010-10-01

    ... 49 Transportation 1 2010-10-01 2010-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review Committee...

  11. Disaster at a University: A Case Study in Information Security

    Science.gov (United States)

    Ayyagari, Ramakrishna; Tyks, Jonathan

    2012-01-01

    Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small…

  12. Secure medical information sharing in cloud computing.

    Science.gov (United States)

    Shao, Zhiyi; Yang, Bo; Zhang, Wenzheng; Zhao, Yi; Wu, Zhenqiang; Miao, Meixia

    2015-01-01

    Medical information sharing is one of the most attractive applications of cloud computing, where searchable encryption is a fascinating solution for securely and conveniently sharing medical data among different medical organizers. However, almost all previous works are designed in symmetric key encryption environment. The only works in public key encryption do not support keyword trapdoor security, have long ciphertext related to the number of receivers, do not support receiver revocation without re-encrypting, and do not preserve the membership of receivers. In this paper, we propose a searchable encryption supporting multiple receivers for medical information sharing based on bilinear maps in public key encryption environment. In the proposed protocol, data owner stores only one copy of his encrypted file and its corresponding encrypted keywords on cloud for multiple designated receivers. The keyword ciphertext is significantly shorter and its length is constant without relation to the number of designated receivers, i.e., for n receivers the ciphertext length is only twice the element length in the group. Only the owner knows that with whom his data is shared, and the access to his data is still under control after having been put on the cloud. We formally prove the security of keyword ciphertext based on the intractability of Bilinear Diffie-Hellman problem and the keyword trapdoor based on Decisional Diffie-Hellman problem.

  13. Automated Information Security Will Not Improve until Effectively Supported by IRM.

    Science.gov (United States)

    Chick, Morey J.

    1989-01-01

    The first of two articles on the nature of the growing problem of automated information systems security, especially in the federal government, this article presents a brief history of the problem and describes the need for integrating security activities into overall policies and programs to help reduce system vulnerabilities and risks. (23…

  14. Trends in Research on the Security of Medical Information in Korea: Focused on Information Privacy Security in Hospitals.

    Science.gov (United States)

    Kim, Yong-Woon; Cho, Namin; Jang, Hye-Jung

    2018-01-01

    Information technology involves a risk of privacy violation in providing easy access to confidential information,such as personal information and medical information through the Internet. In this study, we investigated medical information security to gain a better understanding of trends in research related to medical information security. We researched papers published on '의료정보' and 'medical information' in various Korean journals during a 10-year period from 2005 to 2015. We also analyzed these journal papers for each fiscal year; these papers were categorized into the areas of literature research and empirical research, and were further subdivided according to themes and subjects. It was confirmed that 48 papers were submitted to 35 academic journals. There were 33 (68.8%) literature review articles, and analysis of secondary data was not carried out at all. In terms of empirical research, 8 (16.7%) surveys and 7 (14.6%) program developments were studied. As a result of analyzing these papers according to the research theme by research method, 17 (35.4%) papers on laws, systems, and policies were the most numerous. It was found that among the literature research papers on medical personnel were the most common, and among the empirical research papers, research on experts in information protection and medical personnel were the most common. We suggest that further research should be done in terms of social perception, human resource development, and technology development to improve risk management in medical information systems.

  15. The Faroe Islands’ Security Policy in a Process of Devolution

    Directory of Open Access Journals (Sweden)

    Beinta í Jákobsstovu

    2012-12-01

    Full Text Available Since the late 1990s there has been a remarkable change in the institutional context of safety and security policies for the Faroes. The end of the Cold War led to a reduction in the strategic importance of, and military presence in, the islands. However, today Faroese sea and air space is increasingly exposed to heavy civilian traffic due to expected oil production as well as new sailing routes from the High North. The Faroese government is in a process, nearly completed, of taking over the full responsibility for societal security policy, a field it used to share with the Danish state authorities. In April 2002, the Faroese authorities took over the responsibility for SAR in Faroese sea territory and established a MRCC Center in Tórshavn. A new civic security law was passed by Løgtingið (the parliament in May 2012. This article discusses micro-states’ options in the international arena; provides a brief overview of the history of Faroese security policy; and discusses the present and future challenges involved in assuring protection and rescue services for the Faroese region of the North Atlantic.

  16. The French nuclear policy. A model for security policy in North-East Asia

    International Nuclear Information System (INIS)

    Choe, K.

    1998-01-01

    Between the end of the second world war and the collapse of the Berlin wall, the French diplomacy was based on the nuclear policy in a solid and coherent way. This nuclear policy was an 'incarnation' of the national security conception, allowing France to recover its political, military and economical rank on the international scene. The most important characteristic of the French nuclear policy concerns the commercialization of the nuclear energy which aims to ensuring the national security through the building up of a financial, technological and political 'reserve'. In front of the domination of the USA and USSR during the cold war era, NE Asia had a similar geostrategic configuration as Western Europe. It concerns in particular the massive application of nuclear energy for both military and industrial purposes. The bases of the security policy in this region refers to the real use of the nuclear weapon by the USA against Japan in 1945. The French nuclear policy may be considered as a model for the building of the security policy of NE Asia, in particular through the commercialization of the nuclear technology between the countries in concern. This nuclear approach would allow the countries of these region to change their present day national defense policy into an economical and military cooperation. (J.S.)

  17. International Security, Development, and Human Rights: Policy Conversion or Conflict?

    Directory of Open Access Journals (Sweden)

    Miao-ling Lin Hasenkamp

    2012-04-01

    Full Text Available This article uses an institutional network governance approach to explore the overlapping dimension of the policy fields between security, development, and human rights, reflected in the US and German provincial reconstruction teams (PRTs in Afghanistan. The past two decades have witnessed a gradually changing paradigm in academic and policy debates regarding the questions of the normative basis of world order and possibilities for tackling imminent threats to security and peace (i.e. intra-state armed conflicts, failed states, terrorism, poverty, and deepening inequality. The introduction of concepts such as “human security” and “the right to humanitarian intervention/responsibility to protect (R2P” as well as critical examinations of peace-, nation-, and state-building missions (PNSB have led to a relativist tendency of state sovereignty and a changing attitude regarding how to address the intersection of security, development, and human rights. Despite this shift, the policy commitments to integrating these policy considerations remain puzzling. How have they been redefined, conceptualized, and put into practice? I argue that an integrated conceptual approach has facilitated the redefinition of common policy goals, principles, and the mobilization of resources. At the same time, civil and military cooperation, as demonstrated in the multifunctional work of PRTs, has been Janus-headed—permanently caught in an ongoing tension between the war on terror and short-term stability operation on the one hand and long-term durable peace and development on the other. The misunderstanding of its interim character, the dynamics of Afghan environment, the blurring of policy lines, and the differences between national PRT models have made it difficult to systematically assess the efficiency and legitimacy of each policy frame and program.

  18. Information Security Governance: When Compliance Becomes More Important than Security

    OpenAIRE

    Tan , Terence C. C.; Ruighaver , Anthonie B.; Ahmad , Atif

    2010-01-01

    International audience; Current security governance is often based on a centralized decision making model and still uses an ineffective 20th century risk management approach to security. This approach is relatively simple to manage since it needs almost no security governance below the top enterprise level where most decisions are made. However, while there is a role for more corporate governance, new regulations, and improved codes of best practice to address current weak organizational secu...

  19. BASES OF PUBLIC POLICY FORMATION DIRECTED AT ENSURING BUDGET SECURITY

    Directory of Open Access Journals (Sweden)

    S. Onishchenko

    2015-03-01

    Full Text Available In the article the priorities and public policies that can improve the safety level of the budget of Ukraine have been grounded. Attention on the problems of imbalance and deficiency trends accumulation of public debt has been focused. The detailed analysis of the budget deficit of the European community to further research the main problems of fiscal security has been carried out. The formation of the concept of budget policy should include long-term and medium-term priorities of the state priorities areas have been concluded. Budget policy on public debt must deal with interrelated issues of debt bondage and effective use of public credit, promote economic growth with respect safe level and structure of public debt have been emphasized by author. Debt policy as part of fiscal policy under certain conditions can be a powerful tool to intensify investment and innovation processes in society, promote economic and social development. The reorientation of fiscal policy to address current problems through debt and use it as the basis of investment and innovation development provides an effective public debt management is designed to reduce state budget expenditures on its servicing and repayment, optimizing the scope and structure of debt according to economic growth. The role of debt policy in modern terms increases is clearly subordinate to and consistent with long-term goals and priorities of fiscal policy. There is an urgent development and implementation of effective mechanisms for investing borrowed resources, increasing the efficiency of public investment, including the improvement of organizational, financial, legal and controls. Strategically budget security guarantees only competitive economy, which can be constructed only by recovery and accelerated development of promising sectors of the national economy in the presence of a balanced budget policy. Now there is a tendency to implement only measures to stabilize the political and socio

  20. 78 FR 69286 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

    Science.gov (United States)

    2013-11-19

    ... Clearance and Safeguarding of National Security Information and Restricted Data AGENCY: Nuclear Regulatory... Executive Order 13526, Classified National Security Information. In addition, this direct final rule allowed... licensees (or their designees) to conduct classified [[Page 69287

  1. Engineering Principles for Information Technology Security (A Baseline for Achieving Security)

    National Research Council Canada - National Science Library

    Stoneburner, Gary

    2001-01-01

    The purpose of the Engineering Principles for Information Technology (IT) Security (HP-ITS) is to present a list of system-level security principles to he considered in the design, development, and operation of an information system...

  2. National Security and the Right to Information in Europe

    DEFF Research Database (Denmark)

    Jacobsen, Amanda Lynn

    2013-01-01

    Full text available at: http://cast.ku.dk/pdf/National_Security_and_the_Right_to_Information.pdf/......Full text available at: http://cast.ku.dk/pdf/National_Security_and_the_Right_to_Information.pdf/...

  3. Executive Guide: Information Security Management. Learning From Leading Organizations

    National Research Council Canada - National Science Library

    1998-01-01

    ... on. Deficiencies in federal information security are a growing concern. In a February 1997 series of reports to the Congress, GAO designated information security as a governmentwide high-risk area...

  4. Protecting the Privacy and Security of Your Health Information

    Science.gov (United States)

    ... can be used and shared with others. The Security Rule sets rules for how your health information must be kept secure with administrative, technical, and physical safeguards. You may have additional protections and health information rights under your State's laws. ...

  5. Sensitive Security Information and Transportation Security: Issues and Congressional Options

    National Research Council Canada - National Science Library

    Sollenberger, Mitchel A

    2004-01-01

    .... TSA's application of the SSI regulations has, however, resulted in some controversies over airport security procedures, employee accountability, passenger screening, and airport secrecy agreements...

  6. Data survivability vs. security in information systems

    International Nuclear Information System (INIS)

    Levitin, Gregory; Hausken, Kjell; Taboada, Heidi A.; Coit, David W.

    2012-01-01

    A multiple objective problem formulation and solution methodology is presented to select optimal information and data storage configurations considering both data survivability and data security, as well as cost. This paper considers a situation where the information is divided into several separately stored blocks in order to mitigate the risk of unauthorized access or theft. The information can be used only if all of the blocks are accessed. To impede the information theft, the defender prefers to maximize the number of blocks. On the other hand the destruction of any block destroys the integrity of information and makes it impossible to use. To impede the information destruction, the defender prefers to maximize the number of parallel (reserve) copies of each block, regardless how many blocks in series there are. Given the set of available information storage resources, the defender must consider a multi-objective optimization problem to determine how many blocks and their copies to create, and how to distribute them among available resources in order to minimize information vulnerability, insecurity, and storage cost. Non-dominated solutions to this problem are determined using a multiple objective genetic algorithm (MOGA). This methodology is demonstrated with two general examples.

  7. A Framework for Adaptive Information Security Systems : A Holistic Investigation

    OpenAIRE

    Mwakalinga, Jeffy

    2011-01-01

    This research proposes a framework for adaptive information security systems that considers both the technical and social aspects of information systems security. Initial development of information systems security focused on computer technology and communication protocols. Researchers and designers did not consider culture, traditions, ethics, and other social issues of the people using the systems when designing and developing information security systems. They also seemed to ignore environ...

  8. CRISP. Information Security Models and Their Economics

    International Nuclear Information System (INIS)

    Gustavsson, R.; Mellstrand, P.; Tornqvist, B.

    2005-03-01

    The deliverable D1.6 includes background material and specifications of a CRISP Framework on protection of information assets related to power net management and management of business operations related to energy services. During the project it was discovered by the CRISP consortium that the original description of WP 1.6 was not adequate for the project as such. The main insight was that the original emphasis on cost-benefit analysis of security protection measures was to early to address in the project. This issue is of course crucial in itself but requires new models of consequence analysis that still remains to be developed, especially for the new business models we are investigated in the CRISP project. The updated and approved version of the WP1.6 description, together with the also updated WP2.4 focus on Dependable ICT support of Power Grid Operations constitutes an integrated approach towards dependable and secure future utilities and their business processes. This document (D1.6) is a background to deliverable D2.4. Together they provide a dependability and security framework to the three CRISP experiments in WP3

  9. Credibility of Policy Announcements Under Asymmetric Information

    DEFF Research Database (Denmark)

    Christensen, Michael

    1999-01-01

    In a simple macro-economic model, where the monetary authorities process superior information about a real shocks, the scope for an active stabilization policy is shown to depend on the credibility of the policy maker. Lack of credibility increases the need for an active stabilization policy...

  10. Controls Mitigating the Risk of Confidential Information Disclosure by Facebook: Essential Concern in Auditing Information Security

    Directory of Open Access Journals (Sweden)

    Ivan Ognyanov Kuyumdzhiev

    2014-08-01

    Full Text Available Facebook allows people to easily share information about themselves which in some cases could be classified as confidential or sensitive in the organisation they’re working for. In this paper we discuss the type of data stored by Facebook and the scope of the terms “confidential” and “sensitive data”. The intersection of these areas shows that there is high possibility for confidential data disclosure in organisations with none or ineffective security policy. This paper proposes a strategy for managing the risks of information leakage. We define five levels of controls against posting non-public data on Facebook - security policy, applications installed on employees’ workstations, specific router software or firmware, software in the cloud, Facebook itself. Advantages and disadvantages of every level are evaluated. As a result we propose developing of new control integrated in the social media.

  11. Beyond the Poverty of National Security: Toward a Critical Human Security Perspective in Educational Policy

    Science.gov (United States)

    Means, Alexander J.

    2014-01-01

    This article examines the intersecting logics of human capital and national security underpinning the corporate school reform movement in the United States. Taking a 2012 policy report by the Council on Foreign Relations as an entry point, it suggests that these logics are incoherent not only on their own narrow instrumental terms, but also more…

  12. Academic Information Security Researchers: Hackers or Specialists?

    Science.gov (United States)

    Dadkhah, Mehdi; Lagzian, Mohammad; Borchardt, Glenn

    2018-04-01

    In this opinion piece, we present a synopsis of our findings from the last 2 years concerning cyber-attacks on web-based academia. We also present some of problems that we have faced and try to resolve any misunderstandings about our work. We are academic information security specialists, not hackers. Finally, we present a brief overview of our methods for detecting cyber fraud in an attempt to present general guidelines for researchers who would like to continue our work. We believe that our work is necessary for protecting the integrity of scholarly publishing against emerging cybercrime.

  13. Practical Methods for Information Security Risk Management

    Directory of Open Access Journals (Sweden)

    Cristian AMANCEI

    2011-01-01

    Full Text Available The purpose of this paper is to present some directions to perform the risk man-agement for information security. The article follows to practical methods through question-naire that asses the internal control, and through evaluation based on existing controls as part of vulnerability assessment. The methods presented contains all the key elements that concurs in risk management, through the elements proposed for evaluation questionnaire, list of threats, resource classification and evaluation, correlation between risks and controls and residual risk computation.

  14. Examining the Relationship between Organization Systems and Information Security Awareness

    Science.gov (United States)

    Tintamusik, Yanarong

    2010-01-01

    The focus of this dissertation was to examine the crucial relationship between organization systems within the framework of the organizational behavior theory and information security awareness (ISA) of users within the framework of the information security theory. Despite advanced security technologies designed to protect information assets,…

  15. 41 CFR 105-53.133 - Information Security Oversight Office.

    Science.gov (United States)

    2010-07-01

    ... 41 Public Contracts and Property Management 3 2010-07-01 2010-07-01 false Information Security... FUNCTIONS Central Offices § 105-53.133 Information Security Oversight Office. (a) Creation and authority. The Information Security Oversight Office (ISOO), headed by the Director of ISOO, who is appointed by...

  16. 76 FR 5232 - Small Business Information Security Task Force

    Science.gov (United States)

    2011-01-28

    ... SMALL BUSINESS ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small... publish meeting minutes for the Small Business Information Security Task Force Meeting. DATES: 1 p.m... 2009, SBA submits the meeting minutes for the third meeting of the Small Business Information Security...

  17. 75 FR 77934 - Small Business Information Security Task Force

    Science.gov (United States)

    2010-12-14

    ... SMALL BUSINESS ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small... publish meeting minutes for the Small Business Information Security Task Force Meeting. DATES: 1 p.m... 2009, SBA submits the meeting minutes for the second meeting of the Small Business Information Security...

  18. 75 FR 70764 - Small Business Information Security Task Force

    Science.gov (United States)

    2010-11-18

    ... SMALL BUSINESS ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small... publish meeting minutes for the Small Business Information Security Task Force Meeting. DATES: 1 p.m... 2009, SBA submits the meeting minutes for the first meeting of the Small Business Information Security...

  19. 76 FR 11307 - Small Business Information Security Task Force

    Science.gov (United States)

    2011-03-01

    ... SMALL BUSINESS ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small... publish meeting minutes for the Small Business Information Security Task Force Meeting. DATES: 1 p.m... 2009, SBA submits the meeting minutes for the third meeting of the Small Business Information Security...

  20. 39 CFR 267.5 - National Security Information.

    Science.gov (United States)

    2010-07-01

    ... 39 Postal Service 1 2010-07-01 2010-07-01 false National Security Information. 267.5 Section 267.5... § 267.5 National Security Information. (a) Purpose and scope. The purpose of this section is to provide regulations implementing Executive Order 12356 National Security Information (hereinafter referred to as the...

  1. Exploring Factors that Influence Students' Behaviors in Information Security

    Science.gov (United States)

    Yoon, Cheolho; Hwang, Jae-Won; Kim, Rosemary

    2012-01-01

    Due to the ever-increasing use of the Internet, information security has become a critical issue in society. This is especially the case for young adults who have different attitudes towards information security practices. In this research, we examine factors that motivate college students' information security behaviors. Based on the concept of…

  2. Assessing Information Security Strategies, Tactics, Logic and Framework

    CERN Document Server

    Vladimirov, Andrew; Michajlowski, Andriej

    2010-01-01

    This book deals with the philosophy, strategy and tactics of soliciting, managing and conducting information security audits of all flavours. It will give readers the founding principles around information security assessments and why they are important, whilst providing a fluid framework for developing an astute 'information security mind' capable of rapid adaptation to evolving technologies, markets, regulations, and laws.

  3. Information Security for Business: the Necessity of Reputational Risk Management

    Directory of Open Access Journals (Sweden)

    Vitaly Eduardovich Dorokhov

    2015-06-01

    Full Text Available The article presents the analysis of actual information security problems in commercial segment. The main directions in regulations of the Russian Federation connected with information security assurance are defined. The results indicate the insufficiency of legal regulation in prevention of reputational losses due to information security incidents

  4. The Innovative Activity of Enterprises in the Context of Providing Information Security

    Directory of Open Access Journals (Sweden)

    Sazonets Olga M.

    2015-03-01

    Full Text Available The aim of the article is to study the peculiarities of the innovative activity in the context of providing the enterprise information security. By analyzing, systematizing and summarizing the scientific works of many scientists the essence of the concept of «information security» has been considered and components of the innovation development process from the standpoint of providing information security have been identified. The article discusses issues of providing information security on the basis of introducing innovations, which will allow achieving a state in which there would be realized a sustainable, protected from threats, development of the enterprise. It has been proved that the formation of the innovative enterprise policy should include measures to ensure information security. As a result of the study the types of threats to the enterprise information security have been identified. It has been determined that the innovation process in the field of information security is provided by means of research, administrative, industrial, technological and commercial activities leading to the emergence and commercialization of innovations. The prospect for further research in this area is determining a system of indicators for forecasting the integral innovation indicator of economic information security. The system of indicators for diagnostics of the enterprise information security level enables monitoring the indicators of the state of the enterprise innovation and information activity in order to prevent the emergence of threats.

  5. Information Security Intelligence as a Basis for Modern Information Security Management

    Directory of Open Access Journals (Sweden)

    Natalia Georgievna Miloslavskaya

    2013-12-01

    Full Text Available There is a transfer from the simple Log Management Systems and SIEM systems to those supporting Information Security Intelligence (ISI. ISIe as Business Intelligence enables companies to make more informed business decisions through more effective processing of great volumes of available information concerning their IT infrastructure. The relevance of such a transition is defined. The main goal and advantage of ISI are highlighted. The basic functionality of computer-based systems for ISI are determined.

  6. Information Security Intelligence as a Basis for Modern Information Security Management

    OpenAIRE

    Natalia Georgievna Miloslavskaya; Aleksandr Ivanovich Tolstoy

    2013-01-01

    There is a transfer from the simple Log Management Systems and SIEM systems to those supporting Information Security Intelligence (ISI). ISIe as Business Intelligence enables companies to make more informed business decisions through more effective processing of great volumes of available information concerning their IT infrastructure. The relevance of such a transition is defined. The main goal and advantage of ISI are highlighted. The basic functionality of computer-based systems for ISI ar...

  7. A Methodology and Toolkit for Deploying Reliable Security Policies in Critical Infrastructures

    Directory of Open Access Journals (Sweden)

    Faouzi Jaïdi

    2018-01-01

    Full Text Available Substantial advances in Information and Communication Technologies (ICT bring out novel concepts, solutions, trends, and challenges to integrate intelligent and autonomous systems in critical infrastructures. A new generation of ICT environments (such as smart cities, Internet of Things, edge-fog-social-cloud computing, and big data analytics is emerging; it has different applications to critical domains (such as transportation, communication, finance, commerce, and healthcare and different interconnections via multiple layers of public and private networks, forming a grid of critical cyberphysical infrastructures. Protecting sensitive and private data and services in critical infrastructures is, at the same time, a main objective and a great challenge for deploying secure systems. It essentially requires setting up trusted security policies. Unfortunately, security solutions should remain compliant and regularly updated to follow and track the evolution of security threats. To address this issue, we propose an advanced methodology for deploying and monitoring the compliance of trusted access control policies. Our proposal extends the traditional life cycle of access control policies with pertinent activities. It integrates formal and semiformal techniques allowing the specification, the verification, the implementation, the reverse-engineering, the validation, the risk assessment, and the optimization of access control policies. To automate and facilitate the practice of our methodology, we introduce our system SVIRVRO that allows managing the extended life cycle of access control policies. We refer to an illustrative example to highlight the relevance of our contributions.

  8. Security Policies from a Spatial Perspective: the Case of Honduras

    Directory of Open Access Journals (Sweden)

    Lirio del Carmen Gutiérrez Rivera

    2014-06-01

    Full Text Available Public insecurity became a central issue for many Hondurans in the late 1990s, as crime, delinquency and homicide increased significantly in the isthmus. Honduras had the second highest homicide rate (35.1 per 100,000 in the region after El Salvador (50.2. per 100,000 . This social violence triggered insecurity and fear, which was further accompanied by the overall perception that the state was unable of relieving or protecting the population. This article looks at the failed attempts of the Honduran state to stop social violence and to control youth gang expansion by focusing on the security policies Cero Tolerancia (Zero Tolerance, Mano Dura (Iron Fist and the Ley Antimaras (Anti-Gang Law. It understands security policies as territorial strategies that attempt to reduce social violence and impose control.

  9. A View of Food Security through A Policy Coherent Lens

    DEFF Research Database (Denmark)

    Robertson, Aileen

    2014-01-01

    Member States “Food and nutrition security exists when all people at all times have physical, social and economic access to food, which is safe and consumed in sufficient quantity and quality to meet their dietary needs and food preferences, and is supported by an environment of adequate sanitation...... by increasing availability, affordability and consumption of biodiverse, safe, nutritious foods aligned with dietary recommendations and environmental sustainability.  Given that the number of chronically undernourished (stunted) could double over next 15 years, the Post-2015 Agenda and its Poverty Reduction......The term “food and nutrition security” reflects the multisector collaboration needed between those working with food security and nutrition security. The term expresses an integrated development goal to help guide implementation of policy and cost-effective programmatic action: As agreed by FAO...

  10. SECURITY AWARENESS – MAJOR PIECE IN THE PUZZLE OF INFORMATION SECURITY

    OpenAIRE

    MARIUS PETRESCU; NICOLETA SÎRBU; ANCA-GABRIELA PETRESCU; MIOARA BRABOVEANU

    2011-01-01

    Information security has come to be recognized as increasingly important because global communication and information systems allow a potentially large number of unauthorized users to access and possibly alter information from around the world. As the dependence on information systems grows, so the security of information networks becomes ever more critical to any entity, no matter if it is a company or a public institution. Information security involves both technology and people. Any securi...

  11. E-learning stakeholders information security vulnerability model

    OpenAIRE

    Mohd Alwi, Najwa Hayaati

    2012-01-01

    The motivation to conduct this research has come from awareness that the Internet exposes the e-learning environment to information security threats and vulnerabilities. Information security management as practised as a top down approach in many organisations tend to detach of people’s responsibility in ensuring the security of e-learning. Literature has pointed out that people’s behaviour required to be addressed to control the information security threats. This research proposes an ISM huma...

  12. Army Secure Operating System: Information Security for Real Time Systems

    National Research Council Canada - National Science Library

    Anderson, Eric

    1984-01-01

    The Army Secure Operating System (ASOS) project, under the management of the U.S. Army CECOM organization, will provide real time systems software necessary for fielding modern Battlefield Automation Systems...

  13. Efficient Attribute-Based Secure Data Sharing with Hidden Policies and Traceability in Mobile Health Networks

    Directory of Open Access Journals (Sweden)

    Changhee Hahn

    2016-01-01

    Full Text Available Mobile health (also written as mHealth provisions the practice of public health supported by mobile devices. mHealth systems let patients and healthcare providers collect and share sensitive information, such as electronic and personal health records (EHRs at any time, allowing more rapid convergence to optimal treatment. Key to achieving this is securely sharing data by providing enhanced access control and reliability. Typically, such sharing follows policies that depend on patient and physician preferences defined by a set of attributes. In mHealth systems, not only the data but also the policies for sharing it may be sensitive since they directly contain sensitive information which can reveal the underlying data protected by the policy. Also, since the policies usually incur linearly increasing communication costs, mHealth is inapplicable to resource-constrained environments. Lastly, access privileges may be publicly known to users, so a malicious user could illegally share his access privileges without the risk of being traced. In this paper, we propose an efficient attribute-based secure data sharing scheme in mHealth. The proposed scheme guarantees a hidden policy, constant-sized ciphertexts, and traces, with security analyses. The computation cost to the user is reduced by delegating approximately 50% of the decryption operations to the more powerful storage systems.

  14. WRR-Policy Brief 6 : Big data and security policies: serving security, protecting freedom

    NARCIS (Netherlands)

    Broeders, Dennis; Schrijvers, Erik; Hirsch Ballin, Ernst

    2017-01-01

    Big Data analytics in national security, law enforcement and the fight against fraud can reap great benefits for states, citizens and society but require extra safeguards to protect citizens’ fundamental rights. This requires new frameworks: a crucial shift is necessary from regulating the phase of

  15. The information security of children: Self-regulatory approaches.

    Directory of Open Access Journals (Sweden)

    Vartanova E.L.

    2014-09-01

    Full Text Available The 21st century has been characterized by tremendous changes in mass-media systems. The rapid growth of the Internet, inspired by the progress of communication technologies and digitalization, has resulted in the rise of new interactive media. Developments contributing to the scope and speed of media production and distribution have drawn particular attention to the information security of audiences – in particular, to protecting children from content that might be harmful and not appropriate for their age. Unlike adults, who are accustomed to living in an information-rich society, children cannot understand and filter content. Digital media, with their profound effects on a young audience, definitely affect children’s psychology and emotions. Recognizing this development, the most economically advanced countries have elaborated specific media policies to ensure that children receive the advantages of new media and simultaneously are kept safe from harmful content. These policies, aimed at traditional media (press and analogue broadcasting, have been based on legal approaches, but in digital reality laws do not always produce the same desired effects because the law-making process often does not keep up with technological change. Governments, therefore, have to share their responsibilities with the nongovernmental – private business and civil– sectors. Even countries with strong government influence over public life, such as Singapore, are working toward a co-regulated and self-regulated mass-media industry. Many foreign countries, including those in Western Europe, North America, and Asia, already have experience with these policies. The article reviews practices in the field of media aimed at guaranteeing children’s information security and at opposing harmful content. It points to key aspects of the regulation of market-driven media content in different countries.

  16. Information security architecture an integrated approach to security in the organization

    CERN Document Server

    Killmeyer, Jan

    2006-01-01

    Information Security Architecture, Second Edition incorporates the knowledge developed during the past decade that has pushed the information security life cycle from infancy to a more mature, understandable, and manageable state. It simplifies security by providing clear and organized methods and by guiding you to the most effective resources available.

  17. Cyber-crime Science = Crime Science + Information Security

    NARCIS (Netherlands)

    Hartel, Pieter H.; Junger, Marianne; Wieringa, Roelf J.

    2010-01-01

    Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality,

  18. Effect of Organizational Factors on Information Security Implementations

    Science.gov (United States)

    Perez, Rafael G.

    2013-01-01

    The purpose of this quantitative inferential study is to determine the level of correlation between the organizational factors of information security awareness, balanced security processes, and organizational structure with the size of the estimation gap of information security implementations mediated by the end user intentionality. The study…

  19. Institutionalization of Information Security: Case of the Indonesian Banking Sector

    Science.gov (United States)

    Nasution, Muhamad Faisal Fariduddin Attar

    2012-01-01

    This study focuses on the institutionalization of information security in the banking sector. This study is important to pursue since it explicates the internalization of information security governance and practices and how such internalization develops an organizational resistance towards security breach. The study argues that information…

  20. The chief information security officer insights, tools and survival skills

    CERN Document Server

    Kouns, Barry

    2011-01-01

    Chief Information Security Officers are bombarded with huge challenges every day, from recommending security applications to strategic thinking and business innovation. This guide describes the hard and soft skills that a successful CISO requires: not just a good knowledge of information security, but also attributes such as flexibility and communication skills.

  1. Information Security Behavioral Model: Towards Employees' Knowledge and Attitude

    OpenAIRE

    Mishra, Saurabh; Snehlata, Snehlata; Srivastava, Anjali

    2014-01-01

    Information Security has become a significant concern for today's organizations. The internal security threats acts as the most curtail type of security threat within an organization. These internal security threats are a result of poor conduct of security behavior by the employees within an organization. If not deal properly, it may hamper the auditing of organization. Auditing plays an important role in the business environment. Before conducting auditing it is essential to examine the beha...

  2. Information security knowledge sharing in organizations : Investigating the effect of behavioral information security governance and national culture

    OpenAIRE

    Rocha Flores, Waldo; Antonsen, Egil; Ekstedt, Mathias

    2014-01-01

    This paper presents an empirical investigation on what behavioral information security governance factors drives the establishment of information security knowledge sharing in organizations. Data was collected from organizations located in different geographic regions of the world, and the amount of data collected from two countries – namely, USA and Sweden – allowed us to investigate if the effect of behavioral information security governance factors on the establishment of security knowledg...

  3. Library and Archival Security: Policies and Procedures To Protect Holdings from Theft and Damage.

    Science.gov (United States)

    Trinkaus-Randall, Gregor

    1998-01-01

    Firm policies and procedures that address the environment, patron/staff behavior, general attitude, and care and handling of materials need to be at the core of the library/archival security program. Discussion includes evaluating a repository's security needs, collections security, security in non-public areas, security in the reading room,…

  4. China's Quest for Energy; Impact upon Foreign and Security Policy

    International Nuclear Information System (INIS)

    Kiesow, Ingolf

    2004-11-01

    Contrary to Chinese intentions, the proportion of China's imports coming from potentially unstable countries is steadily increasing. As a response, China tries to diversify its sources of import and to own the oil when loaded in an export harbour. In spite of very high costs and political problems, China tries to import oil and gas from owned fields in Central Asia through pipelines. In the case of China, the competition is evident on the highest international level. Especially with Japan, this tends to make already previously sensitive relations deteriorate. China has territorial disputes with several neighbouring countries that are becoming more complicated by the fact that there is oil and gas on the bottom of the sea in the disputed area. Relations with Russia have been complicated. Since the 1990s they are on their way of being steadily improved, but they become strained, when Japan is given priority access to oil fields in Siberia. The sensitive relations with the U.S. tend to be impaired by China's ways of getting access to more secure supply of oil and gas. Chinese efforts to get a more attractive foreign policy profile is on the other hand alleviating but does not eliminate the potential of the energy issue to complicate. China's foreign and security policy relations. The European Union seems to be on its way to introduce energy questions as a field of common policy. This is a reason for Sweden to study the development. It is a matter of special interest that China has proposed an 'Energy Dialogue between Asia and Europe' about the resources and the Eurasian continent. The Chinese example illustrates the need for a Swedish energy security policy and plans for energy crisis preparedness

  5. Federal Information Security: Actions Needed to Address Widespread Weaknesses

    National Research Council Canada - National Science Library

    Brock, Jack

    2000-01-01

    I am pleased to be here today to discuss federal information security. Our recent audit findings in this area present a disturbing picture of the state of computer security practices at individual agencies...

  6. Business Information Exchange System with Security, Privacy, and Anonymity

    Directory of Open Access Journals (Sweden)

    Sead Muftic

    2016-01-01

    Full Text Available Business Information Exchange is an Internet Secure Portal for secure management, distribution, sharing, and use of business e-mails, documents, and messages. It has three applications supporting three major types of information exchange systems: secure e-mail, secure instant messaging, and secure sharing of business documents. In addition to standard security services for e-mail letters, which are also applied to instant messages and documents, the system provides innovative features of privacy and full anonymity of users and their locations, actions, transactions, and exchanged resources. In this paper we describe design, implementation, and use of the system.

  7. Exploring Information Security and Shared Encrypted Spaces in Libraries

    Directory of Open Access Journals (Sweden)

    Keith Engwall

    2015-07-01

    Full Text Available Libraries are sensitive to the need to protect patron data, but may not take measures to protect the data of the library. However, in an increasingly collaborative online environment, the protection of data is a concern that merits attention. As a follow-up to a new patron privacy policy, the Oakland University William Beaumont Medical Library evaluated information security tools for use in day-to-day operations in an attempt to identify ways to protect private information in communication and shared storage, as well as a means to manage passwords in a collaborative team environment. This article provides an overview of encryption measures, outlines the Medical Library’s evaluation of encryption tools, and reflects on the benefits and challenges in their adoption and use.

  8. An Information Security Control Assessment Methodology for Organizations

    Science.gov (United States)

    Otero, Angel R.

    2014-01-01

    In an era where use and dependence of information systems is significantly high, the threat of incidents related to information security that could jeopardize the information held by organizations is more and more serious. Alarming facts within the literature point to inadequacies in information security practices, particularly the evaluation of…

  9. Three Modes of Thinking and Policy Orientation of Cultural Security

    Institute of Scientific and Technical Information of China (English)

    LIU Yuejin; Wang Xuege

    2016-01-01

    Three types of relations are entangled nowadays in dealing with issues conceming national cultural security on both the theoretical and practical levels:(1) the relation between one's own culture and that of other ethnic groups;(2) the relation between advanced and underdeveloped parts of culture;(3) the relation between one's ethnic culture and so-called foreign advanced culture as related to the previous two.Accordingly,three modes of thinking are likely adopted in handling issues concerning national cultural security:to antagonize one's own culture with that of other ethnic groups,that is,taking the "me or you" attitude;to dualize cultures as the "advanced" and the "underdeveloped",that is,believing things to be good if not bad,or vice versa;and to assert that the ethnic are the advanced,that is,taking the "only-megood" stance.It is a very demanding job to maintain national culture and to pursue cultural development at the same time.Only when cultures are grouped into those without distinction between the advanced and the underdeveloped and those with such distinction can the relation between the ethnic and the advanced be properly handled.With the former,it is essential to maintain the ethnicity of one's own culture before the cultural security is safeguarded.With the latter,however,the pursuit of advanced cultures and the advocacy of the advanced part of a particular culture is a key to ensuring and safeguarding the national cultural security.Hence,it is important to enhance the public awareness of cultural security,and more essentially for the government to offer scientifically appropriate orientation towards cultural security and to frame related policies.

  10. Modelling operations and security of cloud systems using Z-notation and Chinese Wall security policy

    Science.gov (United States)

    Basu, Srijita; Sengupta, Anirban; Mazumdar, Chandan

    2016-11-01

    Enterprises are increasingly using cloud computing for hosting their applications. Availability of fast Internet and cheap bandwidth are causing greater number of people to use cloud-based services. This has the advantage of lower cost and minimum maintenance. However, ensuring security of user data and proper management of cloud infrastructure remain major areas of concern. Existing techniques are either too complex, or fail to properly represent the actual cloud scenario. This article presents a formal cloud model using the constructs of Z-notation. Principles of the Chinese Wall security policy have been applied to design secure cloud-specific operations. The proposed methodology will enable users to safely host their services, as well as process sensitive data, on cloud.

  11. Cyber Security Policy. A methodology for Determining a National Cyber-Security Alert Level

    Directory of Open Access Journals (Sweden)

    Dan Constantin TOFAN

    2012-01-01

    Full Text Available Nowadays, assuring the security of the national cyber-space has become a big issue that can only be tackled through collaborative approaches. Threats cannot be confined to a single computer system just as much as computer systems are rendered useless without being con-nected to a supporting network. The authors of this article propose an innovative architecture of a system designated to help governments collect and analyze data about cyber-security in-cidents, from different organizations, dispersed nationwide, and acting within various economic sectors. The collected data will make us able to determine a national cyber-security alert score that could help policy makers in establishing the best strategies for protecting the national cyber-space.

  12. The application of artificial intelligence within information security.

    OpenAIRE

    2012-01-01

    D.Phil. Computer-based information systems will probably always have to contend with security issues. Much research have already gone into the field of information security. These research results have yielded some very sophisticated and effective security mechanisms and procedures. However, due to the ever increasing sophistication of criminals, combined with the ever changing and evolving information technology environment, some limitations still exist within the field of information sec...

  13. Identifying the Enemy: Social Categorization and National Security Policy

    Science.gov (United States)

    Unsworth, Kristene

    2010-01-01

    This dissertation seeks to understand the interplay between informal articulations of social categories and formal instantiations of those categories in official language. Specifically, it explores the process of social categorization as it is used to identify threats to national security. The research employed a qualitative, document-based,…

  14. Embedding security messages in existing processes: a pragmatic and effective approach to information security culture change

    CERN Document Server

    Lopienski, Sebastian

    Companies and organizations world-wide depend more and more on IT infrastructure and operations. Computer systems store vital information and sensitive data; computing services are essential for main business processes. This high dependency comes with a number of security risks, which have to be managed correctly on technological, organizational and human levels. Addressing the human aspects of information security often boils down just to procedures, training and awareness raising. On the other hand, employees and collaborators do not adopt security attitude and habits simply when told to do so – a real change in behaviour requires an established security culture. But how to introduce a security culture? This thesis outlines the need of developing or improving security culture, and discusses how this can be done. The proposed approach is to gradually build security knowledge and awareness, and influence behaviours. The way to achieve this is to make security communication pervasive by embedding security me...

  15. Cyber security awareness toolkit for national security: An approach to South Africa’s cybersecurity policy implementation

    CSIR Research Space (South Africa)

    Phahlamohlaka, LJ

    2011-05-01

    Full Text Available The aim of this paper is to propose an approach that South Africa could follow in implementing its proposed Cyber security policy. The paper proposes a Cyber Security Awareness Toolkit that is underpinned by key National Security imperatives as well...

  16. THE FOREIGN AND SECURITY POLICIES OF THE EUROPEAN UNION

    Directory of Open Access Journals (Sweden)

    Anand Menon

    2003-09-01

    Full Text Available In only a decade the European Union has moved from being a new kid on the block in terms of foreign and security policies to being a high profile and surprisingly effective international actor. Certainly, it has failed to match the ambitions of some of its most enthusiastic proponents. Certainly, too, European publics know next to nothing about what the Union does in the international realm. It is because of this that, despite their potential and their effectiveness to date, EU policies in this sphere were widely derided as failures following the moment when the attacks of 11 September 2001 shook the western world to its core. The Convention on the Future of Europe and subsequent intergovernmental conference look set to make significant institutional changes to the Union’s foreign and security policy systems. In undertaking these reforms, Convention members, and national governments are doubtless motivated by the laudable objective of enabling the Union to do more on the international stage. One can only hope that these motives notwithstanding, they do not simply propose reforms for their own sake and, in the process, undermine a system that, to the surprise of many, has continued to function respectably in an ever more complex and ever more dangerous world.

  17. Dynamic reconfiguration of security policies in wireless sensor networks.

    Science.gov (United States)

    Pinto, Mónica; Gámez, Nadia; Fuentes, Lidia; Amor, Mercedes; Horcas, José Miguel; Ayala, Inmaculada

    2015-03-04

    Providing security and privacy to wireless sensor nodes (WSNs) is very challenging, due to the heterogeneity of sensor nodes and their limited capabilities in terms of energy, processing power and memory. The applications for these systems run in a myriad of sensors with different low-level programming abstractions, limited capabilities and different routing protocols. This means that applications for WSNs need mechanisms for self-adaptation and for self-protection based on the dynamic adaptation of the algorithms used to provide security. Dynamic software product lines (DSPLs) allow managing both variability and dynamic software adaptation, so they can be considered a key technology in successfully developing self-protected WSN applications. In this paper, we propose a self-protection solution for WSNs based on the combination of the INTER-TRUST security framework (a solution for the dynamic negotiation and deployment of security policies) and the FamiWare middleware (a DSPL approach to automatically configure and reconfigure instances of a middleware for WSNs).We evaluate our approach using a case study from the intelligent transportation system domain.

  18. Dynamic Reconfiguration of Security Policies in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Mónica Pinto

    2015-03-01

    Full Text Available Providing security and privacy to wireless sensor nodes (WSNs is very challenging, due to the heterogeneity of sensor nodes and their limited capabilities in terms of energy, processing power and memory. The applications for these systems run in a myriad of sensors with different low-level programming abstractions, limited capabilities and different routing protocols. This means that applications for WSNs need mechanisms for self-adaptation and for self-protection based on the dynamic adaptation of the algorithms used to provide security. Dynamic software product lines (DSPLs allow managing both variability and dynamic software adaptation, so they can be considered a key technology in successfully developing self-protected WSN applications. In this paper, we propose a self-protection solution for WSNs based on the combination of the INTER-TRUST security framework (a solution for the dynamic negotiation and deployment of security policies and the FamiWare middleware (a DSPL approach to automatically configure and reconfigure instances of a middleware for WSNs.We evaluate our approach using a case study from the intelligent transportation system domain.

  19. Information Security in the 1990s: Keeping the Locks on.

    Science.gov (United States)

    Kovac, Ron J.

    1999-01-01

    As the Internet proliferates, it drastically increases an institution's level of data insecurity. Hacker attacks can result in denial of service, data corruption or erasure, and passive theft (via spoofing, splicing, or session stealing). To ensure data security, a firewall (screening software program) and a security policy should be implemented.…

  20. Security leader insights for information protection lessons and strategies from leading security professionals

    CERN Document Server

    Fahy, Bob

    2014-01-01

    How do you, as a busy security executive or manager, stay current with evolving issues, familiarize yourself with the successful practices of your peers, and transfer this information to build a knowledgeable, skilled workforce the times now demand? With Security Leader Insights for Information Protection, a collection of timeless leadership best practices featuring insights from some of the nation's most successful security practitioners, you can. This book can be used as a quick and effective resource to bring your security staff up to speed on security's role in information protection. I

  1. Considerations on the selection and prioritization of information security solutions

    Directory of Open Access Journals (Sweden)

    Maria Cristina RĂDULESCU

    2016-05-01

    Full Text Available This paper provides a set of guidelines that can be used for prescribing a methodology or a detailed process for selecting and prioritizing security projects or solutions. It is based on the idea that costs of security solutions should be justified by their contribution to ensuring adequate protection of information resources in the organization which implements them. The article reviews general issues of security risks and costs, arguing the need for explicit consideration of information resources security requirements in order to validate decisions concerning security projects implementation. In such an approach, security requirements of information resources are used as a reference system to quantify the benefits and limitations of security solutions defined as alternative or complementary responses to certain security risks as their implementation faces budget constraints.

  2. Debating food security policy in two different ideational settings

    DEFF Research Database (Denmark)

    Farsund, Arild Aurvåg; Daugbjerg, Carsten

    2017-01-01

    in Australia and Norway is compared. In Australia, agricultural normalism (agricultural markets and production are considered to be similar to those of other economic sectors) has been dominant since the mid-1980s, while Norwegian agricultural policy making has been dominated by agricultural exceptionalism...... (agriculture is considered a unique economic sector with special market and production conditions). It is demonstrated in the article how these two opposing institutionalised ideational foundations have influenced the nature of the food security debate in the two countries. In Australia, the debate emphasises...... the positive role of the market and trade in providing global food security. In Norway, the debate highlights the need to regulate market forces and restrict trade in order to allow countries to develop their own agricultural sectors....

  3. U.S. energy security: problems and policies

    Energy Technology Data Exchange (ETDEWEB)

    Toman, M.A

    2002-12-15

    The reemergence of concern about energy security in the wake of the September 2001 terror attacks amplified a theme that was already present in U.S. energy policy debates. Energy security was a central theme in the Bush administration energy policy report released by Vice President Cheney in the spring of 2001. World oil prices rose from about 10 dollar a barrel in 1998 to more than 30 dollar a barrel in late 2000. Prices trended down through most of 2001 to below 20 dollar a barrel, although the combined effect of improving economic conditions, OPEC supply cuts, and Middle East conflict (both actual and potential) have recently brought prices back into the dollar 25 per barrel neighborhood. In 2000 the United States imported almost 60 percent of the petroleum it consumed; imports from the Organization of Petroleum Exporting Countries (OPEC) made up about a quarter of total U.S. consumption. In previous energy security debates in the U.S., most of the attention has been on international oil markets and geopolitics. This time, even before September 11, the energy security debate had a much larger domestic component. The 2001 ''electricity market meltdown'' in California raised large concerns there and nationwide about the causes and consequences of electricity shortages and price volatility. The concerns run so deep that they are likely to have a significant effect on the ongoing debate about restructuring of the power sector though the nature of that effect remains to be determined. Similarly, periods of sharply rising motor fuels prices over the past few years increases well beyond what would be implied just by crude oil price volatility have led to concerns about the effects on households and commerce. All of these concerns are only amplified by worries about attacks on critical energy infrastructure. (author)

  4. U.S. energy security: problems and policies

    International Nuclear Information System (INIS)

    Toman, M.A.

    2002-12-01

    The reemergence of concern about energy security in the wake of the September 2001 terror attacks amplified a theme that was already present in U.S. energy policy debates. Energy security was a central theme in the Bush administration energy policy report released by Vice President Cheney in the spring of 2001. World oil prices rose from about 10 dollar a barrel in 1998 to more than 30 dollar a barrel in late 2000. Prices trended down through most of 2001 to below 20 dollar a barrel, although the combined effect of improving economic conditions, OPEC supply cuts, and Middle East conflict (both actual and potential) have recently brought prices back into the dollar 25 per barrel neighborhood. In 2000 the United States imported almost 60 percent of the petroleum it consumed; imports from the Organization of Petroleum Exporting Countries (OPEC) made up about a quarter of total U.S. consumption. In previous energy security debates in the U.S., most of the attention has been on international oil markets and geopolitics. This time, even before September 11, the energy security debate had a much larger domestic component. The 2001 ''electricity market meltdown'' in California raised large concerns there and nationwide about the causes and consequences of electricity shortages and price volatility. The concerns run so deep that they are likely to have a significant effect on the ongoing debate about restructuring of the power sector though the nature of that effect remains to be determined. Similarly, periods of sharply rising motor fuels prices over the past few years increases well beyond what would be implied just by crude oil price volatility have led to concerns about the effects on households and commerce. All of these concerns are only amplified by worries about attacks on critical energy infrastructure. (author)

  5. Freedom of Information Act (FOIA) Policy

    Science.gov (United States)

    This policy establishes EPA requirements for complying with the Freedom of Information Act (FOIA) as amended, EPA FOIA regulations, and guidance issued by the U. S. Department of Justice and the National Archives and Records Administration.

  6. Energy policy seesaw between security and protecting the environment

    International Nuclear Information System (INIS)

    Finon, D.

    1994-01-01

    It is just the price of oil that causes the energy policies of importing countries to vacillate. Changing perceptions of energy supply factors has had as much to do with transfiguring government action modes since 1973 as has the idea of the legitimacy of that action. The present paper thus draws a parallel between the goal of energy security twenty years ago and that of global environmental protection today, which explains the critical reversion to a view of minimum government action in the energy field - a view that marked the eighties. (author). 20 refs

  7. Science and Security Policy: The Case of Advanced Pathogens

    International Nuclear Information System (INIS)

    Harris, E. D.

    2007-01-01

    The revolution in biotechnology presents unprecedented opportunities and dangers for the health and well being of mankind. Today, one can plausibly imagine the eradication of many historic diseases. One can also envisage the creation of new diseases that would endanger a substantial proportion of the entire human species. As powerful applications for biotechnology research are identified, appropriate arrangements for managing their extraordinary consequences will inevitably become necessary. This presentation will explore recent efforts to balance science and security policy in the area of advanced biotechnology research. Key developments on the dual-use issue will be discussed, together with a variety of governance options aimed at mitigating the risk from such research. (author)

  8. Leadership From the Centre: A New Foreign and Security Policy for Germany

    Science.gov (United States)

    2016-03-01

    collection of information is estimated to average 1 hour per response, including the time for reviewing instruction, searching existing data sources...the form of new partnerships, for a commitment that in a globalised world no longer has any geographical limits: No nation—whatever its size— to...German security and defense policy debates. D. RESEARCH DESIGN AND METHODOLOGY This thesis will source mainly scholarly works and news articles with

  9. Do Economic Theories Inform Policy?

    DEFF Research Database (Denmark)

    Bartalevich, Dzmitry

    that address EU antitrust rules and EU merger control. The second article is exploratory; it narrows the focus on EU merger control and employs descriptive network analysis to investigate the overall composition of mergers cleared by the Commission during the period 2004– 2015 and attempts to reinforce...... the results of the analysis in the first article. The third article expands on the findings of the first and second articles and employs inferential network analysis with exponential random graph models to analyze, on the basis of Commission merger cases cleared during the period 2004–2015, whether...... the Harvard School, the Freiburg School, and considerations for Single Market integration underpin EU merger control, in addition to the influence of the Chicago School. The analysis presented in the articles suggests that the Chicago School has exerted considerable influence over EU competition policy...

  10. Information security of power enterprises of North-Arctic region

    Science.gov (United States)

    Sushko, O. P.

    2018-05-01

    The role of information technologies in providing technological security for energy enterprises is a component of the economic security for the northern Arctic region in general. Applying instruments and methods of information protection modelling of the energy enterprises' business process in the northern Arctic region (such as Arkhenergo and Komienergo), the authors analysed and identified most frequent risks of information security. With the analytic hierarchy process based on weighting factor estimations, information risks of energy enterprises' technological processes were ranked. The economic estimation of the information security within an energy enterprise considers weighting factor-adjusted variables (risks). Investments in information security systems of energy enterprises in the northern Arctic region are related to necessary security elements installation; current operating expenses on business process protection systems become materialized economic damage.

  11. The Distributional Impact of Social Security Policy Options.

    Science.gov (United States)

    Couch, Kenneth A; Reznik, Gayle L; Tamborini, Christopher R; Iams, Howard M

    2017-01-01

    Using microsimulation, we estimate the effects of three policy proposals that would alter Social Security's eligibility rules or benefit structure to reflect changes in women's labor force activity, marital patterns, and differential mortality among the aged. First, we estimate a set of options related to the duration of marriage required to receive divorced spouse and survivor benefits. Second, we estimate the effects of an earnings sharing proposal with survivor benefits, in which benefits are based entirely on earned benefits with spouses sharing their earnings during years of marriage. Third, we estimate the effects of adjusting benefits to reflect the increasing differential life expectancy by lifetime earnings. The results advance our understanding of the distributional effects of these alternative policy options on projected benefits and retirement income, including poverty and supplemental poverty status, of divorced and widowed women aged 60 or older in 2030.

  12. Management of organizations in Serbia from the aspect of the maturity analysis of information security

    Directory of Open Access Journals (Sweden)

    Trivan Dragan

    2016-01-01

    Full Text Available The aim of this work is focused on research of information security in organizations, with a focus on cybersecurity. In accordance with the theoretical analysis, the subject of the empirical part of the work is the analysis of information security in Serbia, in order to better understand the information security programs and management structures in organizations in Serbia. The survey covers a variety of industries and discusses how organizations assess, develop, create and support their programs to ensure information security. The survey included 53 companies. The results that were obtained enabled us to select five core elements of the program on the state of information security and cybersecurity in Serbian companies: most companies had not been exposed to cybersecurity incidents; in most companies policy, procedures and spheres of responsibility for information security exist, there are not enough controls to ensure compliance with relevant safety standards by third parties, top management and end-users are insufficiently familiar with cybersecurity risks, although they apply basic measures of protection, safety protection systems are very rare. The scientific goal of this work is to, on the basis of the results obtained, make conclusions that can contribute to the study of corporate information security with special emphasis on cybersecurity. The practical aim of the research is the application of the results for more efficient implementation process of security against cyber attacks in the Serbian organizations.

  13. Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    2006-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most

  14. Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    2007-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most

  15. Specifying Information Security Needs for the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. We propose to explicitly link security requirements with the organizations' business vision, i.e. to provide business rationale for security requirements. The rationale is then

  16. 36 CFR 1256.46 - National security-classified information.

    Science.gov (United States)

    2010-07-01

    ... 36 Parks, Forests, and Public Property 3 2010-07-01 2010-07-01 false National security-classified... Restrictions § 1256.46 National security-classified information. In accordance with 5 U.S.C. 552(b)(1), NARA... properly classified under the provisions of the pertinent Executive Order on Classified National Security...

  17. 78 FR 71631 - Committee Name: Homeland Security Information Network Advisory Committee (HSINAC)

    Science.gov (United States)

    2013-11-29

    ... DEPARTMENT OF HOMELAND SECURITY [DHS-2013-0037] Committee Name: Homeland Security Information.... SUMMARY: The Homeland Security Information Network Advisory Council (HSINAC) will meet December 17, 2013... , Phone: 202-343-4212. SUPPLEMENTARY INFORMATION: The Homeland Security Information Network Advisory...

  18. Information security management system planning for CBRN facilities

    International Nuclear Information System (INIS)

    Lenaeu, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

    2015-01-01

    The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

  19. 48 CFR 2452.239-71 - Information Technology Virus Security.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor hereby...

  20. Information security management system planning for CBRN facilities

    Energy Technology Data Exchange (ETDEWEB)

    Lenaeu, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)

    2015-12-01

    The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

  1. Information frictions and monetary policy

    Czech Academy of Sciences Publication Activity Database

    Matějka, Filip

    2012-01-01

    Roč. 6, č. 1 (2012), s. 7-24 ISSN 1802-792X Institutional support: RVO:67985998 Keywords : nominal rigidity * information frictions * monetary economics Subject RIV: AH - Economics http://www.vsfs.cz/periodika/acta-2012-01.pdf

  2. Department of Energy security program needs effective information systems

    International Nuclear Information System (INIS)

    1991-10-01

    Although security is an important, nearly billion-dollar-a-year function in the Department of Energy (DOE), key information systems that hold important data about security weaknesses and incidents have limited analytical capabilities and contain unreliable information. The resultant difficulty in identifying patterns and trends reduces managers' ability to ensure the effectiveness of the security program. Resources are also wasted because DOE has deployed incompatible systems that are unable to electronically share or transfer data, often forcing employees to manually re-enter data that are already stored in computers elsewhere. Finally, continuing data problems with other important security information systems, such as those used to track security clearances and classified documents, indicate that information system deficiencies are extensive. A major reason for these problems is that DOE has not done a comprehensive, strategic assessment of its information and information technology needs of the security program. DOE's efforts are fragmented because it has not assigned to any organization the leadership responsibility to determine security information needs and to plan and manage security information resources Department-wide. This paper reports that a number of changes are needed to correct these problems and take advantage of information technology to help strengthen the security program

  3. Information security system quality assessment through the intelligent tools

    Science.gov (United States)

    Trapeznikov, E. V.

    2018-04-01

    The technology development has shown the automated system information security comprehensive analysis necessity. The subject area analysis indicates the study relevance. The research objective is to develop the information security system quality assessment methodology based on the intelligent tools. The basis of the methodology is the information security assessment model in the information system through the neural network. The paper presents the security assessment model, its algorithm. The methodology practical implementation results in the form of the software flow diagram are represented. The practical significance of the model being developed is noted in conclusions.

  4. EFFICIENCY INDICATORS INFORMATION MANAGEMENT IN INTEGRATED SECURITY SYSTEMS

    Directory of Open Access Journals (Sweden)

    N. S. Rodionova

    2014-01-01

    Full Text Available Summary. Introduction of information technology to improve the efficiency of security activity leads to the need to consider a number of negative factors associated with in consequence of the use of these technologies as a key element of modern security systems. One of the most notable factor is the exposure to information processes in protection systems security threats. This largely relates to integrated security systems (ISS is the system of protection with the highest level of informatization security functions. Significant damage to protected objects that they could potentially incur as a result of abnormal operation ISS, puts a very actual problem of assessing factors that reduce the efficiency of the ISS to justify the ways and methods to improve it. Because of the nature of threats and blocking distortion of information in the ISS of interest are: the volume undistorted ISF working environment, as a characteristic of data integrity; time access to information as a feature of its availability. This in turn leads to the need to use these parameters as the performance characteristics of information processes in the ISS - the completeness and timeliness of information processing. The article proposes performance indicators of information processes in integrated security systems in terms of optimal control procedures to protect information from unauthorized access. Set the considered parameters allows to conduct comprehensive security analysis of integrated security systems, and to provide recommendations to improve the management of information security procedures in them.

  5. Information security governance simplified from the boardroom to the keyboard

    CERN Document Server

    Fitzgerald, Todd

    2011-01-01

    Security practitioners must be able to build cost-effective security programs while also complying with government regulations. Information Security Governance Simplified: From the Boardroom to the Keyboard lays out these regulations in simple terms and explains how to use control frameworks to build an air-tight information security (IS) program and governance structure. Defining the leadership skills required by IS officers, the book examines the pros and cons of different reporting structures and highlights the various control frameworks available. It details the functions of the security d

  6. Towards Information Security Metrics Framework for Cloud Computing

    OpenAIRE

    Muhammad Imran Tariq

    2012-01-01

    Cloud computing has recently emerged as new computing paradigm which basically aims to provide customized, reliable, dynamic services over the internet.  Cost and security are influential issues to deploy cloud computing in large enterprise.  Privacy and security are very important issues in terms of user trust and legal compliance. Information Security (IS) metrics are best tool used to measure the efficiency, performance, effectiveness and impact of the security constraints. It is very hard...

  7. Promoting Economic Security through Information Technology ...

    African Journals Online (AJOL)

    The problem of economic insecurity is a global threat to national security. In Nigeria today, we have witness a lot of national security issues that risks the continued existence of the country as one indivisible political entity with many calling for disintegration. Hitherto, many terrorist networks have sprang up in many parts of ...

  8. Secure Broadcasting with Uncertain Channel State Information

    KAUST Repository

    Hyadi, Amal

    2016-01-06

    We investigate the problem of secure broadcasting over fast fading channels with imperfect main channel state information (CSI) at the transmitter. In particular, we analyze the effect of the noisy estimation of the main CSI on the throughput of a broadcast channel where the transmission is intended for multiple legitimate receivers in the presence of an eavesdropper. Besides, we consider the realistic case where the transmitter is only aware of the statistics of the eavesdropper s CSI and not of its channel s realizations. First, we discuss the common message transmission case where the source broadcasts the same information to all the receivers, and we provide an upper and a lower bounds on the ergodic secrecy capacity. For this case, we show that the secrecy rate is limited by the legitimate receiver having, on average, the worst main channel link and we prove that a non-zero secrecy rate can still be achieved even when the CSI at the transmitter is noisy. Then, we look at the independent messages case where the transmitter broadcasts multiple messages to the receivers, and each intended user is interested in an independent message. For this case, we present an expression for the achievable secrecy sum-rate and an upper bound on the secrecy sum-capacity and we show that, in the limit of large number of legitimate receivers K, our achievable secrecy sum-rate follows the scaling law log((1-a ) log(K)), where is the estimation error variance of the main CSI. The special cases of high SNR, perfect and no-main CSI are also analyzed. Analytical derivations and numerical results are presented to illustrate the obtained expressions for the case of independent and identically distributed Rayleigh fading channels.

  9. Secure Broadcasting with Uncertain Channel State Information

    KAUST Repository

    Hyadi, Amal

    2017-03-13

    We investigate the problem of secure broadcasting over fast fading channels with imperfect main channel state information (CSI) at the transmitter. In particular, we analyze the effect of the noisy estimation of the main CSI on the throughput of a broadcast channel where the transmission is intended for multiple legitimate receivers in the presence of an eavesdropper. Besides, we consider the realistic case where the transmitter is only aware of the statistics of the eavesdropper\\'s CSI and not of its channel\\'s realizations. First, we discuss the common message transmission case where the source broadcasts the same information to all the receivers, and we provide an upper and a lower bounds on the ergodic secrecy capacity. For this case, we show that the secrecy rate is limited by the legitimate receiver having, on average, the worst main channel link and we prove that a non-zero secrecy rate can still be achieved even when the CSI at the transmitter is noisy. Then, we look at the independent messages case where the transmitter broadcasts multiple messages to the receivers, and each intended user is interested in an independent message. For this case, we present an expression for the achievable secrecy sum-rate and an upper bound on the secrecy sum-capacity and we show that, in the limit of large number of legitimate receivers K, our achievable secrecy sum-rate follows the scaling law log((1-a ) log(K)), where is the estimation error variance of the main CSI. The special cases of high SNR, perfect and no-main CSI are also analyzed. Analytical derivations and numerical results are presented to illustrate the obtained expressions for the case of independent and identically distributed Rayleigh fading channels.

  10. Cyber-Security Issues in Healthcare Information Technology.

    Science.gov (United States)

    Langer, Steve G

    2017-02-01

    In 1999-2003, SIIM (then SCAR) sponsored the creation of several special topic Primers, one of which was concerned with computer security. About the same time, a multi-society collaboration authored an ACR Guideline with a similar plot; the latter has recently been updated. The motivation for these efforts was the launch of Health Information Portability and Accountability Act (HIPAA). That legislation directed care providers to enable the portability of patient medical records across authorized medical centers, while simultaneously protecting patient confidentiality among unauthorized agents. These policy requirements resulted in the creation of numerous technical solutions which the above documents described. While the mathematical concepts and algorithms in those papers are as valid today as they were then, recent increases in the complexity of computer criminal applications (and defensive countermeasures) and the pervasiveness of Internet connected devices have raised the bar. This work examines how a medical center can adapt to these evolving threats.

  11. Organisational Information Security Strategy: Review, Discussion and Future Research

    Directory of Open Access Journals (Sweden)

    Craig A. Horne

    2017-05-01

    Full Text Available Dependence on information, including for some of the world’s largest organisations such as governments and multi-national corporations, has grown rapidly in recent years. However, reports of information security breaches and their associated consequences indicate that attacks are escalating on organisations conducting these information-based activities. Organisations need to formulate strategy to secure their information, however gaps exist in knowledge. Through a thematic review of academic security literature, (1 we analyse the antecedent conditions that motivate the adoption of a comprehensive information security strategy, (2 the conceptual elements of strategy and (3 the benefits that are enjoyed post-adoption. Our contributions include a definition of information security strategy that moves from an internally-focussed protection of information towards a strategic view that considers the organisation, its resources and capabilities, and its external environment. Our findings are then used to suggest future research directions.

  12. Challenges of EU Security on the Example of Cybeterrorism Policy

    Directory of Open Access Journals (Sweden)

    Izabela Oleksiewicz

    2015-06-01

    Full Text Available In addition to traditional threats to information as spying or leaking state secrets and business secrets appeared the new threats, among which the most dangerous is cyberterrorism. Taking into account the problems of cyber-terrorism, includes, in particular, the analysis of legislation aimed at ensuring the security of information systems of individual countries particular, this subject should be also recognized as requiring at the present time the insightful analysis. Therefore, this publication is an attempt of characteristics the determinants of this phenomenon and analysis of the latest legal solutions in the fight against cyber terrorism within the European Union. Moreover, it was made the attempt to find an answer to the question whether the current legal solutions of the European Union in the area of security are an effective tool in the fight against cyberterrorism.

  13. Security of electronic medical information and patient privacy: what you need to know.

    Science.gov (United States)

    Andriole, Katherine P

    2014-12-01

    The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients. Copyright © 2014 American College of Radiology. Published by Elsevier Inc. All rights reserved.

  14. Using Financial Instruments to Transfer the Information Security Risks

    Directory of Open Access Journals (Sweden)

    Pankaj Pandey

    2016-05-01

    Full Text Available For many individuals and organizations, cyber-insurance is the most practical and only way of handling a major financial impact of an information security event. However, the cyber-insurance market suffers from the problem of information asymmetry, lack of product diversity, illiquidity, high transaction cost, and so on. On the other hand, in theory, capital market-based financial instruments can provide a risk transfer mechanism with the ability to absorb the adverse impact of an information security event. Thus, this article addresses the limitations in the cyber-(reinsurance markets with a set of capital market-based financial instruments. This article presents a set of information security derivatives, namely options, vanilla options, swap, and futures that can be traded at an information security prediction market. Furthermore, this article demonstrates the usefulness of information security derivatives in a given scenario and presents an evaluation of the same in comparison with cyber-insurance. In our analysis, we found that the information security derivatives can at least be a partial solution to the problems in the cyber-insurance markets. The information security derivatives can be used as an effective tool for information elicitation and aggregation, cyber risk pricing, risk hedging, and strategic decision making for information security risk management.

  15. The role of space in the security and defence policy of Turkey. A change in outlook: Security in space versus security from space

    OpenAIRE

    Ercan, C.; Kale, I.

    2017-01-01

    Space and security domains are strongly related with each other. Nowadays, space is an indispensable part of security and defence policy, and it is increasingly becoming a critical infrastructure for strategic Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR) systems. However, space is vulnerable itself to the new space threats. This study reviews the current and near future space role in Turkey's security and defence policy and aims to address...

  16. Implementing Information Security and Its Technology: A LineManagement Perspective

    Energy Technology Data Exchange (ETDEWEB)

    Barletta, William A.

    2005-08-22

    Assuring the security and privacy of institutionalinformation assets is a complex task for the line manager responsible forinternational and multi-national transactions. In the face of an unsureand often conflicting international legal framework, the line managermust employ all available tools in an Integrated Security and PrivacyManagement framework that ranges from legal obligations, to policy, toprocedure, to cutting edge technology to counter the rapidly evolvingcyber threat to information assets and the physical systems thatinformation systems control.

  17. Risk-informed, performance-based safety-security interface

    International Nuclear Information System (INIS)

    Mrowca, B.; Eltawila, F.

    2012-01-01

    Safety-security interface is a term that is used as part of the commercial nuclear power security framework to promote coordination of the many potentially adverse interactions between plant security and plant safety. Its object is to prevent the compromise of either. It is also used to describe the concept of building security into a plant's design similar to the long standing practices used for safety therefore reducing the complexity of the operational security while maintaining or enhancing overall security. With this in mind, the concept of safety-security interface, when fully implemented, can influence a plant's design, operation and maintenance. It brings the approach use for plant security to one that is similar to that used for safety. Also, as with safety, the application of risk-informed techniques to fully implement and integrate safety and security is important. Just as designers and operators have applied these techniques to enhance and focus safety, these same techniques can be applied to security to not only enhance and focus the security but also to aid in the implementation of effective techniques to address the safety-security interfaces. Implementing this safety-security concept early within the design process can prevent or reduce security vulnerabilities through low cost solutions that often become difficult and expensive to retrofit later in the design and/or post construction period. These security considerations address many of the same issues as safety in ensuring that the response of equipment and plant personnel are adequate. That is, both safety and security are focused on reaching safe shutdown and preventing radiological release. However, the initiation of challenges and the progression of actions in response these challenges and even the definitions of safe shutdown can be considerably different. This paper explores the techniques and limitations that are employed to fully implement a risk-informed, safety-security interface

  18. 75 FR 80105 - Meeting of Advisory Committee on International Communications and Information Policy

    Science.gov (United States)

    2010-12-21

    ... Committee will discuss key issues of importance to U.S. communications policy interests including privacy, cyber-security, cyber-crime, and recent events efforts focused on the information and communications... Security and Antiterrorism Act of 1986), as amended; Public Law 107-56 (USA PATRIOT Act); and Executive...

  19. Impact of Population Aging on Military and Security Policy

    Directory of Open Access Journals (Sweden)

    Martina Šimková

    2014-12-01

    Full Text Available Population ageing is among the most important problems of developed European countries and the most frequently discussed social issues. The Czech Republic also faces population ageing and we cannot expect a different trend in the future. Life expectancy has increased due to better health care while current lifestyle often leads to lower natality, resulting in a negative rate of natural increase and a decreasing proportion of young people in population in the future. This problem affects all spheres of life and social and economic development. Population ageing may pose a threat to the security of the population in different ways. The functioning of the security system may be threatened due to decreasing workforce. Population ageing may undercut resources for military budgets. Young recruits represent an important part of military forces and the latter are competing in the labour market with more attractive occupations. Especially ensuring the stability of the personnel needed for securing crisis situations would be a significant problem of near future. This paper presents a demographic perspective on staffing and correct operation of military forces in the context of population ageing. It describes the current situation of human resources in the military policy of the Czech Republic and determines the negative impact of population ageing on recruitment potential. It deals with the sustainability of human resources for security forces.

  20. Information Security for Compliance with Select Agent Regulations

    Science.gov (United States)

    Lewis, Nick; Campbell, Mark J.

    2015-01-01

    The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as “select agents.” While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts—still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment. PMID:26042864

  1. Information security for compliance with select agent regulations.

    Science.gov (United States)

    Lewis, Nick; Campbell, Mark J; Baskin, Carole R

    2015-01-01

    The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as "select agents." While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts--still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment.

  2. The Current Mind-Set of Federal Information Security Decision-Makers on the Value of Governance: An Informative Study

    Science.gov (United States)

    Stroup, Jay Walter

    2014-01-01

    Understanding the mind-set or perceptions of organizational leaders and decision-makers is important to ascertaining the trends and priorities in policy and governance of the organization. This study finds that a significant shift in the mind-set of government IT and information security leaders has started and will likely result in placing a…

  3. Research on information security in big data era

    Science.gov (United States)

    Zhou, Linqi; Gu, Weihong; Huang, Cheng; Huang, Aijun; Bai, Yongbin

    2018-05-01

    Big data is becoming another hotspot in the field of information technology after the cloud computing and the Internet of Things. However, the existing information security methods can no longer meet the information security requirements in the era of big data. This paper analyzes the challenges and a cause of data security brought by big data, discusses the development trend of network attacks under the background of big data, and puts forward my own opinions on the development of security defense in technology, strategy and product.

  4. Information Governance: A Model for Security in Medical Practice

    Directory of Open Access Journals (Sweden)

    Patricia A.H. Williams

    2007-03-01

    Full Text Available Information governance is becoming an important aspect of organisational accountability. In consideration that information is an integral asset of most organisations, the protection of this asset will increasingly rely on organisational capabilities in security.  In the medical arena this information is primarily sensitive patient-based information. Previous research has shown that application of security measures is a low priority for primary care medical practice and that awareness of the risks are seriously underestimated. Consequently, information security governance will be a key issue for medical practice in the future. Information security governance is a relatively new term and there is little existing research into how to meet governance requirements. The limited research that exists describes information security governance frameworks at a strategic level. However, since medical practice is already lagging in the implementation of appropriate security, such definition may not be practical although it is obviously desirable. This paper describes an on-going action research project undertaken in the area of medical information security, and presents a tactical approach model aimed at addressing information security governance and the protection of medical data. 

  5. Information security requirements in patient-centred healthcare support systems.

    Science.gov (United States)

    Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

    2013-01-01

    Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

  6. Information Security in Small and Medium-Sized Companies

    OpenAIRE

    David Kral

    2011-01-01

    Information security doesn’t involve only large organizations. Small and medium-sized companies must closely examine this issue too, because they are increasingly threatened by cyber attacks. Many of them mistakenly believe, that security of their valuable data is sufficient, or that the attackers are not interested in them. Existing standards and methodologies for implementation and management of information security are often hard to transfer to the environment of small and medium-sized bus...

  7. Integrating Programming Language and Operating System Information Security Mechanisms

    Science.gov (United States)

    2016-08-31

    suggestions for reducing the burden, to the Department of Defense, Executive Service Directorate (0704-0188). Respondents should be aware that...improve the precision of security enforcement, and to provide greater assurance of information security. This grant focuses on two key projects: language...based control of authority; and formal guarantees for the correctness of audit information. 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17

  8. THE MODEL FOR RISK ASSESSMENT ERP-SYSTEMS INFORMATION SECURITY

    Directory of Open Access Journals (Sweden)

    V. S. Oladko

    2016-12-01

    Full Text Available The article deals with the problem assessment of information security risks in the ERP-system. ERP-system functions and architecture are studied. The model malicious impacts on levels of ERP-system architecture are composed. Model-based risk assessment, which is the quantitative and qualitative approach to risk assessment, built on the partial unification 3 methods for studying the risks of information security - security models with full overlapping technique CRAMM and FRAP techniques developed.

  9. Evolution of Biotechnology and Information Technology and Its Impact on Human Security

    Directory of Open Access Journals (Sweden)

    Elena S. Zinovieva

    2015-01-01

    Full Text Available Abstract: The development of post-industrial society initiates profound economic, technological and cultural change in the way of life of all mankind. The revolutionary breakthroughs in the field of new technologies such as biotechnology and information technology are reflected in all spheres of human activity, directly affecting the human security. The article analyzes the consequences of widespread usage biotechnology and information technology in the foreign policy practice on the basis of the human security theory. The detailed description of the main directions of the use of biometric technology in the foreign policy and consular practices is provided, the challenges and threats to information security associated with biometrics are analyzed, arising from widespread biotechnology are the main challenges and threats to as well as human security threats arising at the present stage of development and application of these technologies. Human security threats associated with the use of biotechnology are placed in the broader context of global trends in scientific and technological development. The recommendations are formulated in the field of foreign policy and international cooperation, which would neutralize new threats to international and personal safety arising at the present stage of development of biotechnology. The authors conclude that in order to ensure ethical regulation of new technologies that address issues of human security, it is necessary to organize multi-stakeholder partnerships at national and international level with the participation of states, representatives of civil society, business and the research community.

  10. An Exponential Increase in Regional Health Information Exchange With Collaborative Policies and Technologies.

    Science.gov (United States)

    Downing, N Lance; Lane, Steven; Eisenberg, Mathew; Sharp, Christopher; Palma, Jonathan; Longhurst, Christopher

    2015-01-01

    In the United States, the ability to securely exchange health information between organization has been limited by technical interoperability, patient identity matching, and variable institutional policies. Here, we examine the regional experience in a national health information exchange network by examining clinical data sharing between eleven Northern California organizations using the same health information exchange (HIE) platform between 2013-2014. We identify key policies and technologies that have led to a dramatic increase in health information exchange.

  11. Information Security System and Development of a Modern Organization

    OpenAIRE

    Wawak, Slawomir

    2009-01-01

    Information security management systems are increasingly applied in a number of sectors of the new, global, interconnected economy. They are used by production and service companies, businesses that provide information technology and telecom services, state administration authorities and local governments. Specifically, they are used in case of crime groups or as a means of securing illegal transactions.

  12. Security information and event management systems: benefits and inefficiencies

    OpenAIRE

    Κάτσαρης, Δημήτριος Σ.

    2014-01-01

    In this Master’s thesis, the new trend in computer and information security industry called Security Information and Event Management systems will be covered. The evolution, advantages and weaknesses of these systems will be described, as well as a home-based implementation with open source tools will be proposed and implemented.

  13. An introduction to information security and ISO27001:2013

    CERN Document Server

    Watkins, Steve

    2013-01-01

    Up to date with the latest version of the Standard (ISO27001:2013), An Introduction to information security and ISO27001:2013 is the perfect solution for anyone wanting an accurate, fast, easy-to-read primer on information security from an acknowledged expert on ISO27001.

  14. An Overview of Economic Approaches to Information Security Management

    NARCIS (Netherlands)

    Su, X.

    The increasing concerns of clients, particularly in online commerce, plus the impact of legislations on information security have compelled companies to put more resources in information security. As a result, senior managers in many organizations are now expressing a much greater interest in

  15. Obstacle of Team Teaching and Collaborative Learning in Information Security

    Directory of Open Access Journals (Sweden)

    Marn-Ling Shing

    2007-10-01

    Full Text Available The field of information security includes diverse contents such as network security and computer forensics which are highly technical-oriented topics. In addition, information forensic requires the background of criminology. The information security also includes non-technical content such as information ethics and security laws. Because the diverse nature of information security, Shing et al. has proposed the use of team teaching and collaborative learning for the information security classes. Although team teaching seems to be efficient in information security, practically it needs a few challenges. The Purdue's case mentioned in Shing's paper has funding support of National Security Agency (NSA. However, a vast amount of resources may not be available for an instructor in a normal university. In addition, many obstacles are related to the administration problems. For example, how are the teaching evaluations computed if there are multiple instructors for a single course? How will instructors in a computer forensics class prepare students (criminal justice majors and information technology majors before taking the same class with diverse background? The paper surveyed approximately 25 students in a university in Virginia concerning the satisfaction of team-teaching. Finally, this paper describes ways to meet those challenges.

  16. A Framework for the Governance of Information Security

    Science.gov (United States)

    Edwards, Charles K.

    2013-01-01

    Information security is a complex issue, which is very critical for success of modern businesses. It can be implemented with the help of well-tested global standards and best practices. However, it has been studied that the human aspects of information security compliance pose significant challenge to its practitioners. There has been significant…

  17. IAEA Nuclear Security Programme: The role of information

    International Nuclear Information System (INIS)

    2010-01-01

    Discusses collecting and collating information on needs integrated in Nuclear Security Support Plans and analyzing data on illicit trafficking and nuclear security incidents. Coordination with donor States and international organizations on Illicit trafficking Database reports and other related information provided by states.

  18. Food security and nutrition in the Russian Federation – a health policy analysis

    Directory of Open Access Journals (Sweden)

    Karsten Lunze

    2015-06-01

    Full Text Available Background: In the Russian Federation (Russia, an elevated burden of premature mortality attributable to non-communicable diseases (NCDs has been observed since the country's economic transition. NCDs are largely related to preventable risk factors such as unhealthy diets. Objective: This health policy study's aim was to analyze past and current food production and nutritional trends in Russia and their policy implications for Russia's NCD burden. Design: We examined food security and nutrition in Russia using an analytical framework of food availability, access to food, and consumption. Results: Agricultural production declined during the period of economic transition, and nutritional habits changed from high-fat animal products to starches. However, per-capita energy consumption remained stable due to increased private expenditures on food and use of private land. Paradoxically, the prevalence of obesity still increased because of an excess consumption of unsaturated fat, sugar, and salt on one side, and insufficient intake of fruit and vegetables on the other. Conclusions: Policy and economic reforms in Russia were not accompanied by a food security crisis or macronutrient deprivation of the population. Yet, unhealthy diets in contemporary Russia contribute to the burden of NCDs and related avoidable mortality. Food and nutrition policies in Russia need to specifically address nutritional shortcomings and food-insecure vulnerable populations. Appropriate, evidence-informed food and nutrition policies might help address Russia's burden of NCDs on a population level.

  19. Process Control Security in the Cybercrime Information Exchange NICC

    NARCIS (Netherlands)

    Luiijf, H.A.M.

    2009-01-01

    Detecting, investigating and prosecuting cybercrime? Extremely important, but not really the solution for the problem. Prevention is better! The sectors that have joined the Cybercrime Information Exchange have accepted the challenge of ensuring the effectiveness of the (information) security of

  20. Multidisciplinary Approach in Teaching Foreign Languages to Information Security Professionals

    Directory of Open Access Journals (Sweden)

    N. M. Nikiforova

    2012-12-01

    Full Text Available The program of teaching foreign languages to information security professionals is aimed at unifying linguistic, extra linguistic and professional information distributed in the contents of the course.

  1. The Effects of a Social Media Policy on Pharmacy Students’ Facebook Security Settings

    Science.gov (United States)

    Feild, Carinda; James, Kristina

    2011-01-01

    Objective. To examine how students entering a doctor of pharmacy (PharmD) program used Facebook privacy settings before and after the college's social media policy was presented to them. Methods. The Facebook profiles of all entering first-year pharmacy students across 4 campuses of a college of pharmacy were evaluated. Ten dichotomous variables of interest were viewed and recorded for each student's Facebook account at 3 time points: before the start of the semester, after presentation of the college's social media policy, and at the end of the semester. Data on whether a profile could be found and what portions of the profile were viewable also were collected. Results. After introduction of the policy, a significant number of students increased their security settings (made information not visible to the public) related to Facebook walls, information pages, and links. Conclusions. Making pharmacy students aware of a college's social media policy had a positive impact on their behaviors regarding online security and privacy. PMID:22171105

  2. ENERGY IN THE CONTEXT OF THE PRESENT CHALLENGES TO THE EUROPEAN COMMON SECURITY AND DEFENCE POLICY

    Directory of Open Access Journals (Sweden)

    Gabriel ANDRUSEAC

    2014-10-01

    Full Text Available The Common Security and Defence Policy is a part of the European Union’s Common Foreign and Security Policy (CFSP and establishes the policy framework for the institutional structures and military instruments which have to deal with the security challenges in Europe’s geopolitical neighborhood. The article aims to identify and analyze the role of energy as one of the present challenges to the European Common Security and Defence Policy in the context of the recent events in the world economy.

  3. Information security as a countermeasure against cheating in video games

    OpenAIRE

    Mikkelsen, Kevin Kjelgren

    2017-01-01

    Most cheating in video games is possible due to information being accessible outside the intended frames of the game developer. The issue of protecting sensitive information have been handled in many areas outside of video games for a long time now. The goal of this paper is to review these information security solutions that are in use in more security concerned areas today and to potentially find transferable approaches that can help protect important and sensitive information in video game...

  4. SecurityCom: A Multi-Player Game for Researching and Teaching Information Security Teams

    Directory of Open Access Journals (Sweden)

    Douglas P. Twitchell

    2007-12-01

    Full Text Available A major portion of government and business organizations’ attempts to counteract information security threats is teams of security personnel.  These teams often consist of personnel of diverse backgrounds in specific specialties such as network administration, application development, and business administration, resulting in possible conflicts between security, functionality, and availability.  This paper discusses the use of games to teach and research information security teams and outlines research to design and build a simple, team-oriented, configurable, information security game. It will be used to study how information security teams work together to defend against attacks using a multi-player game, and to study the use of games in training security teams.  Studying how information security teams work, especially considering the topic of shared-situational awareness, could lead to better ways of forming, managing, and training teams.  Studying the effectiveness of the game as a training tool could lead to better training for security teams. 

  5. Qualitative Characterization of the Facebook Information Security Strategies

    Directory of Open Access Journals (Sweden)

    LOPES, S. F.

    2015-12-01

    Full Text Available Hyperconnectivity due to online social networks exposed security issues on data stored in these systems. This article presents an analysis on how online social networks designers have been communicating information security aspects through these systems’ interfaces. This analysis was made using the Semiotic Inspection Method on Facebook since it is largely used in Brazil and all over the world. Results showed that there is major concern with security information properties. Nevertheless it was possible to identify interface problems that could compromise use and understanding of such security properties

  6. Social Media - DoD’s Greatest Information Sharing Tool or Weakest Security Link?

    Science.gov (United States)

    2010-04-15

    or position of the Department of the Army, Department of Defense, or the U.S. Government. SOCIAL MEDIA – DOD’S GREATEST INFORMATION SHARING TOOL...appropriateness and effectiveness of these policies in securing the information network. 15. SUBJECT TERMS Social media , information...TYPE Civilian Research Paper 3. DATES COVERED (From - To) August 2009-April 2010 4. TITLE AND SUBTITLE 5a. CONTRACT NUMBER Social Media

  7. Information-Pooling Bias in Collaborative Security Incident Correlation Analysis.

    Science.gov (United States)

    Rajivan, Prashanth; Cooke, Nancy J

    2018-03-01

    Incident correlation is a vital step in the cybersecurity threat detection process. This article presents research on the effect of group-level information-pooling bias on collaborative incident correlation analysis in a synthetic task environment. Past research has shown that uneven information distribution biases people to share information that is known to most team members and prevents them from sharing any unique information available with them. The effect of such biases on security team collaborations are largely unknown. Thirty 3-person teams performed two threat detection missions involving information sharing and correlating security incidents. Incidents were predistributed to each person in the team based on the hidden profile paradigm. Participant teams, randomly assigned to three experimental groups, used different collaboration aids during Mission 2. Communication analysis revealed that participant teams were 3 times more likely to discuss security incidents commonly known to the majority. Unaided team collaboration was inefficient in finding associations between security incidents uniquely available to each member of the team. Visualizations that augment perceptual processing and recognition memory were found to mitigate the bias. The data suggest that (a) security analyst teams, when conducting collaborative correlation analysis, could be inefficient in pooling unique information from their peers; (b) employing off-the-shelf collaboration tools in cybersecurity defense environments is inadequate; and (c) collaborative security visualization tools developed considering the human cognitive limitations of security analysts is necessary. Potential applications of this research include development of team training procedures and collaboration tool development for security analysts.

  8. The information systems security officer's guide establishing and managing an information protection program

    CERN Document Server

    Kovacich, Gerald L

    2003-01-01

    Information systems security continues to grow and change based on new technology and Internet usage trends. In order to protect your organization's confidential information, you need information on the latest trends and practical advice from an authority you can trust. The new ISSO Guide is just what you need. Information Systems Security Officer's Guide, Second Edition, from Gerald Kovacich has been updated with the latest information and guidance for information security officers. It includes more information on global changes and threats, managing an international information secur

  9. Remote monitoring, data sharing, and information security

    International Nuclear Information System (INIS)

    Parise, D.; Dalton, C.; Regula, J.

    2009-01-01

    Full-text: Remote Monitoring (RM) is being used with increased frequency by the IAEA for safeguards in many parts of the world. This is especially true in Japan where there are also agreements for data sharing. The automated nature of RM lends itself to assist in modernizing old cumbersome data sharing techniques. For example, electronic declarations can be received, parsed and checked; then data for that time period and facility can be automatically released. This could save considerable time and effort now spent processing paper declarations and hand copying data. But care must be taken to ensure the parsing, transfers, and connections for these systems are secure. Advanced authentication and encryption techniques are still vital in this process. This paper will describe how to improve security with vulnerability assessments, the use of certificates, avoiding compromising dial-up connections and other methods. A detailed network layout will be presented that will resemble a future RM collaboration with the IAEA and the Japanese. From this network design, key strategic security points will be identified and suggestions will be made to help secure them. (author)

  10. Organizational Characteristics Influencing SME Information Security Maturity

    NARCIS (Netherlands)

    Mijnhardt, F.; Baars, T.; Spruit, M.

    2016-01-01

    In the current business environment, many organizations use popular standards such as the ISO 27000x series, COBIT and related frameworks to protect themselves against security incidents. However, these standards and frameworks are overly complicated for Small to Medium sized Enterprises, leaving

  11. Promoting Economic Security through Information Technology Abstract

    African Journals Online (AJOL)

    PROF. O. E. OSUAGWU

    2013-12-01

    Dec 1, 2013 ... The problem of economic insecurity is a global threat to national security. ... of the country as one indivisible political entity with many calling for disintegration. ..... The integration of ICT in agriculture can .... Table 4.2.7 Respondents by IT on Business propriety and trade .... of production, distribution and.

  12. Research on information security system of waste terminal disposal process

    Science.gov (United States)

    Zhou, Chao; Wang, Ziying; Guo, Jing; Guo, Yajuan; Huang, Wei

    2017-05-01

    Informatization has penetrated the whole process of production and operation of electric power enterprises. It not only improves the level of lean management and quality service, but also faces severe security risks. The internal network terminal is the outermost layer and the most vulnerable node of the inner network boundary. It has the characteristics of wide distribution, long depth and large quantity. The user and operation and maintenance personnel technical level and security awareness is uneven, which led to the internal network terminal is the weakest link in information security. Through the implementation of security of management, technology and physics, we should establish an internal network terminal security protection system, so as to fully protect the internal network terminal information security.

  13. Content Sharing Based on Personal Information in Virtually Secured Space

    Science.gov (United States)

    Sohn, Hosik; Ro, Yong Man; Plataniotis, Kostantinos N.

    User generated contents (UGC) are shared in an open space like social media where users can upload and consume contents freely. Since the access of contents is not restricted, the contents could be delivered to unwanted users or misused sometimes. In this paper, we propose a method for sharing UGCs securely based on the personal information of users. With the proposed method, virtual secure space is created for contents delivery. The virtual secure space allows UGC creator to deliver contents to users who have similar personal information and they can consume the contents without any leakage of personal information. In order to verify the usefulness of the proposed method, the experiment was performed where the content was encrypted with personal information of creator, and users with similar personal information have decrypted and consumed the contents. The results showed that UGCs were securely shared among users who have similar personal information.

  14. Emerging Trends in Development of International Information Security Regime

    Directory of Open Access Journals (Sweden)

    Elena S. Zinovieva

    2016-01-01

    Full Text Available The article discusses the key trends shaping the international regime on information security. International cooperation in this area at the global level encounters contradictions of state interest. The main actors of the information security are the United States, Russia, China and the EU countries (Britain, France and Germany. The main contradiction is developing between the US on one side and Russia and China on the other. EU countries occupy the middle position, gravitating to that of US. The article proves that international cooperation on information security will reflect the overall logic of the development of international cooperation, which is characterized by a new model of cooperation, with the participation of state and non-state actors, known as multi-stakeholder partnerships and multi-level cooperation. The logic of the formation of an international regime on information security is closest to the logic of the formation of the international non-proliferation regime. It is in the interest of Russia to support the trend towards regionalization of information security regime. Russia can form a regional information security regime in the former Soviet Union on the basis of the CSTO and SCO and potentially on a wider Eurasian space. Such regional regime would give Russia an opportunity to shape the international regime and closely monitor emerging information security issues in the former Soviet Union, and remove the potential threat of "color revolutions".

  15. 78 FR 7784 - Health Information Technology Policy Committee Nomination Letters

    Science.gov (United States)

    2013-02-04

    ... GOVERNMENT ACCOUNTABILITY OFFICE Health Information Technology Policy Committee Nomination Letters.... SUMMARY: The American Recovery and Reinvestment Act of 2009 (ARRA) established the Health Information Technology Policy Committee (Health IT Policy Committee) and gave the Comptroller General responsibility for...

  16. Process Control Security in the Cybercrime Information Exchange NICC

    OpenAIRE

    Luiijf, H.A.M.

    2009-01-01

    Detecting, investigating and prosecuting cybercrime? Extremely important, but not really the solution for the problem. Prevention is better! The sectors that have joined the Cybercrime Information Exchange have accepted the challenge of ensuring the effectiveness of the (information) security of process control systems (PCS), including SCADA. This publication makes it clear why it is vital that organizations establish and maintain control over the security of the information and communication...

  17. Securing information display by use of visual cryptography.

    Science.gov (United States)

    Yamamoto, Hirotsugu; Hayasaki, Yoshio; Nishida, Nobuo

    2003-09-01

    We propose a secure display technique based on visual cryptography. The proposed technique ensures the security of visual information. The display employs a decoding mask based on visual cryptography. Without the decoding mask, the displayed information cannot be viewed. The viewing zone is limited by the decoding mask so that only one person can view the information. We have developed a set of encryption codes to maintain the designed viewing zone and have demonstrated a display that provides a limited viewing zone.

  18. The Department of Defense Information Security Process: A Study of Change Acceptance and Past-Performance-Based Outsourcing

    Science.gov (United States)

    Hackney, Dennis W. G.

    2011-01-01

    Subchapter III of Chapter 35 of Title 44, United States Code, Federal Information Security Management Act of 2002; Department of Defense (DoD) Directive 8500.01E, Information Assurance, October 24, 2002; DoD Directive 8100.1, Global Information Grid Overarching Policy, September 19, 2002; and DoD Instruction 8500.2, Information Assurance…

  19. RISK MANAGEMENT FROM THE INFORMATION SECURITY PERSPECTIVE

    Directory of Open Access Journals (Sweden)

    Riza Ionuț

    2017-11-01

    Full Text Available Risk management has emerged ever since the appearance of human communities and it has developed at a slow rate. Over time, a significant improvement was made, from accepting hazards to the identification, evaluation and control of unwanted events, threat prevention and exploitation of opportunities through scientific risk management actions. The fundamental role of research in cyber security is to concentrate the efforts on those contexts and conditions which determine the way in which key players reach a common understanding of the way to conceive and eventually answer to certain challenges in cyber security. In order to build a clear perception of these effects, this work presents the main elements which define cyber space, to come to the aid of turning the management process into an efficient one, especially when talking about cyber space as a space for conflicts, both economic and political.

  20. 10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

    Science.gov (United States)

    2010-01-01

    ... information for parties; security clearances. 2.905 Section 2.905 Energy NUCLEAR REGULATORY COMMISSION RULES... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

  1. Information security : an investigation into password habits

    OpenAIRE

    Richardson, Darren

    2015-01-01

    This thesis considers password security guidelines used in current environments and stipulates that password requirements force users to create and use passwords which are easy for computers to guess but hard for humans to remember. The thesis begins by exploring a number of the most prevalent methods of illicitly obtaining passwords in an attempt to design an experimental method to test the notion of weak password distribution. Password cracking techniques are discussed, as well as less ...

  2. The Impact of Information Richness on Information Security Awareness Training Effectiveness

    Science.gov (United States)

    Shaw, R. S.; Chen, Charlie C.; Harris, Albert L.; Huang, Hui-Jou

    2009-01-01

    In recent years, rapid progress in the use of the internet has resulted in huge losses in many organizations due to lax security. As a result, information security awareness is becoming an important issue to anyone using the Internet. To reduce losses, organizations have made information security awareness a top priority. The three main barriers…

  3. A model-driven approach to information security compliance

    Science.gov (United States)

    Correia, Anacleto; Gonçalves, António; Teodoro, M. Filomena

    2017-06-01

    The availability, integrity and confidentiality of information are fundamental to the long-term survival of any organization. Information security is a complex issue that must be holistically approached, combining assets that support corporate systems, in an extended network of business partners, vendors, customers and other stakeholders. This paper addresses the conception and implementation of information security systems, conform the ISO/IEC 27000 set of standards, using the model-driven approach. The process begins with the conception of a domain level model (computation independent model) based on information security vocabulary present in the ISO/IEC 27001 standard. Based on this model, after embedding in the model mandatory rules for attaining ISO/IEC 27001 conformance, a platform independent model is derived. Finally, a platform specific model serves the base for testing the compliance of information security systems with the ISO/IEC 27000 set of standards.

  4. The electronic security partnership of safety/security and information systems departments.

    Science.gov (United States)

    Yow, J Art

    2012-01-01

    The ever-changing world of security electronics is reviewed in this article. The author focuses on its usage in a hospital setting and the need for safety/security and information systems departments to work together to protect and get full value from IP systems.

  5. Information Security - A Growing Challenge for Online Business

    OpenAIRE

    Gabriela GHEORGHE; Ioana LUPASC

    2017-01-01

    In present, the cyber attack move to a global scale, also the online business cyber threats have the effect of impeding and even huge losses. Security issues currently facing online commerce, online payment systems require finding solutions to improve the security solutions offered by the providers of Business Information solution.

  6. DST-funded information security centre of competence

    CSIR Research Space (South Africa)

    Taute, B

    2009-06-06

    Full Text Available &D that will lead to commercialisation and transfer of R&D outputs in Information Security. Three Market opportunities exist following this initiative. It relates to innovative products and services that contribute to enhanced National Cyber Security, innovative...

  7. Information Security Issues in Higher Education and Institutional Research

    Science.gov (United States)

    Custer, William L.

    2010-01-01

    Information security threats to educational institutions and their data assets have worsened significantly over the past few years. The rich data stores of institutional research are especially vulnerable, and threats from security breaches represent no small risk. New genres of threat require new kinds of controls if the institution is to prevent…

  8. Information Security - A Growing Challenge for Online Business

    Directory of Open Access Journals (Sweden)

    Gabriela GHEORGHE

    2017-06-01

    Full Text Available In present, the cyber attack move to a global scale, also the online business cyber threats have the effect of impeding and even huge losses. Security issues currently facing online commerce, online payment systems require finding solutions to improve the security solutions offered by the providers of Business Information solution.

  9. An Examination of Issues Surrounding Information Security in California Colleges

    Science.gov (United States)

    Butler, Robert D.

    2013-01-01

    Technological advances have provided increasing opportunities in higher education for delivering instruction and other services. However, exposure to information security attacks has been increasing as more organizations conduct their businesses online. Higher education institutions have one of the highest frequencies of security breaches as…

  10. Parliamentary control of security information agency in terms of security culture: State and problems

    Directory of Open Access Journals (Sweden)

    Radivojević Nenad

    2013-01-01

    Full Text Available Even though security services have the same function as before, today they have different tasks and significantly more work than before. Modern security problems of the late 20th and early 21st century require states to reorganize their security services, adapting them to the new changes. The reorganization involves, among other things, giving wider powers of the security services, in order to effectively counter the growing and sophisticated security threats, which may also lead to violations of human rights and freedoms. It is therefore necessary to define the right competence, organization, authority and control of these services. In democratic countries, there are several institutions with different levels of control of security services. Parliament is certainly one of the most important institutions in that control, both in the world and in our country. Powers, finance, the use of special measures and the nature and scope of work of the Security Information Agency are certainly object of the control of the National Assembly. What seems to be the problem is achieving a balance between the need for control of security services and security services to have effective methods for combating modern security problems. This paper presents the legal framework related to the National Assembly control of the Security Intelligence Agency, as well as the practical problems associated with this type of control. We analyzed the role of security culture as one of the factors of that control. In this regard, it provides guidance for the practical work of the members of parliament who control the Security Intelligence Agency, noting in particular the importance of and the need for continuous improvement of security culture representatives.

  11. India's grain security policy in the era of high food prices

    DEFF Research Database (Denmark)

    Yu, Wusheng; Bandara, Jayatilleke

    2017-01-01

    policies, which are superior in terms of their welfare effects and fiscal costs and might also be politically feasible. These findings have important implications on the ongoing debates on India's food security policy, particularly in relation to the discussion on its National Food Security Act....

  12. 77 FR 34411 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2012-06-11

    ... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION National Industrial Security Program Policy Advisory... CFR 101-6, announcement is made for the following committee meeting. To discuss National Industrial Security Program policy matters. DATES: This meeting will be held on Wednesday, July 11, 2012 from 10:00 a...

  13. Fair Information Principles of Brazilian Companies online privacy policies

    Directory of Open Access Journals (Sweden)

    Patricia Zeni Marchiori

    2016-05-01

    Full Text Available This research aims to present the Fair Information Principles in the privacy policies of the websites of major Brazilian companies (according to the 2014 Forbes Magazine list. The check and analysis were supported by a checklist compiled from documents issued by the Federal Trade Commission and the Organization for Economic Co-operation and development. The study selected fourteen companies from a universe of twenty-five, considering the immediacy criterion of access to the privacy policy on their websites. The security (safeguards principle is the most widespread foundation at the privacy policies of the companies selected (existing in eight of the fourteen analyzed policies; and the principle of responsibility receives less adhesion due to the fact that it is not covered in any of the examined online privacy policies. The Sabesp Company presents the most complete privacy policy, considering the compliance with the Fair Information Principles when compared to the others perused, while WEG does not present any of the principles identified in the documental survey. As for e-commerce, the number of companies that assume some of the Principles is further reduced. For the selected universe the adherence to the Fair information Principles is still incipient, althought its use is not mandatory. An open discussion of the proposed Brazilian law about personal data protection should play an important role in creating further guidance on the subject. Additional studies in this subject should involve the perception of users, as well as a cutout of companies which target e-commerce, considering that an effective alignment with these principles and other guidelines are required in order to protect the user’s privacy and personal data in the web environment.

  14. 75 FR 49943 - New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security...

    Science.gov (United States)

    2010-08-16

    ... INFORMATION CONTACT: Joanna Johnson, Office of Information Technology, TSA-11, Transportation Security... Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY: Transportation... System Operator Security Information. Type of Request: New collection. OMB Control Number: Not yet...

  15. Report: Information Security Series: Security Practices Comprehensive Environmental Response, Compensation, and Liability Information System

    Science.gov (United States)

    Report #2006-P-00019, March 28, 2006. OSWER’s implemented practices to ensure production servers were being monitored for known vulnerabilities and personnel with significant security responsibility completed the Agency’s recommended security training.

  16. A Model of Managerial Effectiveness in Information Security: From Grounded Theory to Empirical Test

    National Research Council Canada - National Science Library

    Knapp, Kenneth J

    2005-01-01

    Information security is a critical issue facing organizations worldwide. in order to mitigate risk and protect valuable information, organizations need to operate and manage effective information security programs...

  17. Agents Based e-Commerce and Securing Exchanged Information

    Science.gov (United States)

    Al-Jaljouli, Raja; Abawajy, Jemal

    Mobile agents have been implemented in e-Commerce to search and filter information of interest from electronic markets. When the information is very sensitive and critical, it is important to develop a novel security protocol that can efficiently protect the information from malicious tampering as well as unauthorized disclosure or at least detect any malicious act of intruders. In this chapter, we describe robust security techniques that ensure a sound security of information gathered throughout agent’s itinerary against various security attacks, as well as truncation attacks. A sound security protocol is described, which implements the various security techniques that would jointly prevent or at least detect any malicious act of intruders. We reason about the soundness of the protocol usingSymbolic Trace Analyzer (STA), a formal verification tool that is based on symbolic techniques. We analyze the protocol in key configurations and show that it is free of flaws. We also show that the protocol fulfils the various security requirements of exchanged information in MAS, including data-integrity, data-confidentiality, data-authenticity, origin confidentiality and data non-repudiability.

  18. Information security management: a proposal to improve the effectiveness of information security in the scientific research environment

    International Nuclear Information System (INIS)

    Alexandria, Joao Carlos Soares de

    2009-01-01

    The increase of the connectivity in the business environment, combined with the growing dependency of information systems, has become the information security management an important governance tool. Information security has as main goal to protect the business transactions in order to work normally. In this way, It will be safeguarding the business continuity. The threats of information come from hackers' attacks, electronic frauds and spying, as well as fire, electrical energy interruption and humans fault. Information security is made by implementation of a set of controls, including of the others politics, processes, procedures, organizational structures, software and hardware, which require a continuous management and a well established structure to be able to face such challenges. This work tried to search the reasons why the organizations have difficulties to make a practice of information security management. Many of them just limit to adopt points measures, sometimes they are not consistent with their realities. The market counts on enough quantity of standards and regulations related to information security issues, for example, ISO/IEC 27002, American Sarbanes-Oxley act, Basel capital accord, regulations from regulatory agency (such as the Brazilians ones ANATEL, ANVISA and CVM). The market researches have showed that the information security implementation is concentrated on a well-defined group of organization mainly formed by large companies and from specifics sectors of economy, for example, financial and telecommunication. However, information security must be done by all organizations that use information systems to carry out their activities, independently of its size or economic area that it belongs. The situation of information security in the governmental sector of Brazil, and inside its research institutions, is considered worrying by the Brazilian Court of Accounts (TCU). This research work presents an assessment and diagnostic proposal of

  19. Labelling : Security in Information Management and Sharing

    NARCIS (Netherlands)

    Schotanus, H.A.; Hartog, T.; Hut, D.H.; Boonstra, D.

    2011-01-01

    Military communication infrastructures are often deployed as stand-alone information systems operating at the System High mode. Network-Enabled Capabilities (NEC) and combined military operations lead to new requirements for information management and sharing which current communication

  20. Secure information management using linguistic threshold approach

    CERN Document Server

    Ogiela, Marek R

    2013-01-01

    This book details linguistic threshold schemes for information sharing. It examines the opportunities of using these techniques to create new models of managing strategic information shared within a commercial organisation or a state institution.