WorldWideScience

Sample records for policy information security

  1. Staffing Policy for Solving the Information Security

    Directory of Open Access Journals (Sweden)

    A. I. Tolstoy

    2012-06-01

    Full Text Available Determining staffing policy implementation of information security tasks is given. The basic requirements that must be taken into account when developing policies are defined. The policy framework is determined and recommendations for the design of such policies are formulated. Requirements for the implementation of the policy are defined.

  2. Information security policy development for compliance

    CERN Document Server

    Williams, Barry L

    2013-01-01

    Although compliance standards can be helpful guides to writing comprehensive security policies, many of the standards state the same requirements in slightly different ways. Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0 provides a simplified way to write policies that meet the major regulatory requirements, without having to manually look up each and every control. Explaining how to write policy statements that address multiple compliance standards and regulatory requirements, the book will he

  3. Information systems security policies: a survey in Portuguese public administration

    OpenAIRE

    Lopes, Isabel Maria; Sá-Soares, Filipe de

    2010-01-01

    Information Systems Security is a relevant factor for present organizations. Among the security measures, policies assume a central role in literature. However, there is a reduced number of empirical studies about the adoption of information systems security policies. This paper contributes to mitigate this flaw by presenting the results of a survey in the adoption of Information System Security Policies in Local Public Administration in Portugal. The results are discussed in light of literat...

  4. Three Essays on Information Security Policies

    Science.gov (United States)

    Yang, Yubao

    2011-01-01

    Information security breaches pose a significant and increasing threat to national security and economic well-being. In the Symantec Internet Security Threat Report (2003), companies surveyed experienced an average of about 30 attacks per week. Anecdotal evidence suggests that losses from cyber-attacks can run into millions of dollars. The CSI-FBI…

  5. Information Security Policy Modeling for Network Security Systems

    Directory of Open Access Journals (Sweden)

    Dmitry Sergeevich Chernyavskiy

    2014-12-01

    Full Text Available Policy management for network security systems (NSSs is one of the most topical issues of network security management. Incorrect configurations of NSSs lead to system outages and appearance of vulnerabilities. Moreover, policy management process is a time-consuming task, which includes significant amount of manual work. These factors reduce efficiency of NSSs’ utilization. The paper discusses peculiarities of policy management process and existing approaches to policy modeling, presents a model aimed to formalize policies for NSSs independently on NSSs’ platforms and select the most effective NSSs for implementation of the policies.

  6. 75 FR 10507 - Information Security Oversight Office; National Industrial Security Program Policy Advisory...

    Science.gov (United States)

    2010-03-08

    ... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office; National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and Records... individuals planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later...

  7. European Union (EU Information Security Policies Türkay

    Directory of Open Access Journals (Sweden)

    Türkay Henkoğlu

    2013-11-01

    Full Text Available The development of the European economy is strongly related to the use of Information andcommunication technologies (ICT and the transformation process of information society. However, because of the risks of ICT, people are anxious about using technology, which in turn retards the economic growth of countries all around the world. Therefore, especially in the last twenty years, information security issues have begun to gain importance in European Community (EC information policies, and many suggestions have been made related to these issues. The purpose of this study is to examine the main issues in EC information policies, the aims and the effects of these policies, and how they are implemented. The importance and scope of these policies were examined based on the McCumber information security model, which is a comprehensive and multidimensional information security model. In order to draw attention to the importance of information security issues in EC policies, a wide range of information sources are reviewed, including EC directives and agreements related to information security, the EC organizations responsible for making information security policies, and the literature concerning these issues. The findings of the study show that EC information security policies are seen as a vital part of economy and information societypolicies. In addition, the study shows that data protection directives have been updated regularly since 1995, which makes them suitable for the needs of today’s world.

  8. Information security policies and procedures a practitioner's reference

    CERN Document Server

    Peltier, Thomas R

    2004-01-01

    INFORMATION SECURITY POLICIES AND PROCEDURES Introduction Corporate Policies Organizationwide (Tier 1) Policies Organizationwide Policy Document Legal Requirements Duty of Loyalty Duty of Care Other Laws and Regulations Business Requirements Where to Begin? Summary Why Manage This Process as a Project? Introduction First Things First: Identify the Sponsor Defining the Scope of Work Time Management Cost Management Planning for Quality Managing Human Resources Creating a Communications Plan Summary Planning and Preparation Introduction Objectives of Policies, Stand

  9. An Integrative Behavioral Model of Information Security Policy Compliance

    Directory of Open Access Journals (Sweden)

    Sang Hoon Kim

    2014-01-01

    Full Text Available The authors found the behavioral factors that influence the organization members’ compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members’ attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1 the study is expected to play a role of the baseline for future research about organization members’ compliance with the information security policy, (2 the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3 the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training

  10. An integrative behavioral model of information security policy compliance.

    Science.gov (United States)

    Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

    2014-01-01

    The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing

  11. Information security policy: contributions from internal marketing for its effectiveness

    Directory of Open Access Journals (Sweden)

    Cristiane Ellwanger

    2012-06-01

    Full Text Available Protecting sources of information has become a great challenge to the organizations, due to the advance of the information technologies, the integration between them and the constant stream of information that flows through the communication networks. The establishment of an Information Security Policy – PSI may resolve a part of the problems related to security, but it cannot totally solve them, since the human resources present in the internal environment of the organizations may spoil the effectiveness of the PSI. Given the importance of the human aspects in the context of the information security, the present work discusses the use of internal marketing as a management strategy in order to obtain or reestablish the commitment of the users to the principles defined in the PSI, and demonstrates, through an experimental research, the impact of using internal marketing techniques to the effectiveness of that policy. The results of this experiment make quantitatively evident how relevant the use of these techniques may be in order to have the procedures described in the PSI actually carried out by the users, and demonstrates a 402,4% increase in the support to the information security policy, considering the procedures indicated in the PSI that were totally executed.

  12. A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education Institutions

    Science.gov (United States)

    Waddell, Stanie Adolphus

    2013-01-01

    Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and…

  13. Beyond the security paradox: Ten criteria for a socially informed security policy.

    Science.gov (United States)

    Pavone, Vincenzo; Ball, Kirstie; Degli Esposti, Sara; Dibb, Sally; Santiago-Gómez, Elvira

    2017-04-01

    This article investigates the normative and procedural criteria adopted by European citizens to assess the acceptability of surveillance-oriented security technologies. It draws on qualitative data gathered at 12 citizen summits in nine European countries. The analysis identifies 10 criteria, generated by citizens themselves, for a socially informed security policy. These criteria not only reveal the conditions, purposes and operation rules that would make current European security policies and technologies more consistent with citizens' priorities. They also cast light on an interesting paradox: although people feel safe in their daily lives, they believe security could, and should, be improved.

  14. Hybrid Security Policies

    Directory of Open Access Journals (Sweden)

    Radu CONSTANTINESCU

    2006-01-01

    Full Text Available Policy is defined as the rules and regulations set by the organization. They are laid down by management in compliance with industry regulations, law and internal decisions. Policies are mandatory. Security policies rules how the information is protected against security vulnerabilities and they are the basis for security awareness, training and vital for security audits. Policies are focused on desired results. The means of achieving the goals are defined on controls, standards and procedures.

  15. Information System Security: Army Web Site Administration, Policies, and Practices

    National Research Council Canada - National Science Library

    2002-01-01

    .... The Policy requires heads of DoD Components to establish a process to identify appropriate information for posting to Web sites and to review all information placed on publicly accessible Web sites...

  16. Expanding Protection Motivation Theory: The Role of Individual Experience in Information Security Policy Compliance

    Science.gov (United States)

    Mutchler, Leigh Ann

    2012-01-01

    The purpose of the present study is to make contributions to the area of behavioral information security in the field of Information Systems and to assist in the improved development of Information Security Policy instructional programs to increase the policy compliance of individuals. The role of an individual's experience in the context of…

  17. Information Systems Security Audit

    OpenAIRE

    Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

    2007-01-01

    The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  18. A Quantitative Study on the Relationship of Information Security Policy Awareness, Enforcement, and Maintenance to Information Security Program Effectiveness

    Science.gov (United States)

    Francois, Michael T.

    2016-01-01

    Today's organizations rely heavily on information technology to conduct their daily activities. Therefore, their information security systems are an area of heightened security concern. As a result, organizations implement information security programs to address and mitigate that concern. However, even with the emphasis on information security,…

  19. Implementation of information security policies in public organizations : Top management as a success factor

    OpenAIRE

    Kamariza, Yvette

    2017-01-01

    The purpose of this thesis is to investigate potential success factors related to the implementation of an information security in organizations, with a specific focus on the role of top management in implementing information security policies in organizations. The following are the research questions: What are the factors related to the implementation of an information security in organization according to the literature and what is the organization’s view of these factors? What is the role ...

  20. Evaluating Factors of Security Policy on Information Security Effectiveness in Developing Nations: A Case of Nigeria

    Science.gov (United States)

    Okolo, Nkiru Benjamin

    2016-01-01

    Information systems of today face more potential security infringement than ever before. The regular susceptibility of data to breaches is a function of systems users' disinclination to follow appropriate security measures. A well-secured system maintains integrity, confidentiality, and availability, while providing appropriate and consistent…

  1. Information security in academic libraries: the role of the librarian in planning and introducing institutional policies

    Directory of Open Access Journals (Sweden)

    Juliana Soares Lima

    2017-04-01

    Full Text Available This study presents a short discussion about the role of the librarian as a mediator at planning, developing and implementing an Information Security Policy in Academic Libraries, by working together with professionals in the field of Information Technology. It also discusses the main virtual threats and some risks that are prone to infect computers in libraries. Based on the current legislation and on some normative documents about information security, it is confirmed the importance of the librarian take part in the main decision-making related to information security, such as planning a consistent Information Security Policy which be able to see the specific needs of Academic Libraries as institutions prone to cyberattacks. The main topics and guidelines to carry out an Information Security Policy are presented based on the results that were obtained through an action research, by visiting libraries to fill in application forms and to compose reports whose content was analyzed. Finally, the study concludes that Information Security Policy must be validated by managers of sectors or departments which the Academic Library is hierarchically subordinate to.

  2. Monitoring Information Systems to Enforce Computer Security Policies

    National Research Council Canada - National Science Library

    Graham, Scott

    1999-01-01

    .... However, too much leeway allows users, without a need to access many of the network functions, the ability to execute functions that might cause harm to the system or provide access to information...

  3. Information security policies for governmental organisations, the minimum criteria

    CSIR Research Space (South Africa)

    Ngobeni, SJ

    2009-07-01

    Full Text Available Recent technology advancement has resulted in an era where many organisations become more and more comfortable to use computer systems to process their information. Intruders are making it their mission to break into these computer systems...

  4. Electronic healthcare information security

    CERN Document Server

    Dube, Kudakwashe; Shoniregun, Charles A

    2010-01-01

    The ever-increasing healthcare expenditure and pressing demand for improved quality and efficiency of patient care services are driving innovation in healthcare information management. The domain of healthcare has become a challenging testing ground for information security due to the complex nature of healthcare information and individual privacy. ""Electronic Healthcare Information Security"" explores the challenges of e-healthcare information and security policy technologies. It evaluates the effectiveness of security and privacy implementation systems for anonymization methods and techniqu

  5. National Cyber Security Policy

    Indian Academy of Sciences (India)

    National Cyber Security Policy. Salient Features: Caters to ... Creating a secure cyber ecosystem. Creating an assurance framework. Encouraging Open Standards. Strengthening the Regulatory framework. Creating mechanisms for security threat early warning, vulnerability management and response to security threats.

  6. 77 FR 76076 - Information Security Oversight Office; State, Local, Tribal, and Private Sector Policy Advisory...

    Science.gov (United States)

    2012-12-26

    ... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office; State, Local... Administration, Information Security Oversight Office. ACTION: Notice of meeting. SUMMARY: In accordance with the... Committee. To discuss the matters relating to the Classified National Security Information Program for State...

  7. Analysis of Russian Federation Foreign Policy in the Field of International Information Security

    Directory of Open Access Journals (Sweden)

    Elena S. Zinovieva

    2014-01-01

    Full Text Available Information and communication technologies (ICT play an essential role in the improvement of the quality of life, economic and socio-political of individual countries and humanity in general. However, ICT development is fraught with new challenges and threats to international and national security. Interstate rivalry in the information sphere generates conflicts, an extreme form of which is an information war. Since 1998, the Russian initiative supports the international cooperation on information security at the global and regional level as well as within the framework of the bilateral relations. The article analyzes the characteristics of the global information society, which has a decisive influence on the international security in the information age, as well as international cooperation in this field. The analysis of Russian foreign policy initiatives in the field of international information security is also presented. Today more than 130 countries develop cyber capabilities, both defensive and offensive, that pose serious threats to the international stability. It's difficult to trace the source of information attacks and its consequences can be devastating and cause retaliation, including the use of conventional weapons. In this situation Russian approach, advocating for the development of the rules of conduct of States and demilitarization of information space in order to ensure its safety, seems urgent and relevant with the international situation.

  8. Adoption of an information systems security policy in small and medium sized enterprises.

    Directory of Open Access Journals (Sweden)

    Isabel Maria Lopes

    2017-03-01

    Full Text Available Information Systems Security (ISS is a relevant fact for current organizations. This paper focuses on Small and Medium Sized Enterprises (SMEs. This article aims to constitute an empirical study on the applicability of the Action Research (AR method in information systems, more specifically by assessing the adoption of an ISS policy in six SMEs, and identifying the critical success factors in adopting an ISS policy. The research question we intend to answer is to what extent this research method is adequate to reach the proposed goal. The results of the study suggest that AR is a promising means for the evaluation of ISS policies adoption. It can both act as a research method that improves the understanding about the reasons why the policy has been abandoned, and as a change method, assisting practitioners to overcome barriers and suggesting measures to be implemented.

  9. Defining Information Security.

    Science.gov (United States)

    Lundgren, Björn; Möller, Niklas

    2017-11-15

    This article proposes a new definition of information security, the 'Appropriate Access' definition. Apart from providing the basic criteria for a definition-correct demarcation and meaning concerning the state of security-it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called 'soft issues' of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security-the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.

  10. Information Security

    NARCIS (Netherlands)

    Hartel, Pieter H.; Suryana Herman, Nanna; Leukfeldt, E.R.; Stol, W.Ph.

    2012-01-01

    Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is

  11. Indirect effect of management support on users' compliance behaviour towards information security policies.

    Science.gov (United States)

    Humaidi, Norshima; Balakrishnan, Vimala

    2018-01-01

    Health information systems are innovative products designed to improve the delivery of effective healthcare, but they are also vulnerable to breaches of information security, including unauthorised access, use, disclosure, disruption, modification or destruction, and duplication of passwords. Greater openness and multi-connectedness between heterogeneous stakeholders within health networks increase the security risk. The focus of this research was on the indirect effects of management support (MS) on user compliance behaviour (UCB) towards information security policies (ISPs) among health professionals in selected Malaysian public hospitals. The aim was to identify significant factors and provide a clearer understanding of the nature of compliance behaviour in the health sector environment. Using a survey design and stratified random sampling method, self-administered questionnaires were distributed to 454 healthcare professionals in three hospitals. Drawing on theories of planned behaviour, perceived behavioural control (self-efficacy (SE) and MS components) and the trust factor, an information system security policies compliance model was developed to test three related constructs (MS, SE and perceived trust (PT)) and their relationship to UCB towards ISPs. Results showed a 52.8% variation in UCB through significant factors. Partial least squares structural equation modelling demonstrated that all factors were significant and that MS had an indirect effect on UCB through both PT and SE among respondents to this study. The research model based on the theory of planned behaviour in combination with other human and organisational factors has made a useful contribution towards explaining compliance behaviour in relation to organisational ISPs, with trust being the most significant factor. In adopting a multidimensional approach to management-user interactions via multidisciplinary concepts and theories to evaluate the association between the integrated management

  12. Strategic information security

    CERN Document Server

    Wylder, John

    2003-01-01

    Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

  13. Information Security

    OpenAIRE

    2005-01-01

    Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is trusted to actually handle an asset. Two concepts complement authorisation. Authentication deter-mines who makes a request to handle an asset. To decide who is authorised, a system needs to au-the...

  14. 76 FR 34761 - Classified National Security Information

    Science.gov (United States)

    2011-06-14

    ... MARINE MAMMAL COMMISSION Classified National Security Information [Directive 11-01] AGENCY: Marine... Commission's (MMC) policy on classified information, as directed by Information Security Oversight Office... of Executive Order 13526, ``Classified National Security Information,'' and 32 CFR part 2001...

  15. Information Security

    National Research Council Canada - National Science Library

    Buddenberg, Rex

    2002-01-01

    ...) "Overarching Wireless Policy"; and presents examples of problems that can occur (e.g., credit card transactions over the internet and the Walker insider attack against the Navy' worldwide communications system...

  16. DoDs Policies, Procedures, and Practices for Information Security Management of Covered Systems (REDACTED)

    Science.gov (United States)

    2016-08-15

    19 Use of Computer -Processed Data...practices for covered systems. The Act describes covered systems as national security systems2 and Federal computer systems that provide access to...capabilities are designed to detect and prevent the unauthorized use and transmission of national security systems information. 8 Forensics is the

  17. Cybersecurity via Intermediaries : Analyzing Security Measurements to Understand Intermediary Incentives and Inform Public Policy

    NARCIS (Netherlands)

    Asghari, H.

    2016-01-01

    Research in the field of information security economics has clarified how attacker and defender incentives affect cybersecurity. It has also highlighted the role of intermediaries in strengthening cybersecurity. Intermediaries are organizations and firms that provide the Internet’s infrastructure

  18. A Policy-Based Framework for Preserving Confidentiality in BYOD Environments: A Review of Information Security Perspectives

    Directory of Open Access Journals (Sweden)

    Chalee Vorakulpipat

    2017-01-01

    Full Text Available Today, many organizations allow their employees to bring their own smartphones or tablets to work and to access the corporate network, which is known as a bring your own device (BYOD. However, many such companies overlook potential security risks concerning privacy and confidentiality. This paper provides a review of existing literature concerning the preservation of privacy and confidentiality, with a focus on recent trends in the use of BYOD. This review spans a large spectrum of information security research, ranging from management (risk and policy to technical aspects of privacy and confidentiality in BYOD. Furthermore, this study proposes a policy-based framework for preserving data confidentiality in BYOD. This framework considers a number of aspects of information security and corresponding techniques, such as policy, location privacy, centralized control, cryptography, and operating system level security, which have been omitted in previous studies. The main contribution is to investigate recent trends concerning the preservation of confidentiality in BYOD from the perspective of information security and to analyze the critical and comprehensive factors needed to strengthen data privacy in BYOD. Finally, this paper provides a foundation for developing the concept of preserving confidentiality in BYOD and describes the key technical and organizational challenges faced by BYOD-friendly organizations.

  19. Security Policy and Infrastructure in the Context of a Multi-Centeric Information System Dedicated to Autism Spectrum Disorder.

    Science.gov (United States)

    Ben Said, Mohamed; Robel, Laurence; Golse, Bernard; Jais, Jean Philippe

    2017-01-01

    Autism spectrum disorders (ASD) are complex neuro-developmental disorders affecting children in their early age. The diagnosis of ASD relies on multidisciplinary investigations, in psychiatry, neurology, genetics, electrophysiology, neuro-imagery, audiology and ophthalmology. In order to support clinicians, researchers and public health decision makers, we designed an information system dedicated to ASD, called TEDIS. TEDIS was designed to manage systematic, exhaustive and continuous multi-centric patient data collection via secured Internet connections. In this paper, we present the security policy and security infrastructure we developed to protect ASD' patients' clinical data and patients' privacy. We tested our system on 359 ASD patient records in a local secured intranet environment and showed that the security system is functional, with a consistent, transparent and safe encrypting-decrypting behavior. It is ready for deployment in the nine ASD expert assessment centers in the Ile de France district.

  20. Information security fundamentals

    CERN Document Server

    Peltier, Thomas R

    2013-01-01

    Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise's effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.The book examines the elements of computer security, employee roles and r

  1. INFORMATION SYSTEM SECURITY (CYBER SECURITY

    Directory of Open Access Journals (Sweden)

    Muhammad Siddique Ansari

    2016-03-01

    Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers

  2. Information Security Service Branding – beyond information security awareness

    Directory of Open Access Journals (Sweden)

    Rahul Rastogi

    2012-12-01

    Full Text Available End-users play a critical role in the effective implementation and running of an information security program in any organization. The success of such a program depends primarily on the effective implementation and execution of associated information security policies and controls and the resultant behavior and actions of end-users. However, end-users often have negative perception of information security in the organization and exhibit non-compliance. In order to improve compliance levels, it is vital to improve the image of information security in the minds of end-users. This paper borrows the concepts of brands and branding from the domain of marketing to achieve this objective and applies these concepts to information security. The paper also describes a process for creating the information security service brand in the organization.

  3. Towards Information Security Awareness

    OpenAIRE

    Marius Petrescu; Delia Mioara Popescu; Nicoleta Sirbu

    2010-01-01

    Information security has come to be recognized as increasingly important because global communication and information systems allow a potentially large number of unauthorized users to access and possibly alter information from around the world. As the dependence on information systems grows, so the security of information networks becomes ever more critical to any entity, no matter if it is a company or a public institution. Information security involves both technology and people. Any securi...

  4. Medical Information Security

    OpenAIRE

    William C. Figg, Ph.D.; Hwee Joo Kam, M.S.

    2011-01-01

    Modern medicine is facing a complex environment, not from medical technology but rather government regulations and information vulnerability. HIPPA is the government’s attempt to protect patient’s information yet this only addresses traditional record handling. The main threat is from the evolving security issues. Many medical offices and facilities have multiple areas of information security concerns. Physical security is often weak, office personnel are not always aware of security needs an...

  5. Secure Communication and Information Exchange using Authenticated Ciphertext Policy Attribute-Based Encryption in Mobile Ad-hoc Network

    Directory of Open Access Journals (Sweden)

    Samsul Huda

    2016-08-01

    Full Text Available MANETs are considered as suitable for commercial applications such as law enforcement, conference meeting, and sharing information in a student classroom and critical services such as military operations, disaster relief, and rescue operations. Meanwhile, in military operation especially in the battlefield in freely medium which naturally needs high mobility and flexibility. Thus, applying MANETs make these networks vulnerable to various types of attacks such aspacket eavesdropping, data disseminating, message replay, message modification, and especially privacy issue. In this paper, we propose a secure communication and information exchange in MANET with considering secure adhoc routing and secure information exchange. Regarding privacy issue or anonymity, we use a reliable asymmetric encryption which protecting user privacy by utilizing insensitive user attributes as user identity, CP-ABE (Ciphertext-Policy Attribute-Based Encryption cryptographic scheme. We also design protocols to implement the proposed scheme for various battlefied scenarios in real evironment using embedded devices. Our experimental results showed that the additional of HMAC (Keyed-Hash Message Authentication Code and AES (Advanced Encryption standard schemes using processor 1.2GHz only take processing time about 4.452 ms,  we can confirm that our approach by using CP-ABE with added HMAC and AES schemes make low overhead.

  6. Data Confidentiality and Integrity Issues and Role of Information Security Management Standard, Policies and Practices - An Empirical Study of Telecommunication Industry in Pakistan

    Science.gov (United States)

    Nabi, Syed Irfan; Nabi, Syed Waqar; Tipu, Syed Awais Ahmed; Haqqi, Bushra; Abid, Zahra; Alghathbar, Khaled

    The amount of data communications is increasing each day and with it comes the issues of assuring its security. This research paper explores the information security management issues with respect to confidentiality and integrity and the impact of Information Security Management Standards, Policies and Practices (ISMSPP) on information security. This research has been conducted on the telecommunication industry of Pakistan that was ranked 9th globally in 2009 in terms of subscription. The research methodology was case study based in which perceptions were gathered as well as thematic analysis of the interviews was done. The research focus is on breach of data integrity and confidentiality by the internal users in the industry and the perception of improvement, if any, of the data security due to implementation of security management policies and controls. The results show that information security measure are perceived to have a positive impact on reducing data confidentiality and integrity breaches but still falls short of what is required. It concludes that security policies might improve the situation provided, firstly, that the top managements takes information security seriously, and secondly, the non-technical human aspects of the issues are taken into consideration.

  7. Information security management handbook

    CERN Document Server

    2002-01-01

    The Information Security Management Handbook continues its tradition of consistently communicating the fundamental concepts of security needed to be a true CISSP. In response to new developments, Volume 4 supplements the previous volumes with new information covering topics such as wireless, HIPAA, the latest hacker attacks and defenses, intrusion detection, and provides expanded coverage on security management issues and applications security. Even those that don't plan on sitting for the CISSP exam will find that this handbook is a great information security reference.The changes in the tech

  8. Information Security - Data Loss Prevention Procedure

    Science.gov (United States)

    The purpose of this procedure is to extend and provide specificity to the Environmental Protection Agency (EPA) Information Security Policy regarding data loss prevention and digital rights management.

  9. Security and policy driven computing

    CERN Document Server

    Liu, Lei

    2010-01-01

    Security and Policy Driven Computing covers recent advances in security, storage, parallelization, and computing as well as applications. The author incorporates a wealth of analysis, including studies on intrusion detection and key management, computer storage policy, and transactional management.The book first describes multiple variables and index structure derivation for high dimensional data distribution and applies numeric methods to proposed search methods. It also focuses on discovering relations, logic, and knowledge for policy management. To manage performance, the text discusses con

  10. Information security cost management

    CERN Document Server

    Bazavan, Ioana V

    2006-01-01

    While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner.Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book demonstrates how to design the best security strategy with the resources you have available. Organized into five sections, the book-Focuses on setting the right road map so that you can be most effective in your information security implementationsDiscusses cost-effective staffing, the single biggest expense to the security organizationPresents practical ways to build and manage the documentation that details strategy, provides resources for operating annual audits, and illustrates how to advertise accomplishments to senior management effectivelyI...

  11. Alignment of Organizational Security Policies -- Theory and Practice

    NARCIS (Netherlands)

    Dimkov, T.

    2012-01-01

    To address information security threats, an organization defines security policies that state how to deal with sensitive information. These policies are high-level policies that apply for the whole organization and span the three security domains: physical, digital and social. One example of a

  12. Aspects with Program Analysis for Security Policies

    DEFF Research Database (Denmark)

    Yang, Fan

    . This dissertation explores the principles of adding challenging security policies to existing systems with great flexibility and modularity. The policies concerned cover both classical access control and explicit information flow policies. We built our solution by combining aspect-oriented programming techniques......Enforcing security policies to IT systems, especially for a mobile distributed system, is challenging. As society becomes more IT-savvy, our expectations about security and privacy evolve. This is usually followed by changes in regulation in the form of standards and legislation. In many cases......, small modification of the security requirement might lead to substantial changes in a number of modules within a large mobile distributed system. Indeed, security is a crosscutting concern which can spread to many business modules within a system, and is difficult to be integrated in a modular way...

  13. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2003-01-01

    Since 1993, the Information Security Management Handbook has served not only as an everyday reference for information security practitioners but also as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination. Now completely revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a complete understanding of all the items in it. This is a ...must have... book, both for preparing for the CISSP exam and as a c

  14. Information security employee handbook: November 2010

    OpenAIRE

    2013-01-01

    This handbook is a quick reference guide to some of the most important points of the London 2012 information security policy. This information security handbook outlines the policies that all staff, secondees, volunteers and certain third parties who process LOCOG information must comply with.

  15. Informed policies

    International Development Research Centre (IDRC) Digital Library (Canada)

    cation technology (ICT) and now. Minister of Science and Technology, was one of the architects of Mozam- bique's ICT policy in 2000 — the first in Africa. Nationwide access to these technologies is one of the pillars of the government's science and technology policy. “We don't believe in politicians, but we believe in politics.

  16. ITIL® and information security

    International Nuclear Information System (INIS)

    Jašek, Roman; Králík, Lukáš; Popelka, Miroslav

    2015-01-01

    This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework

  17. 75 FR 65526 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2010-10-25

    ... RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office, National Archives and Records... committee meeting, to discuss National Industrial Security Program policy matters. DATES: The meeting will...

  18. 77 FR 12623 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2012-03-01

    ... RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy... ] Industrial Security Program policy matters. Dated: February 23, 2012. Mary Ann Hadyka, Committee Management... number of individuals planning to attend must be submitted to the Information Security Oversight Office...

  19. 76 FR 28099 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2011-05-13

    ... RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office, National Archives and Records... meeting to discuss National Industrial Security Program policy matters. DATES: The meeting will be held on...

  20. 76 FR 67484 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2011-11-01

    ... RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office, National Archives and Records... meeting to discuss National Industrial Security Program policy matters. DATES: The meeting will be held on...

  1. 76 FR 6636 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2011-02-07

    ... RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office, National Archives and Records... meeting. To discuss National Industrial Security Program policy matters. DATES: The meeting will be held...

  2. Information security management principles

    CERN Document Server

    Taylor, Andy; Finch, Amanda; Sutton, David; Taylor, Andy

    2013-01-01

    In today's technology-driven environment, there is an ever-increasing demand for information delivery. A compromise has to be struck between security and availability. This book is a pragmatic guide to information assurance for both business professionals and technical experts. This second edition includes the security of cloud-based resources.

  3. Cyber security policy guidebook

    CERN Document Server

    Bayuk, nifer L; Rohmeyer, l; Sachs, cus; Schmidt, frey; Weiss, eph

    2012-01-01

    This book is a taxonomy and thesaurus of current cybersecurity policy issues, including a thorough description of each issue and a corresponding list of pros and cons with respect to identified stances on each issue. It documents policy alternatives for the sake of clarity with respect to policy alone, and dives into organizational implementation issues. Without using technical jargon, the book emphasizes the importance of critical and analytical thinking when making policy decisions.  It also equips the reader with descriptions of the impact of specific policy ch

  4. US-Africa Security Policy

    DEFF Research Database (Denmark)

    Møller, Nicolai Stahlfest

    This paper will discuss the United States security policy towards Africa based on the National Security Strategy from 2006 and the founding of US Africa Command, the new military combatant command that is supposed to unify US military efforts on the African continent. The paper will discuss whether...

  5. Russian National Security Policy: Perceptions, Policies, and Prospects

    National Research Council Canada - National Science Library

    Crutcher, Michael

    2001-01-01

    .... The workshop examined that policy in terms of factors influencing Russian national security policy formulation, Russia's perceptions of the world and itself, current Russian security and foreign...

  6. I-SolFramework: An Integrated Solution Framework Six Layers Assessment on Multimedia Information Security Architecture Policy Compliance

    OpenAIRE

    Susanto, Heru; Almunawar, Mohammad Nabil; Tuan, Yong Chee; Aksoy, Mehmet Sabih

    2012-01-01

    Multimedia Information security becomes a important part for the organization's intangible assets. Level of confidence and stakeholder trusted are performance indicator as successes organization, it is imperative for organizations to use Information Security Management System (ISMS) to effectively manage their multimedia information assets. The main objective of this paper is to Provide a novel practical framework approach to the development of ISMS, Called by the I-SolFramework, implemented ...

  7. The Shaping of Managers' Security Objectives through Information Security Awareness Training

    Science.gov (United States)

    Harris, Mark A.

    2010-01-01

    Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…

  8. Information Security Incident Management

    Directory of Open Access Journals (Sweden)

    D. I. Persanov

    2010-03-01

    Full Text Available The present report highlights the points of information security incident management in an enterprise. Some aspects of the incident and event classification are given. The author presents his view of the process scheme over the monitoring and processing information security events. Also, the report determines a few critical points of the listed process and gives the practical recommendations over its development and optimization.

  9. Information-educational Portal MEPHIST: a Security Policy at Access Differentiation to Objects

    Directory of Open Access Journals (Sweden)

    A. I. Guseva

    2010-09-01

    Full Text Available The article is devoted to working out of an information-educational portal for National Research Nuclear University “MEPhI”, executed within the limits of realization “Innovative programs of engineering-physical education for a new stage of development of a nuclear science and the industry”of the priority national project “Education”. The basic attention is given to requirements of information safety.

  10. Analyzing Security-Enhanced Linux Policy Specifications

    National Research Council Canada - National Science Library

    Archer, Myla

    2003-01-01

    NSA's Security-Enhanced (SE) Linux enhances Linux by providing a specification language for security policies and a Flask-like architecture with a security server for enforcing policies defined in the language...

  11. Informing National Food and Water Security Policy through Water Footprint Assessment: the Case of Iran

    Directory of Open Access Journals (Sweden)

    Fatemeh Karandish

    2017-10-01

    Full Text Available Iran’s focus on food self-sufficiency has led to an emphasis on increasing water volumes available for irrigation with little attention to water use efficiency, and no attention at all to the role of consumption and trade. To better understand the development of water consumption in relation to food production, consumption, and trade, we carried out the first comprehensive water footprint assessment (WFA for Iran, for the period 1980–2010, and estimated the water saving per province associated with interprovincial and international crop trade. Based on the AquaCrop model, we estimated the green and blue water footprint (WF related to both the production and consumption of 26 crops, per year and on a daily basis, for 30 provinces of Iran. We find that, in the period 1980–2010, crop production increased by 175%, the total WF of crop production by 122%, and the blue WF by 20%. The national population grew by 92%, and the crop consumption per capita by 20%, resulting in a 130% increase in total food consumption and a 110% increase in the total WF of national crop consumption. In 2010, 26% of the total water consumption in the semi-arid region served the production of crops for export to other regions within Iran (mainly cereals or abroad (mainly fruits and nuts. Iran’s interprovincial virtual water trade grew by a factor of 1.6, which was mainly due to increased interprovincial trade in cereals, nuts, and fruits. Current Iranian food and water policy could be enriched by reducing the WFs of crop production to certain benchmark levels per crop and climatic region and aligning cropping patterns to spatial differences in water availability and productivities, and by paying due attention to the increasing food consumption per capita in Iran.

  12. Formal policies for flexible EHR security.

    Science.gov (United States)

    Blobel, Bernd; Pharow, Peter

    2006-01-01

    State of the Art methodologies for establishing requirements and solutions to securing applications are based on narrative descriptions about the use of available system, sometimes also dedicated to system components. Even nowadays new developments to ruling application security services by the use of predicate logic suffer from being administered manually. Therefore, security and privacy requirements cannot be properly met resulting in restrictions and fears for allowing the use of sensitive data and functions. Because of the sensitivity of personal health information and especially of genetic data with its wider implications beyond the original subject of care, weaknesses in guaranteeing fine-grained security and privacy rules lead to less acceptance or even the avoidance of essential information transfer and use. To overcome the problem, security and privacy have to become properties of the architectural components of the respective health information system. Embedding security into the systems architecture allows for negotiating and enforcing any security and privacy services related to principals, their roles, their relationships, further contextual information as well as other regulations summarized in formally modeled policies. The paper introduces the evolving paradigm of the model-driven architecture, first time also comprehensively deployed for security and privacy services in bio-genetic and health information systems.

  13. 32 CFR 2400.45 - Information Security Program Review.

    Science.gov (United States)

    2010-07-01

    ... TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Program Review. 2400.45...

  14. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2006-01-01

    Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Application Program Security. Cryptography. Computer, System, and Security Architecture. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigation and Ethics. Physical Security.

  15. Information security : the moving target

    CSIR Research Space (South Africa)

    Dlamini, MT

    2009-01-01

    Full Text Available Information security has evolved from addressing minor and harmless security breaches to managing those with a huge impact on organisations’ economic growth. This paper investigates the evolution of information security; where it came from, where...

  16. Information Warfare, Threats and Information Security

    Directory of Open Access Journals (Sweden)

    Dmitriy Nikolaevich Bespalov

    2014-01-01

    Full Text Available The article presents the opposite, but dependent on each other's reality - Revolutionary War information,information security goals and objectives of their study within the scheme "challenge-response", methodological and analytical support, the role of elites and the information society in promoting information security. One of the features of contemporaneityis the global spread of ICT, combined with poor governance and other difficulties in the construction of innovation infrastructures that are based on them in some countries. This leads to the reproduction of threats, primarily related to the ability to use ICT for purposes that are inconsistent with the objectives of maintaining international peace and security, compliance with the principles of non-use of force, non-interference in the internal affairs of states, etc. In this regard, include such terms as "a threat of information warfare", "information terrorism" and so forth. Information warfare, which stay in the policy declared the struggle for existence, and relationships are defined in terms of "friend-enemy", "ours-foreign". Superiority over the opponent or "capture of its territory" is the aim of political activity. And information security, serving activities similar process of political control, including a set of components, is a technology until their humanitarian. From the context and the decision itself is the ratio of the achieved results of information and political influence to the target - a positive image of Russia. Bringing its policy in line with the demands of a healthy public opinion provides conductivity of theauthorities initiatives in the country and increases the legitimacy of the Russian Federation actions in the world.

  17. Security classification of information

    Energy Technology Data Exchange (ETDEWEB)

    Quist, A.S.

    1993-04-01

    This document is the second of a planned four-volume work that comprehensively discusses the security classification of information. The main focus of Volume 2 is on the principles for classification of information. Included herein are descriptions of the two major types of information that governments classify for national security reasons (subjective and objective information), guidance to use when determining whether information under consideration for classification is controlled by the government (a necessary requirement for classification to be effective), information disclosure risks and benefits (the benefits and costs of classification), standards to use when balancing information disclosure risks and benefits, guidance for assigning classification levels (Top Secret, Secret, or Confidential) to classified information, guidance for determining how long information should be classified (classification duration), classification of associations of information, classification of compilations of information, and principles for declassifying and downgrading information. Rules or principles of certain areas of our legal system (e.g., trade secret law) are sometimes mentioned to .provide added support to some of those classification principles.

  18. Information Technology and Security

    OpenAIRE

    Denning, Dorothy E.

    2003-01-01

    in Grave New World: Global Dangers in the 21st Century (Michael Brown ed.), Georgetown Press, 2003. (.pdf of prepublication version) This paper examines key trends and developments in information technology, and the implications of those developments on stability and security. Focus is on cyber threats to computer networks, including information theft and sabotage, and acts that disrupt or deny services. Seven trend areas are examined: ubiquity, mobility, hacking tools, perform...

  19. US-Africa Security Policy

    DEFF Research Database (Denmark)

    Møller, Nicolai Stahlfest

    This paper will discuss the United States security policy towards Africa based on the National Security Strategy from 2006 and the founding of US Africa Command, the new military combatant command that is supposed to unify US military efforts on the African continent. The paper will discuss whether...... AFRICOM and US actions in Africa could be seen as a true (newfound) American interest in Africa or whether actions that are considered low-key and low-budget in Washington are to be regarded as a true asymmetry because African states regard US action as important and significant. The paper will explain...

  20. FORMATION OF A COMPUTER SECURITY POLICY BOARD

    CERN Multimedia

    2001-01-01

    In view of the increasing number of security incidents at CERN, the Directorate has set up a Computer Security Policy Board. Information about the mandate and the meetings of the Board is linked from http://cern.ch/security, which is the entry point for computer security information at CERN. FILE SERVICES COMPUTING RULE The use of CERN's Computing facilities are governed by Operational Circular No 5 and its subsidiary rules. To protect file servers at CERN from unauthorised use, the Organization has issued a new subsidiary rule related to file services. Details hereof and of the complete set of rules applicable to the use of CERN computing facilities are available at http://cern.ch/ComputingRules.

  1. FORMATION OF A COMPUTER SECURITY POLICY BOARD

    CERN Multimedia

    2001-01-01

    In view of the increasing number of security incidents at CERN, the Directorate has set up a Computer Security Policy Board. Information about the mandate and the meetings of the Board is linked from http://cern.ch/security which is the entry point for computer security information at CERN. File Services Computing Rule The use of CERN's Computing facilities are governed by Operational Circular No 5 and its subsidiary rules. To protect file servers at CERN from unauthorised use, the Organization has issued a new subsidiary rule related to file services. Details hereof and of the complete set of rules applicable to the use of CERN computing facilities are available at http://cern.ch/ComputingRules

  2. Insider Threat and Information Security Management

    Science.gov (United States)

    Coles-Kemp, Lizzie; Theoharidou, Marianthi

    The notion of insider has multiple facets. An organization needs to identify which ones to respond to. The selection, implementetion and maintenance of information security countermeasures requires a complex combination of organisational policies, functions and processes, which form Information Security Management. This chapter examines the role of current information security management practices in addressing the insider threat. Most approaches focus on frameworks for regulating insider behaviour and do not allow for the various cultural responses to the regulatory and compliance framework. Such responses are not only determined by enforcement of policies and awareness programs, but also by various psychological and organisational factors at an individual or group level. Crime theories offer techniques that focus on such cultural responses and can be used to enhance the information security management design. The chapter examines the applicability of several crime theories and concludes that they can contribute in providing additional controls and redesign of information security management processes better suited to responding to the insider threat.

  3. Energy security and national policy

    International Nuclear Information System (INIS)

    Martin, W.F.

    1987-01-01

    To achieve an energy secure future, energy cannot be viewed as an isolated concern. It is part and parcel of a nation's economic, social, and political context. In the past important implications for the economy and national security have been ignored. Crash programs to deal with oil shortages in the seventies, crashed. In the eighties, oil surplus has been enjoyed. The energy situation could be quite different in the nineties. Statistics on energy supply and consumption of oil, coal, natural gas and electricity from nuclear power show that much progress has been made worldwide. However, about half of the world's oil will come from the Persian Gulf by 1995. Continued low oil prices could raise US imports to 60% of consumption by 1995. Persian Gulf tensions serve as reminders of the link between energy policy and national security policy. Energy policy must be based on market forces and concerns for national security. Strategic oil reserves will expand along with the availability of domestic oil and gas resources. Increased attention to conservation, diversification of energy resources, and use of alternative fuels can help reduce imports. Continued high-risk long term research and development is needed. Improved technology can reduce environmental impacts. Global markets need global cooperation. Energy has emerged as an important aspect of East-West relations. Europeans need to diversify their sources of energy. The soviets have proposed expanded collaboration in magnetic fusion science. A series of initiatives are proposed that together will ensure that economies will not become overly dependent on a single source of energy

  4. 78 FR 38077 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2013-06-25

    ... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office [NARA-13-0030] National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and... following committee meeting to discuss National Industrial Security Program policy matters. DATES: The...

  5. 77 FR 34411 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2012-06-11

    ... RECORDS ADMINISTRATION National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY... made for the following committee meeting. To discuss National Industrial Security Program policy... must be submitted to the Information Security Oversight Office (ISOO) no later than Friday, July 6...

  6. Generating WS-SecurityPolicy documents via security model transformation

    DEFF Research Database (Denmark)

    Jensen, Meiko

    2009-01-01

    When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriate...... security model definition and transformation approach, targeting the WS-SecurityPolicy and WS-BPEL specifications, in order to enable a Web-Service-based secure business process development....

  7. The Personal Information Security Assistant

    NARCIS (Netherlands)

    Kegel, Roeland Hendrik,Pieter

    The human element is often found to be the weakest link in the information security chain. The Personal Information Security Assistant project aims to address this by improving the privacy and security awareness of end-users and by aligning the user's personal IT environment to the user's security

  8. Grounding information security in healthcare.

    Science.gov (United States)

    Ferreira, Ana; Antunes, Luis; Chadwick, David; Correia, Ricardo

    2010-04-01

    The objective of this paper is to show that grounded theory (GT), together with mixed methods, can be used to involve healthcare professionals in the design and enhancement of access control policies to Electronic Medical Record (EMR) systems. The mixed methods applied for this research included, in this sequence, focus groups (main qualitative method that used grounded theory for the data analysis) and structured questionnaires (secondary quantitative method). Results showed that the presented methodology can be used to involve healthcare professionals in the definition of access control policies to EMR systems and explore these issues in a diversified and integrated way. The methodology allowed for the generation of great amounts of data in the beginning of the study and in a short time span. Results from the applied methodology revealed a first glimpse of the theories to be generated and integrated, with future research, into access control policies. The methodological research described in this paper is very rarely, if ever, applied in developing security tools such as access control. Nevertheless, it can be an effective way of involving healthcare professionals in the definition and enhancement of access control policies and in making information security more grounded into their workflows and daily practices. (c) 2010 Elsevier Ireland Ltd. All rights reserved.

  9. Security Policy Alignment: A Formal Approach

    NARCIS (Netherlands)

    Pieters, Wolter; Dimkov, T.; Pavlovic, Dusko

    2013-01-01

    Security policy alignment concerns the matching of security policies specified at different levels in socio-technical systems, and delegated to different agents, technical and human. For example, the policy that sales data should not leave an organization is refined into policies on door locks,

  10. Information Security Operations Centers

    Directory of Open Access Journals (Sweden)

    Natalia Georgievna Miloslavskaya

    2016-12-01

    Full Text Available At present information security (IS incidents have become not only more numerous and diverse but also more damaging and disruptive. Preventive controls based on the IS risk assessment results decrease the majority but not all the IS incidents. Therefore, an IS incident management system is necessary for rapidly detecting IS incidents, minimizing loss and destruction, mitigating the vulnerabilities that were exploited and restoring organization’s IT infrastructure (ITI, including its IT services. These systems can be implemented on the basis of a Security Operations Center (SOC. Based on the related works a survey of the existing SOCs, their mission and main functions is given. The SOCs’ classification as well as the key indicators of IS incidents in II are proposed. Some serious first-generation SOCs’ limitations are defined. This analysis leads to the main area of further research launched by the author.

  11. [Information security in health care].

    Science.gov (United States)

    Ködmön, József; Csajbók, Zoltán Ernő

    2015-07-05

    Doctors, nurses and other medical professionals are spending more and more time in front of the computer, using applications developed for general practitioners, specialized care, or perhaps an integrated hospital system. The data they handle during healing and patient care are mostly sensitive data and, therefore, their management is strictly regulated. Finding our way in the jungle of laws, regulations and policies is not simple. Notwithstanding, our lack of information does not waive our responsibility. This study summarizes the most important points of international recommendations, standards and legal regulations of the field, as well as giving practical advices for managing medical and patient data securely and in compliance with the current legal regulations.

  12. Security Information System Digital Simulation

    OpenAIRE

    Tao Kuang; Shanhong Zhu

    2015-01-01

    The study built a simulation model for the study of food security information system relay protection. MATLAB-based simulation technology can support the analysis and design of food security information systems. As an example, the food security information system fault simulation, zero-sequence current protection simulation and transformer differential protection simulation are presented in this study. The case studies show that the simulation of food security information system relay protect...

  13. Information security principles and practice

    CERN Document Server

    Stamp, Mark

    2011-01-01

    Now updated-your expert guide to twenty-first century information security Information security is a rapidly evolving field. As businesses and consumers become increasingly dependent on complex multinational information systems, it is more imperative than ever to protect the confidentiality and integrity of data. Featuring a wide array of new information on the most current security issues, this fully updated and revised edition of Information Security: Principles and Practice provides the skills and knowledge readers need to tackle any information security challenge. Taking a pract

  14. Information Assurance Security in the Information Environment

    CERN Document Server

    Blyth, Andrew

    2006-01-01

    Intended for IT managers and assets protection professionals, this work aims to bridge the gap between information security, information systems security and information warfare. It covers topics such as the role of the corporate security officer; Corporate cybercrime; Electronic commerce and the global marketplace; Cryptography; and, more.

  15. Implementing an Information Security Program

    Energy Technology Data Exchange (ETDEWEB)

    Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.; O' Neil, Lori Ross; Leitch, Rosalyn; Johnson, Christopher; Lewis, John G.; Rodger, Robert M.

    2017-11-01

    The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to cover information security best practices, planning for an information security management system, and implementing security controls for information security.

  16. Information security becoming a priority for utilities

    Energy Technology Data Exchange (ETDEWEB)

    Nicolaides, S. [Numerex, Atlanta, GA (United States)

    2009-10-15

    As part of North America's national critical infrastructure, utilities are finding themselves at the forefront of a security issue. In October 2007, a leading security service provider reported a 90 per cent increase in the number of hackers attempting to attack its utility clients in just one year. Utilities are vulnerable to cyber attacks that could disrupt power production and the transmission system. This article discussed the need for intelligent technologies in securely enabling resource management and operational efficiency of the utilities market. It discussed the unique security challenges that utilities face at a time of greater regulatory activity, heightened environmental concerns, tighter data security requirements and an increasing need for remote monitoring and control. A new tool has emerged for cyber security in the form of an international standard that may offer a strong guideline to work toward 11 security domains. These include security policy; organization of information security; asset management; human resources security; physical and environmental security; communications and operations management; access control; information systems acquisition; development and maintenance; information security incident management; business continuity management; and compliance. 2 figs.

  17. Information Support of Foreign Policy

    Directory of Open Access Journals (Sweden)

    Olga A. Melnikova

    2015-01-01

    Full Text Available Informatization and modern information technologies cover the most various areas of social, spiritual and material human life and have become the dominating globalization factor with major impact on world events. Modern international relations present new challenges and threats ofcross-border nature, which fall within the area of information security. This brings issues of informational influence on international policy to the fore. In this context the question of improvement and modernization of policy instruments for more effective use of modern means of implementation of foreign policy priorities, including information support of international activities, achieves fundamental importance. Given the complexity of modern international relations and tasks facing foreign affairs departments, diplomatic success in many cases depends onthe efficiency of information support. The article analyses current objectives and methods of information support of foreign policy in the context of modern Russian legislation. The author examines the approach of the Information and Press Department of the Russian Ministryof Foreign Affairs,a subdivision responsible for information support and international cooperation in the media sphere. The article specifies the key role of new information technologies for informing the audience expeditiously and to the full extent in regard to Russian approaches to the solution of international problems, foreign policy initiatives and actions of the Russian Federation, and for counteracting attempts to discredit Russian foreign policy.

  18. 32 CFR 154.42 - Evaluation of personnel security information.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 1 2010-07-01 2010-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

  19. Network Paradigm of Information Security

    Directory of Open Access Journals (Sweden)

    Alexandr Diomidovich Afanasyev

    2016-03-01

    Full Text Available An issue of topological analysis has been claimed as a key one while creating robust and secure network systems. Some examples of complex network applications in information security domain have been cited.

  20. A Security Audit Framework to Manage Information System Security

    Science.gov (United States)

    Pereira, Teresa; Santos, Henrique

    The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

  1. Outsourcing information security

    CERN Document Server

    Axelrod, Warren

    2004-01-01

    This comprehensive and timely resource examines security risks related to IT outsourcing, clearly showing you how to recognize, evaluate, minimize, and manage these risks. Unique in its scope, this single volume offers you complete coverage of the whole range of IT security services and fully treats the IT security concerns of outsourcing. The book helps you deepen your knowledge of the tangible and intangible costs and benefits associated with outsourcing IT and IS functions.

  2. 75 FR 39582 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2010-07-09

    ... RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy... of the National Industrial Security Program Policy Advisory Committee. The meeting will be held to discuss National Industrial Security Program policy matters. DATES: The meeting will be held on July 21...

  3. Teaching RFID Information Systems Security

    Science.gov (United States)

    Thompson, Dale R.; Di, Jia; Daugherty, Michael K.

    2014-01-01

    The future cyber security workforce needs radio frequency identification (RFID) information systems security (INFOSEC) and threat modeling educational materials. A complete RFID security course with new learning materials and teaching strategies is presented here. A new RFID Reference Model is used in the course to organize discussion of RFID,…

  4. Communications and information infrastructure security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Communication and Information Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering strategies for protecting the telecommunications sector, wireless security, advanced web based technology for emergency situations. Science and technology for critical infrastructure consequence mitigation are also discussed.

  5. Research on network information security model and system construction

    OpenAIRE

    Wang Haijun

    2016-01-01

    It briefly describes the impact of large data era on China’s network policy, but also brings more opportunities and challenges to the network information security. This paper reviews for the internationally accepted basic model and characteristics of network information security, and analyses the characteristics of network information security and their relationship. On the basis of the NIST security model, this paper describes three security control schemes in safety management model and the...

  6. A novel approach to implementing digital policy management as an enabler for a dynamic secure information sharing in a cloud environment

    Science.gov (United States)

    Farroha, Bassam S.; Essman, Kristine R.; Farroha, Deborah L.; Cohen, Andy

    2011-06-01

    The traditional way of approaching the management and enforcement of information systems Policy in enterprise environments is to manually translate laws and regulations into a form that can be interpreted and enforced by enterprise devices. In other words we create system commands for routers, bridges, and firewalls to force data transfers and system access to comply with the current policies and approved rules in order to control access and protect private, sensitive, and classified information. As operational needs and threat levels change, the rules are modified to accommodate the required response. It then falls on System Administrators to manually change the configuration of the devices they manage to adapt their operations accordingly. As our user communities continue to rely more heavily on mission information, and the enterprise systems and networks that provide it, our enterprise needs to progress to more automated techniques that enable authorized managers to dynamically update and manage policies in digital formats. Automated management of access rules that control privileges for accessing secure information and enterprise resources, enabled by Digital Policy and other Enterprise Security Management (ESM) capabilities provides the means for system administrators to dynamically respond to changing user needs, threat postures and other environmental factors. With the increased popularity of virtual environments and advent of cloud enterprise services, IA management concepts need to be reexamined. Traditional ESM solutions may be subjected to new classes of threats as physical control of the assets that implement those services are relinquished to virtual environments. Additional operational factors such as invoking critical processing, controlling access to information during processing, ensuring adequate protection of transactions within virtual environments and executing ESM provisions are also affected. The paper describes the relationships among

  7. To The Question Of The Concepts "National Security", "Information Security", "National Information Security" Meanings

    OpenAIRE

    Alexander A. Galushkin

    2015-01-01

    In the present article author analyzes value of the concepts "national security", "information security", "national information security". Author gives opinions of scientists-jurists, definitions given by legislators and normotvorets in various regulations.

  8. ITIL (R) and Information Security

    OpenAIRE

    Jašek, Roman; Králík, Lukáš; Popelka, Miroslav

    2015-01-01

    This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework.

  9. 78 FR 9431 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2013-02-08

    ... RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy... Industrial Security Program policy matters. DATES: The meeting will be held on March 20, 2013 from 10:00 a.m... number of individuals planning to attend must be submitted to the Information Security Oversight Office...

  10. 78 FR 64024 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2013-10-25

    ... RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy... Industrial Security Program policy matters. DATES: The meeting will be held on November 14, 2013 from 10:00 a... number of individuals planning to attend must be submitted to the Information Security Oversight Office...

  11. 77 FR 63893 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2012-10-17

    ... RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy... Industrial Security Program policy matters. DATES: The meeting will be held on November 14, 2012 from 10:00 a... number of individuals planning to attend must be submitted to the Information Security Oversight Office...

  12. Efficient Enforcement of Security Policies in Distributed Systems

    OpenAIRE

    Alzahrani, Ali Mousa G.

    2013-01-01

    Policy-based management (PBM) is an adaptable security policy mechanism in information systems (IS) that confirm only authorised users can access resources. A few decades ago, the traditional PBM has focused on closed systems, where enforcement mechanisms are trusted by system administrators who define access control policies. Most of current work on the PBM systems focuses on designing a centralised policy decision point (PDP), the component that evaluates an access request against a poli...

  13. Analysing Information Systems Security In Higher Learning Institutions Of Uganda

    Directory of Open Access Journals (Sweden)

    Mugyenyi Raymond

    2017-10-01

    Full Text Available Information communication technology has increased globalisation in higher learning institution all over the world. This has been achieved through introduction of systems that ease operations related to information handling in the institutions. The paper assessed and analysed the information systems security performance status in higher learning institutions of Uganda. The existing policies that govern the information security have also been analysed together with the current status of information systems security in Uganda. Citations related management of information systems security and policies have been identified and analysed. A proposed model illustrating the effective management of information in higher learning institutions have been developed. Relevant recommendations and conclusions have also been developed.

  14. Information risk and security modeling

    Science.gov (United States)

    Zivic, Predrag

    2005-03-01

    This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

  15. INFORMATION SYSTEM SECURITY THREATS CLASSIFICATIONS

    Directory of Open Access Journals (Sweden)

    Sandro Gerić

    2007-06-01

    Full Text Available Information systems are exposed to different types of security risks. Theconsequences of information systems security (ISS breaches can vary from e.g. damaging the data base integrity to physical "destruction" of entire information system facilities, and can result with minor disruptions in less important segments of information systems, or with significant interruptions in information systems functionality. The sources of security risks are different, and can origin from inside or outside of information system facility, and can be intentional or unintentional. The precise calculation of loses caused by such incidents is often not possible because a number of small scale ISS incidents are never detected, or detected with a significant time delay, a part of incidents are interpreted as an accidental mistakes, and all that results with an underestimation of ISS risks. This paper addresses the different types and criteria of information system security risks (threats classification and gives an overview of most common classifications used in literature and in practice. We define a common set of criteria that can be used for information system security threats classification, which will enable the comparison and evaluation of different security threats from different security threats classifications.

  16. Managing information technology security risk

    Science.gov (United States)

    Gilliam, David

    2003-01-01

    Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

  17. INFORMATION SECURITY IN LOGISTICS COOPERATION

    Directory of Open Access Journals (Sweden)

    Tomasz Małkus

    2015-03-01

    Full Text Available Cooperation of suppliers of raw materials, semi-finished products, finished products, wholesalers, retailers in the form of the supply chain, as well as outsourcing of specialized logistics service require ensuring adequate support of information. It concerns the use of appropriate computer tools. The security of information in such conditions of collaboration becomes the important problem for parties of contract. The objective of the paper is to characterize main issues relating to security of information in logistics cooperation.

  18. Developments in Icelandic Security Policy

    Directory of Open Access Journals (Sweden)

    Alyson J.K. Bailes

    2014-12-01

    Full Text Available Iceland has been slow in developing a national security concept, for reasons that include a long period of reliance on US protection post-World War Two, and divided internal views over this defence solution. Since the withdrawal of all US stationed forces in 2006, Iceland’s security partnerships have diversified and attempts have been made to frame security in more multi-functional terms. The Risk Assessment Report of 2009 made important progress in itemizing non-military threats and risks. On this basis, a cross-party parliamentary committee was invited to start work in 2012 on guidelines for a security strategy. Its report, published in March 2014, establishes a large area of consensus on ‘softer’ security issues and on remaining in NATO, with a few dissenting voices on the latter. Its main omission is a proper treatment of economic and financial security, still tied to the divisive issue of EU membership. Meanwhile, Iceland’s recent security experience in 2014 has helped to highlight the reality of both harder and softer security challenges. The government can now proceed to draft a full official security strategy, to be laid before parliament possibly in 2015.

  19. Information technology - Security techniques - Information security management systems - Requirements

    CERN Document Server

    International Organization for Standardization. Geneva

    2005-01-01

    ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

  20. Trust in Security-Policy Enforcement Mechanisms

    National Research Council Canada - National Science Library

    Schneider, Fred B; Morrisett, Greg

    2006-01-01

    .... but provides the strong security guarantees of modern languages such as Java. A second avenue of language-based work explored a general class of policy enforcement mechanism based on in-line reference monitors (IRM...

  1. Verification of Security Policy Enforcement in Enterprise Systems

    Science.gov (United States)

    Gupta, Puneet; Stoller, Scott D.

    Many security requirements for enterprise systems can be expressed in a natural way as high-level access control policies. A high-level policy may refer to abstract information resources, independent of where the information is stored; it controls both direct and indirect accesses to the information; it may refer to the context of a request, i.e., the request’s path through the system; and its enforcement point and enforcement mechanism may be unspecified. Enforcement of a high-level policy may depend on the system architecture and the configurations of a variety of security mechanisms, such as firewalls, host login permissions, file permissions, DBMS access control, and application-specific security mechanisms. This paper presents a framework in which all of these can be conveniently and formally expressed, a method to verify that a high-level policy is enforced, and an algorithm to determine a trusted computing base for each resource.

  2. Computer and information security handbook

    CERN Document Server

    Vacca, John R

    2012-01-01

    The second edition of this comprehensive handbook of computer and information security provides the most complete view of computer security and privacy available. It offers in-depth coverage of security theory, technology, and practice as they relate to established technologies as well as recent advances. It explores practical solutions to many security issues. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors' respective areas of expertise. The book is organized into 10 parts comprised of 70 contributed

  3. Conducting an information security audit

    Directory of Open Access Journals (Sweden)

    Prof. Ph.D . Gheorghe Popescu

    2008-05-01

    Full Text Available The rapid and dramatic advances in information technology (IT in recent years have withoutquestion generated tremendous benefits. At the same time, information technology has created significant,nunprecedented risks to government and to entities operations. So, computer security has become muchmore important as all levels of government and entities utilize information systems security measures toavoid data tampering, fraud, disruptions in critical operations, and inappropriate disclosure of sensitiveinformation. Obviously, uses of computer security become essential in minimizing the risk of malicious attacksfrom individuals and groups, considering that there are many current computer systems with onlylimited security precautions in place.As we already know financial audits are the most common examinations that a business manager en-counters.This is a familiar area for most executives: they know that financial auditors are going to examine the financial records and how those records are used. They may even be familiar with physical securityaudits. However, they are unlikely to be acquainted with information security audits; that is an audit ofhow the confidentiality, availability and integrity of an organization’s information are assured. Any way,if not, they should be, especially that an information security audit is one of the best ways to determine thesecurity of an organization’s information without incurring the cost and other associated damages of a securityincident.

  4. Japan's National Security: Structures, norms, and policies

    International Nuclear Information System (INIS)

    Katzenstein, P.J.; Okawara, N.

    1993-01-01

    Japan's national security policy has two distinctive aspects that deserve analysis. First, Japan's definition of national security goes far beyond traditional military notions. National security is viewed in comprehensive terms that also include economic and political dimensions. The second feature of Japan's security policy worth explanation is a distinctive mixture of flexibility and rigidity in the process of policy adaptation to change: flexibility on issues of economic security, rigidity on issues of military security, and flexibility combined with rigidity on issues of political security. With the end of the Cold War and changes in the structure of the international system, it is only natural that we ask whether and how Japan's national security policy will change as well. Optimists insist that the Asian balance of power and the US-Japan relationship will make Japan aspire to be a competitive, noninterventionist trading state that heeds the universal interest of peace and profit rather than narrow aspirations for national power. Pessimists warn us instead that the new international system will finally confirm Herman Kahn's prediction of 1970: Japan will quickly change to the status of a nuclear superpower, spurred perhaps by what some see as a dangerous rise of Japanese militarism in the 1970s and 1980s

  5. SECURITY POLICIES APPROACHED BY VALUE ANALYSIS CONCEPTS

    Directory of Open Access Journals (Sweden)

    Florina Oana Varlanuta

    2006-01-01

    Full Text Available This paper intends to redefine the role of the end users of the Internet facilities, in the process of creation of more secure transactions on the Internet, in respect of their privacy. In this context, the purpose is to introduce the use of end user (customer value concept in the process of Security policy framework design.

  6. Food Security Policy in a Stochastic World

    OpenAIRE

    Adelman, Irma; Berck, Peter

    1989-01-01

    Food security may be increased by variance-reducing strategies, by food aid, or by development strategies. This paper uses a Korea CGE model, subjected to random fluctuation in world-prices and domestic food productivity, to evaluate these policies. We find that poverty-reducing development strategies are the most effective food-security strategies.

  7. Health Information Security in Hospitals: the Application of Security Safeguards.

    Science.gov (United States)

    Mehraeen, Esmaeil; Ayatollahi, Haleh; Ahmadi, Maryam

    2016-02-01

    A hospital information system has potentials to improve the accessibility of clinical information and the quality of health care. However, the use of this system has resulted in new challenges, such as concerns over health information security. This paper aims to assess the status of information security in terms of administrative, technical and physical safeguards in the university hospitals. This was a survey study in which the participants were information technology (IT) managers (n=36) who worked in the hospitals affiliated to the top ranked medical universities (university A and university B). Data were collected using a questionnaire. The content validity of the questionnaire was examined by the experts and the reliability of the questionnaire was determined using Cronbach's coefficient alpha (α=0.75). The results showed that the administrative safeguards were arranged at a medium level. In terms of the technical safeguards and the physical safeguards, the IT managers rated them at a strong level. According to the results, among three types of security safeguards, the administrative safeguards were assessed at the medium level. To improve it, developing security policies, implementing access control models and training users are recommended.

  8. Graphs for information security control in software defined networks

    Science.gov (United States)

    Grusho, Alexander A.; Abaev, Pavel O.; Shorgin, Sergey Ya.; Timonina, Elena E.

    2017-07-01

    Information security control in software defined networks (SDN) is connected with execution of the security policy rules regulating information accesses and protection against distribution of the malicious code and harmful influences. The paper offers a representation of a security policy in the form of hierarchical structure which in case of distribution of resources for the solution of tasks defines graphs of admissible interactions in a networks. These graphs define commutation tables of switches via the SDN controller.

  9. Improving Information Security Risk Management

    Science.gov (United States)

    Singh, Anand

    2009-01-01

    manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…

  10. Security Policy and Developments in Central Asia : Security Documents Compared with Security Challenges

    NARCIS (Netherlands)

    Haas, de M.

    2016-01-01

    This article examines the security policy of the Central Asian (CA) states, by comparing theory (security documents) with practice (the actual security challenges). The lack of CA regional (security) cooperation and authoritarian rule puts political and economic stability at stake. The internal and

  11. 75 FR 28777 - Information Collection; Financial Information Security Request Form

    Science.gov (United States)

    2010-05-24

    ... Collection; Financial Information Security Request Form AGENCY: Forest Service, USDA. ACTION: Notice; Request... currently approved information collection; Financial Information Security Request Form. DATES: Comments must... Standard Time, Monday through Friday. SUPPLEMENTARY INFORMATION: Title: Financial Information Security...

  12. Security policies and trust in ubiquitous computing.

    Science.gov (United States)

    Joshi, Anupam; Finin, Tim; Kagal, Lalana; Parker, Jim; Patwardhan, Anand

    2008-10-28

    Ubiquitous environments comprise resource-constrained mobile and wearable devices and computational elements embedded in everyday artefacts. These are connected to each other using both infrastructure-based as well as short-range ad hoc networks. Limited Internet connectivity limits the use of conventional security mechanisms such as public key infrastructures and other forms of server-centric authentication. Under these circumstances, peer-to-peer interactions are well suited for not just information interchange, but also managing security and privacy. However, practical solutions for protecting mobile devices, preserving privacy, evaluating trust and determining the reliability and accuracy of peer-provided data in such interactions are still in their infancy. Our research is directed towards providing stronger assurances of the reliability and trustworthiness of information and services, and the use of declarative policy-driven approaches to handle the open and dynamic nature of such systems. This paper provides an overview of some of the challenges and issues, and points out directions for progress.

  13. 78 FR 5116 - NASA Information Security Protection

    Science.gov (United States)

    2013-01-24

    ... 2700-AD61 NASA Information Security Protection AGENCY: National Aeronautics and Space Administration... implement the provisions of Executive Order (E.O.) 13526, Classified National Security Information, and... uniform system for classifying, accounting, safeguarding, and declassifying national security information...

  14. From the Weakest Link to the Best Defense: Exploring the Factors That Affect Employee Intention to Comply with Information Security Policies

    Science.gov (United States)

    Aurigemma, Salvatore

    2013-01-01

    Information and information systems have become embedded in the fabric of contemporary organizations throughout the world. As the reliance on information technology has increased, so too have the threats and costs associated with protecting organizational information resources. To combat potential information security threats, organizations rely…

  15. Securities Market Journal: Editorial Policies

    African Journals Online (AJOL)

    The Securities Market Journal (SMJ) is one of the tools used by the Commission to enlighten and educate the public on transport issues in the capital market. It is also a reference material for students and researchers on the capital market issues as well as providing the general public with more broad based knowledge on ...

  16. Development of an Internet Security Policy for health care establishments.

    Science.gov (United States)

    Ilioudis, C; Pangalos, G

    2000-01-01

    The Internet provides unprecedented opportunities for interaction and data sharing among health care providers, patients and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality and integrity of information. This paper defines the basic security requirements that must be addressed in order to use the Internet to safely transmit patient and/or other sensitive Health Care information. It describes a suitable Internet Security Policy for Health Care Establishments and provides the set of technical measures that are needed for its implementation. The proposed security policy and technical approaches have been based on an extensive study of the related recommendations from the security and standard groups both in EU amid USA and our related work and experience. The results have been utilized in the framework of the Intranet Health Clinic project, where the use of the Internet for the transmission of sensitive Health Care information is of vital importance.

  17. How the Russian Federation Uses the Informational Instrument of National Power to Influence the Republic of Moldovas Strategic Security Policy

    Science.gov (United States)

    2017-06-09

    psychological operations. The goal of IW is to demoralize an opponent by controlling or influencing sources of information.13 On the other hand...DC: Government Printing Office, 2012), 1-5. 22 David J. Haight, “Propaganda, Information and Psychological Warfare: Cold War And Hot” (Holdings...concept as “information- psychological war.” It is a method used to disorganize and demoralize an opponent in the realms of perception and the minds of men

  18. Information Security Program Regulation

    Science.gov (United States)

    1986-06-01

    thereto, that has been lost or possibly compromised, shall be reevaluated and acted upon as follows: a. The original classifying authority, upon learning ...to all holders of such information when the determination is within categories (b), (c), or (d) of subparagraph 1., above. b. Upon learning that a...Words and Meanin , - a. The using Component shall promptly notify the Joint Chiefs of Staff when a code word is made active, indicating the word, and its

  19. Theoretical foundations of information security investment security companies

    Directory of Open Access Journals (Sweden)

    G.V. Berlyak

    2015-03-01

    Full Text Available Methodological problems related to the lack of guidance in the provisions (standards of accounting on the reflection in the accounting and financial reporting of the research object. In this connection, it is proposed to amend the provisions (standards of accounting. This will allow to come to the consistency of accounting methods of operations with elements of investment activity. Based on analysis of the information needs of users suggested indicators identikativnye blocks (block corporate finance unit assess the relationship with financial institutions, block the fulfillment of obligations according to the calculations, the investment unit, a science and innovation, investment security and developed forms of internal accounting controls and improvements to existing forms financial statements for the investment activities of the enterprise. Using enterprise data reporting forms provide timely and reliable information on the identity and structure of investment security and enable the company to effectively plan and develop personnel policies for enterprise management.

  20. Energy security and climate policy. Assessing interactions

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    2007-03-28

    World energy demand is surging. Oil, coal and natural gas still meet most global energy needs, creating serious implications for the environment. One result is that CO2 emissions, the principal cause of global warming, are rising. This new study underlines the close link between efforts to ensure energy security and those to mitigate climate change. Decisions on one side affect the other. To optimise the efficiency of their energy policy, OECD countries must consider energy security and climate change mitigation priorities jointly. The book presents a framework to assess interactions between energy security and climate change policies, combining qualitative and quantitative analyses. The quantitative analysis is based on the development of energy security indicators, tracking the evolution of policy concerns linked to energy resource concentration. The 'indicators' are applied to a reference scenario and CO2 policy cases for five case-study countries: The Czech Republic, France, Italy, the Netherlands, and the United Kingdom. Simultaneously resolving energy security and environmental concerns is a key challenge for policy makers today. This study helps chart the course.

  1. Aspects regarding the implementation of information security standards in organizations

    Directory of Open Access Journals (Sweden)

    Mihai Bârsan

    2017-03-01

    Full Text Available Information security is one of the major challenges of the information and knowledge based society. The preoccupation of organizations to ensure the security of information in the digital environment has led to the emergence of specific standards in the field. Thus, ISO 27000 brings together reference standards in the field. Starting from ISO 27001, which summarizes policies and procedures on physical, legal and technological security risks, this paper looks at the steps the organization must undertake to implement the standards.

  2. Information security management with ITIL V3

    CERN Document Server

    Cazemier, Jacques A; Peters, Louk

    2010-01-01

    This groundbreaking new title looks at Information Security from defining what security measures positively support the business, to implementation to maintaining the required level and anticipating required changes. It covers:Fundamentals of information security ? providing readers insight and give background about what is going to be managed. Topics covered include: types of security controls, business benefits and the perspectives of business, customers, partners, service providers, and auditors.Fundamentals of management of information security - explains what information security manageme

  3. Information Security Risk Assessment in Hospitals.

    Science.gov (United States)

    Ayatollahi, Haleh; Shagerdi, Ghazal

    2017-01-01

    To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies.

  4. Reducing normative conflicts in information security

    NARCIS (Netherlands)

    Pieters, Wolter; Coles-Kemp, Lizzie

    Security weaknesses often stem from users trying to comply with social expectations rather than following security procedures. Such normative conflicts between security policies and social norms are therefore undesirable from a security perspective. It has been argued that system developers have a

  5. Many-to-Many Information Flow Policies

    DEFF Research Database (Denmark)

    Baldan, Paolo; Beggiato, Alessandro; Lluch Lafuente, Alberto

    2017-01-01

    of security levels, thus allowing to capture coordinated flows of information. The flow of information is expressed in terms of causal dependencies and the satisfaction of a policy is defined with respect to an event structure that is assumed to capture the causal structure of system computations. We suggest...

  6. Modelling mobility aspects of security policies

    NARCIS (Netherlands)

    Hartel, Pieter H.; van Eck, Pascal; Etalle, Sandro; Wieringa, Roelf J.

    Security policies are rules that constrain the behaviour of a system. Different, largely unrelated sets of rules typically govern the physical and logical worlds. However, increased hardware and software mobility forces us to consider those rules in an integrated fashion. We present SPIN models of

  7. Engineering Information Security The Application of Systems Engineering Concepts to Achieve Information Assurance

    CERN Document Server

    Jacobs, Stuart

    2011-01-01

    Information security is the act of protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction. This book discusses why information security is needed and how security problems can have widespread impacts. It covers the complete security lifecycle of products and services, starting with requirements and policy development and progressing through development, deployment, and operations, and concluding with decommissioning. Professionals in the sciences, engineering, and communications fields will turn to this resource to understand the many legal,

  8. Analysing Information Systems Security In Higher Learning Institutions Of Uganda

    OpenAIRE

    Mugyenyi Raymond

    2017-01-01

    Information communication technology has increased globalisation in higher learning institution all over the world. This has been achieved through introduction of systems that ease operations related to information handling in the institutions. The paper assessed and analysed the information systems security performance status in higher learning institutions of Uganda. The existing policies that govern the information security have also been analysed together with the current status of inform...

  9. Pragmatic security metrics applying metametrics to information security

    CERN Document Server

    Brotby, W Krag

    2013-01-01

    Other books on information security metrics discuss number theory and statistics in academic terms. Light on mathematics and heavy on utility, PRAGMATIC Security Metrics: Applying Metametrics to Information Security breaks the mold. This is the ultimate how-to-do-it guide for security metrics.Packed with time-saving tips, the book offers easy-to-follow guidance for those struggling with security metrics. Step by step, it clearly explains how to specify, develop, use, and maintain an information security measurement system (a comprehensive suite of metrics) to

  10. Audit Characteristics for Information System Security

    Directory of Open Access Journals (Sweden)

    2007-01-01

    Full Text Available The paper presents the main aspects regarding the development of the information security and assurance of their security. The information systems, standards and audit processes definitions are offered. There are presented the most important security standards used in information system security assessment

  11. Audit Characteristics for Information System Security

    OpenAIRE

    Marius POPA; Mihai DOINEA

    2007-01-01

    The paper presents the main aspects regarding the development of the information security and assurance of their security. The information systems, standards and audit processes definitions are offered. There are presented the most important security standards used in information system security assessment

  12. Detailed Information Security in Cloud Computing

    OpenAIRE

    Pavel Valerievich Ivonin

    2013-01-01

    The object of research in this article is technology of public clouds, structure and security system of clouds. Problems of information security in clouds are considered, elements of security system in public clouds are described.

  13. Is Seeing Believing? Training Users on Information Security: Evidence from Java Applets

    Science.gov (United States)

    Ayyagari, Ramakrishna; Figueroa, Norilyz

    2017-01-01

    Information Security issues are one of the top concerns of CEOs. Accordingly, information systems education and research have addressed security issues. One of the main areas of research is the behavioral issues in Information Security, primarily focusing on users' compliance to information security policies. We contribute to this literature by…

  14. Database and applications security integrating information security and data management

    CERN Document Server

    Thuraisingham, Bhavani

    2005-01-01

    This is the first book to provide an in-depth coverage of all the developments, issues and challenges in secure databases and applications. It provides directions for data and application security, including securing emerging applications such as bioinformatics, stream information processing and peer-to-peer computing. Divided into eight sections, each of which focuses on a key concept of secure databases and applications, this book deals with all aspects of technology, including secure relational databases, inference problems, secure object databases, secure distributed databases and emerging

  15. Relationship between stakeholders' information value perception and information security behaviour

    Science.gov (United States)

    Tajuddin, Sharul; Olphert, Wendy; Doherty, Neil

    2015-02-01

    The study, reported in this paper, aims to explore the relationship between the stakeholders' perceptions about the value of information and their resultant information security behaviours. Moreover, this study seeks to explore the role of national and organisational culture in facilitating information value assignment. Information Security is a concept that formed from the recognition that information is valuable and that there is a need to protect it. The ISO 27002 defines information as an asset, which, like other important business assets, is essential to an organisation's business and consequently needs to be appropriately protected. By definition, an asset has a value to the organisation hence it requires protection. Information protection is typically accomplished through the implementation of countermeasures against the threats and vulnerabilities of information security, for example, implementation of technological processes and mechanisms such as firewall and authorization and authentication systems, set-up of deterrence procedures such as password control and enforcement of organisational policy on information handling procedures. However, evidence routinely shows that despite such measures, information security breaches and incidents are on the rise. These breaches lead to loss of information, personal records, or other data, with consequent implications for the value of the information asset. A number of studies have suggested that such problems are not related primarily to technology problems or procedural deficiencies, but rather to stakeholders' poor compliance with the security measures that are in place. Research indicates that compliance behaviour is affected by many variables including perceived costs and benefits, national and organisational culture and norms. However, there has been little research to understand the concept of information value from the perspective of those who interact with the data, and the consequences for information

  16. Building Land Information Policies

    DEFF Research Database (Denmark)

    Enemark, Stig

    2004-01-01

    of measurement science, spatial information, management, and land management. (2) To establish national professional associations which accommodate a modern interdisciplinary profile. (3) To assess the capacity needs in land administration and to develop the capacity needed at societal, institutional......The paper presents a conceptual understanding in the areas of Cadastre, Land Administration, and Land Management as a basis for building adequate land information policies. To develop this understanding the paper looks at each area as a system or an infrastructure designed for handling specific...... and judicial setting of the individual country. However, in spite of the different origins, the systems seem to merge into a global model serving some basic societal needs. The paper presents an outline of this development towards a global model for sustainable land administration infrastructures...

  17. Encyclopedia of Information Ethics and Security

    Directory of Open Access Journals (Sweden)

    Reviewed by Yavuz AKBULUT

    2008-01-01

    andcommunication technologies provided in the source can help educationaladministrators and policy-makers. Table of contents along with the names ofcontributors are provided below: 3D Avatars and Collaborative Virtual Environments/Koon-Ying Raymond Li,James Sofra, and Mark Power Access Control for Healthcare/Yifeng Shen Advertising in the Networked Environment/Savvas Papagiannidis and MichaelBourlakis Anonymous Peer-to-Peer Systems/Wenbing Zhao Argumentation and Computing/Ephraim Nissan Argumentation with Wigmore Charts and Computing/Ephraim Nissan Artificial Intelligence Tools for Handling Legal Evidence/Ephraim Nissan Barriers Facing African American Women in Technology/Jianxia Du, George H.Pate, Deneen Sherrod, and Wei-Chieh Yu B-POS Secure Mobile Payment System/Antonio Grillo, Alessandro Lentini, andGianluigi Me Building Secure and Dependable Information Systems/Wenbing Zhao Classifying Articles in Information Ethics and Security/Zack Jourdan, R. KellyRainer Jr., and Thomas E. Marshall Computational Ethics/Alicia I. Ruvinsky Computer Ethics and Intelligent Technologies/Yefim Kats Computer Worms, Detection, and Defense/Robert J. Cole and Chao-Hsien Chu Conflicting Value of Digital Music Piracy/Matthew Butler Content Filtering Methods for Internet Pornography/Jengchung V. Chen andShaoYu F. Huang Cyber-Terrorism in Australia/Christopher Beggs Data Security and Chase/Zbigniew W. Ras and Seunghyun Im Defending against Distributed Denial of Service/Yang Xiang and Wanlei Zhou Digital Divide Implications and Trends/Irene Chen and Terry T. Kidd Digital Rights Management Metadata and Standards/Jo Anne Cote and Eun G.Park235 Dilemmas of Online Identity Theft/Omer Mahmood Document Security in the Ancient World/Christopher H. Walker DRM Practices in the E-Publication Industry/Bong Wee Kiau and NorshuhadaShiratuddin Educational Technology Practitioner-Research Ethics/Kathleen Gray E-Health and Ensuring Quality

  18. Information Security Management in Context of Globalization

    OpenAIRE

    Wawak, Slawomir

    2012-01-01

    Modern information technologies are the engine of globalization. At the same time, the global market influences the way of looking at information security. Information security thus becomes an increasingly important field. The article discuses the results of research on information security management systems in public administration in Poland.

  19. Modeling Security-Enhanced Linux Policy Specifications for Analysis (Preprint)

    National Research Council Canada - National Science Library

    Archer, Myla; Leonard, Elizabeth; Pradella, Matteo

    2003-01-01

    Security-Enhanced (SE) Linux is a modification of Linux initially released by NSA in January 2001 that provides a language for specifying Linux security policies and, as in the Flask architecture, a security server...

  20. Food security policies in India and China

    DEFF Research Database (Denmark)

    Yu, Wusheng; Elleby, Christian; Zobbe, Henrik

    2015-01-01

    Food insecurity is a much more serious concern in India than China. In addition to income and poverty differences, we argue in this paper that differences in food policies can further explain the different food security outcomes across the two countries. First, India mostly uses price-based input...... adopting a widely criticized public distribution system and China mainly using direct income transfers and other social safety nets. Third, although both committed considerable fiscal resources to insulating their respective domestic markets, especially during recent food price spikes, India’s heavy...... dependence on price-based measures causes relatively larger and more volatile fiscal burdens, thereby likely making it more vulnerable in dealing with similar events in the future. These findings have important implications for food policy and food security in the two countries in the future....

  1. An Agile Enterprise Regulation Architecture for Health Information Security Management

    Science.gov (United States)

    Chen, Ying-Pei; Hsieh, Sung-Huai; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

    2010-01-01

    Abstract Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital. PMID:20815748

  2. An agile enterprise regulation architecture for health information security management.

    Science.gov (United States)

    Chen, Ying-Pei; Hsieh, Sung-Huai; Cheng, Po-Hsun; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

    2010-09-01

    Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital.

  3. Optimal Aide Security Information Search (OASIS)

    National Research Council Canada - National Science Library

    Kapadia, Chetna

    2005-01-01

    The purpose of the Optimal AIDE Security Information Search (OASIS) effort was to investigate and prototype a tool that can assist the network security analyst in collecting useful information to defend the networks they manage...

  4. Army Secure Operating System: Information Security for Real Time Systems

    National Research Council Canada - National Science Library

    Anderson, Eric

    1984-01-01

    .... ASOS will support real time applications software coded in Ada. In addition, ASOS will incorporate information security technology to protect classified data processed by Army tactical systems...

  5. 76 FR 62630 - Information Security Regulations

    Science.gov (United States)

    2011-10-11

    ... CENTRAL INTELLIGENCE AGENCY 32 CFR Part 1902 Information Security Regulations AGENCY: Central... information security regulations which have become outdated. The Executive Order upon which the regulations... CFR Part 1902 Information security regulations. PART 1902 [REMOVED AND RESERVED] Sec. 1902.13 [Removed...

  6. Physical protection educational program - information security aspects

    International Nuclear Information System (INIS)

    Tolstoy, A.

    2002-01-01

    Full text: Conceptual approaches for designing an expert training program on object physical protection taking into account information security aspects are examined. A special educational course does not only address the immediate needs for an educational support but also ensures that new professionals include new concepts and knowledge in their practice and encourages current practitioners towards such practice. Features of the modern physical protection systems (PPS) and classification of information circulating at them are pointed out. The requirements to the PPS information protection subsystem are discussed. During the PPS expert training on information security (IS) aspects they should receive certain knowledge, on the basis of which they could competently define and carry out the PPS IS policy for a certain object. Thus, it is important to consider minimally necessary volume of knowledge taught to the PPS experts for independent and competent implementation of the above listed tasks. For the graduate PPS IS expert training it is also necessary to examine the normative and legal acts devoted to IS as a whole and the PPS IS in particular. It is caused by necessity of conformity of methods and information protection tools implemented on a certain object to the federal and departmental IS requirements. The departmental normative IS requirements define an orientation of the PPS expert training. By curriculum development it is necessary to precisely determine for whom the PPS experts are taught. The curriculum should reflect common features of the PPS functioning of the certain object type, i.e. it should be adapted to a certain customer of the experts. The specified features were taken into account by development of an educational course 'Information security of the nuclear facility physical protection systems', taught at the Moscow Engineering Physics Institute (State University) according to the Russian-American educational program 'Master in Physical

  7. Incentive Issues in Information Security Management

    Science.gov (United States)

    Lee, Chul Ho

    2012-01-01

    This dissertation studies three incentive issues in information security management. The first essay studies contract issues between a firm that outsources security functions and a managed security service provider (MSSP) that provides security functions to the firm. Since MSSP and firms cannot observe each other's actions, both can suffer…

  8. Ethical Hacking in Information Security Curricula

    Science.gov (United States)

    Trabelsi, Zouheir; McCoey, Margaret

    2016-01-01

    Teaching offensive security (ethical hacking) is becoming a necessary component of information security curricula with a goal of developing better security professionals. The offensive security components extend curricula beyond system defense strategies. This paper identifies and discusses the learning outcomes achieved as a result of hands-on…

  9. Information Security and Data Breach Notification Safeguards

    National Research Council Canada - National Science Library

    Stevens, Gina M

    2007-01-01

    .... Information security standards are designed to protect personally identifiable information from compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or other situations...

  10. Invalidating Policies using Structural Information

    DEFF Research Database (Denmark)

    Kammuller, Florian; Probst, Christian W.

    2014-01-01

    by invalidating policies using structural information of the organisational model. Based on this structural information and a description of the organisation’s policies, our approach invalidates the policies and identifies exemplary sequences of actions that lead to a violation of the policy in question. Based...... on these examples, the organisation can identify real attack vectors that might result in an insider attack. This information can be used to refine access control systems or policies. We provide case studies showing how mechanical verification tools, i.e. modelchecking with MCMAS and interactive theorem proving...

  11. External dimension of Ukraine’s security policy

    OpenAIRE

    O. S. Vonsovych

    2015-01-01

    Investigation of the external dimension of security policy of Ukraine is stipulated for the need to analyse the current state of relations with organizations such as the Organization for Security and Co-operation in Europe and The Collective Security Treaty Organization, and relations within the Common European Security and Defence Policy. Ukraine’s European Integration means inclusion in the global space security with countries that it shares common values and principles. It does not exclude...

  12. Developing an Undergraduate Information Systems Security Track

    Science.gov (United States)

    Sharma, Aditya; Murphy, Marianne C.; Rosso, Mark A.; Grant, Donna

    2013-01-01

    Information Systems Security as a specialized area of study has mostly been taught at the graduate level. This paper highlights the efforts of establishing an Information Systems (IS) Security track at the undergraduate level. As there were many unanswered questions and concerns regarding the Security curriculum, focus areas, the benefit of…

  13. Ethical aspects of information security and privacy

    NARCIS (Netherlands)

    Brey, Philip A.E.; Petkovic, M.; Jonker, Willem

    2007-01-01

    This chapter reviews ethical aspects of computer and information security and privacy. After an introduction to ethical approaches to information technology, the focus is first on ethical aspects of computer security. These include the moral importance of computer security, the relation between

  14. reputation Risks through Information Security Incidents

    Directory of Open Access Journals (Sweden)

    Vitaly Eduardovich Dorokhov

    2014-05-01

    Full Text Available The article deals with accounting reputational risks arising through information security breaches in the management of a business entity. Security breach incidents which results to the loss of reputation are identified. Based on this analysis the definition of reputational risk in information security is given.

  15. 78 FR 73819 - Information Collection; Financial Information Security Request Form

    Science.gov (United States)

    2013-12-09

    ... DEPARTMENT OF AGRICULTURE Forest Service Information Collection; Financial Information Security..., Financial Information Security Request Form. DATES: Comments must be received in writing on or before... Information Security Request Form. OMB Number: 0596-0204. Expiration Date of Approval: 02/28/2014. Type of...

  16. Security Engine Management of Router based on Security Policy

    OpenAIRE

    Su Hyung Jo; Ki Young Kim; Sang Ho Lee

    2007-01-01

    Security management has changed from the management of security equipments and useful interface to manager. It analyzes the whole security conditions of network and preserves the network services from attacks. Secure router technology has security functions, such as intrusion detection, IPsec(IP Security) and access control, are applied to legacy router for secure networking. It controls an unauthorized router access and detects an illegal network intrusion. This paper re...

  17. Nuclear Cyber Security Issues and Policy Recommendations

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Cheol-Kwon; Lee, Dong-Young [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of); Lee, Na-Young; Hwang, Young-Soo [Korea Institute of Nuclear Nonproliferation and Control, Daejeon (Korea, Republic of)

    2015-10-15

    The cyber-attack against computer systems causes the loss of function which brings about the big economic loss, and it becomes a national-wide issue. In recent days the cyber threat has occurred in the national critical infrastructure around the world. In the nuclear industry, while discussing responses to various threats against nuclear facilities since 2006, cyber-terrorism was also discussed. But at that time, cyber-attacks against control networks in nuclear facilities were not seriously considered because those networks were isolated from the Internet thoroughly and it was evaluated that cyber penetration would not be possible. However Stuxnet worm virus which attacked Iran's nuclear facilities confirmed that the cyber security problem could occur even in other nuclear facilities. The facilities were isolated from the Internet. After the cyber incident, we began to discuss the topic of NPP cyber security. It is very difficult to predict whether or when or how the cyber-attack will be occurred, which is a characteristic of cyber-attack. They could be always detected only after when an incident had occurred. This paper summarizes the report, 'Nuclear Cyber Security Issues and Policy Recommendations' by issue committee in the Korea Nuclear Society, which reviewed the cyber security framework for nuclear facilities in the Republic of Korea being established to prevent nuclear facilities from cyber-attacks and to respond systematically. As a result this paper proposes several comments to improve the security and furthermore safety of nuclear facilities Digital technology will be used more widely at the national critical infrastructure including nuclear facilities in the future, and moreover wireless technologies and mobile devices will be soon introduced to nuclear industry. It is therefore anticipated that the rapid advance in digital technology will accelerate the opportunity of hacking these facilities.

  18. Nuclear Cyber Security Issues and Policy Recommendations

    International Nuclear Information System (INIS)

    Lee, Cheol-Kwon; Lee, Dong-Young; Lee, Na-Young; Hwang, Young-Soo

    2015-01-01

    The cyber-attack against computer systems causes the loss of function which brings about the big economic loss, and it becomes a national-wide issue. In recent days the cyber threat has occurred in the national critical infrastructure around the world. In the nuclear industry, while discussing responses to various threats against nuclear facilities since 2006, cyber-terrorism was also discussed. But at that time, cyber-attacks against control networks in nuclear facilities were not seriously considered because those networks were isolated from the Internet thoroughly and it was evaluated that cyber penetration would not be possible. However Stuxnet worm virus which attacked Iran's nuclear facilities confirmed that the cyber security problem could occur even in other nuclear facilities. The facilities were isolated from the Internet. After the cyber incident, we began to discuss the topic of NPP cyber security. It is very difficult to predict whether or when or how the cyber-attack will be occurred, which is a characteristic of cyber-attack. They could be always detected only after when an incident had occurred. This paper summarizes the report, 'Nuclear Cyber Security Issues and Policy Recommendations' by issue committee in the Korea Nuclear Society, which reviewed the cyber security framework for nuclear facilities in the Republic of Korea being established to prevent nuclear facilities from cyber-attacks and to respond systematically. As a result this paper proposes several comments to improve the security and furthermore safety of nuclear facilities Digital technology will be used more widely at the national critical infrastructure including nuclear facilities in the future, and moreover wireless technologies and mobile devices will be soon introduced to nuclear industry. It is therefore anticipated that the rapid advance in digital technology will accelerate the opportunity of hacking these facilities

  19. Strategic information security: facing the cyber impact

    CSIR Research Space (South Africa)

    Grobler, M

    2010-10-01

    Full Text Available Strategic information security is becoming a more prominent aspect of modern day living. With the strong digital component that forms part of modern day business, the multiplicity of security risks and the emergence of increasingly complex threats...

  20. 12 CFR 12.7 - Securities trading policies and procedures.

    Science.gov (United States)

    2010-01-01

    ... 12 Banks and Banking 1 2010-01-01 2010-01-01 false Securities trading policies and procedures. 12.7 Section 12.7 Banks and Banking COMPTROLLER OF THE CURRENCY, DEPARTMENT OF THE TREASURY RECORDKEEPING AND CONFIRMATION REQUIREMENTS FOR SECURITIES TRANSACTIONS § 12.7 Securities trading policies and...

  1. 34 CFR 668.46 - Institutional security policies and crime statistics.

    Science.gov (United States)

    2010-07-01

    ... Institutional and Financial Assistance Information for Students § 668.46 Institutional security policies and... security of and access to campus facilities, including campus residences, and security considerations used... concerning who should be contacted, the importance of preserving evidence for the proof of a criminal offense...

  2. Information technology security system engineering methodology

    Science.gov (United States)

    Childs, D.

    2003-01-01

    A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.

  3. 32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

    Science.gov (United States)

    2010-07-01

    ... SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19 Declassification by the Director of the Information Security Oversight Office. If the Director of the Information... Information Security Oversight Office. 2400.19 Section 2400.19 National Defense Other Regulations Relating to...

  4. The Firewall and Security of Information Systems

    OpenAIRE

    Radut Carmen; Albici Mihaela; Tenovici Cristina Otilia

    2010-01-01

    Information security is a broader concept which refers to ensuring the integrity, confidentiality and availability of information. The dynamics of information technology to induce new risks to which organizations must implement new measures of control. Technological development has been accompanied by security solutions, equipment manufacturers and applications including technical methods of protection performance. However, while in information technology change is exponential, the human comp...

  5. STUDY ON COMPANY SECURITY POLICIES FROM DIGITAL MEDIA

    Directory of Open Access Journals (Sweden)

    CRISTINA-MARIA RĂDULESCU

    2015-12-01

    Full Text Available The Internet development has brought both new opportunities and risks for either retailers or consumers. For example, electronic commerce is much faster and less expensive, but this openness makes it difficult to secure. People are aware of the fact that online businesses collecting, process and distribute enormous amounts of personal data and therefore, are concerned about their unauthorized use or their use in other purposes than intended by third parties in order to gain unauthorized access to them. There are more examples of cyber criminal activities, such as: hacking, software piracy, passwords attack, service prohibition attacks, scamming, etc. Such fears led to the editing of protection policies meant to secure personal data and to develop some mechanisms to ensure the reliability and confidentiality of electronic information. Security measures include access control devices, installation of firewalls and intrusion detection devices, of some security procedures to identify and authenticate authorized users of network systems. Such mechanisms constitute the core of this study. We will also analyze security and confidentiality policy of personal data of Google Inc.

  6. Information security and business continuity in Tecnatom

    International Nuclear Information System (INIS)

    Fernandez de Miguel, C.

    2013-01-01

    Information security is a key issue for companies that manage and process nuclear business related data. Availability of information systems as well as new data exchange facilities through simple and broad communication networks are the pillars of cooperation between different organizations, generating significant savings in costs and expanding the capacity to minimeze them. In this regard, information security is one of the major challenges for IT departments. This articles presents Tecnatoms experience in the Information Security Management Implementation project. Over several years, since 2004, the information security management has been developed and consolidated as an ongoing and horizontal process. (Author)

  7. Optical and digital techniques for information security

    CERN Document Server

    2005-01-01

    Optical and Digital Techniques for Information Security is the first book in a series focusing on Advanced Sciences and Technologies for Security Applications. This book encompases the results of research investigation and technologies used to secure, verify, recognize, track, and authenticate objects and information from theft, counterfeiting, and manipulation by unauthorized persons and agencies. This Information Security book will draw on the diverse expertise in optical sciences and engineering, digital image processing, imaging systems, information processing, computer based information systems, sensors, detectors, and biometrics to report innovative technologies that can be applied to information security issues. The Advanced Sciences and Technologies for Security Applications series focuses on research monographs in the areas of: -Recognition and identification (including optical imaging, biometrics, authentication, verification, and smart surveillance systems) -Biological and chemical threat detection...

  8. Information security protecting the global enterprise

    CERN Document Server

    Pipkin, Donald L

    2000-01-01

    In this book, IT security expert Donald Pipkin addresses every aspect of information security: the business issues, the technical process issues, and the legal issues. Pipkin starts by reviewing the key business issues: estimating the value of information assets, evaluating the cost to the organization if they are lost or disclosed, and determining the appropriate levels of protection and response to security incidents. Next, he walks through the technical processes required to build a consistent, reasonable information security system, with appropriate intrusion detection and reporting features. Finally, Pipkin reviews the legal issues associated with information security, including corporate officers' personal liability for taking care that information is protected. The book's coverage is applicable to businesses of any size, from 50 employees to 50,000 or more, and ideal for everyone who needs at least a basic understanding of information security: network/system administrators, managers, planners, archite...

  9. A Layered Trust Information Security Architecture

    Science.gov (United States)

    de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

    2014-01-01

    Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

  10. A Layered Trust Information Security Architecture

    Directory of Open Access Journals (Sweden)

    Robson de Oliveira Albuquerque

    2014-12-01

    Full Text Available Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

  11. A layered trust information security architecture.

    Science.gov (United States)

    de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

    2014-12-01

    Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

  12. Survey of network and information security technology

    International Nuclear Information System (INIS)

    Liu Baoxu; Wang Xiaozhen

    2007-01-01

    With the rapidly development of the computer network technology and informationize working of our Country, Network and Information Security issues becomes the focal point problem that people shows solicitude for. On the basis analysing security threat and challenge of network information and their developing trend. This paper briefly analyses and discusses the main relatively study direction and content about the theory, technology and practice of Network and Information Security. (authors)

  13. Effective Management of Information Security and Privacy

    Science.gov (United States)

    Anderson, Alicia

    2006-01-01

    No university seems immune to cyber attacks. For many universities, such events have served as wake-up calls to develop a comprehensive information security and privacy strategy. This is no simple task, however. It involves balancing a culture of openness with a need for security and privacy. Security and privacy are not the same, and the…

  14. 76 FR 4079 - Information Technology (IT) Security

    Science.gov (United States)

    2011-01-24

    ...: NASA is revising the NASA FAR Supplement (NFS) to update requirements related to Information Technology... Security clause. However, due to the critical importance of protecting the Agency's Information Technology...) Insert the clause at 1852.204-76, Security Requirements for Unclassified Information Technology Resources...

  15. Zen and the art of information security

    CERN Document Server

    Winkler, Ira

    2007-01-01

    While security is generally perceived to be a complicated and expensive process, Zen and the Art of Information Security makes security understandable to the average person in a completely non-technical, concise, and entertaining format. Through the use of analogies and just plain common sense, readers see through the hype and become comfortable taking very simple actions to secure themselves. Even highly technical people have misperceptions about security concerns and will also benefit from Ira Winkler's experiences making security understandable to the business world. Mr. Winkler is one of the most popular and highly rated speakers in the field of security, and lectures to tens of thousands of people a year. Zen and the Art of Information Security is based on one of his most well received international presentations.

  16. Nuclear deception: soviet information policy

    International Nuclear Information System (INIS)

    Hoffmann, E.P.

    1986-01-01

    The effect of the accident at the Chernobyl Unit 4 Reactor on information policies in the USSR is examined. The lack of an agreed-upon information policy and intraparty disagreement over domestic and foreign policy help to explain the delay in disclosure of the accident and conflicting statements concerning long-term health effects. A modest change in policy since Chernobyl has been noted: the willingness of Soviet spokespersons to discuss and debate issues with foreign correspondents, to publish sharply critical letters from citizens and a few foreign officials, and to provide many details about the nature and consequences of the accident

  17. Information security risk management for computerized health information systems in hospitals: a case study of Iran

    Science.gov (United States)

    Zarei, Javad; Sadoughi, Farahnaz

    2016-01-01

    Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

  18. Information security risk management for computerized health information systems in hospitals: a case study of Iran.

    Science.gov (United States)

    Zarei, Javad; Sadoughi, Farahnaz

    2016-01-01

    In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

  19. 75 FR 51609 - Classified National Security Information Program for State, Local, Tribal, and Private Sector...

    Science.gov (United States)

    2010-08-23

    ... Order 13549 of August 18, 2010 Classified National Security Information Program for State, Local, Tribal.... Establishment and Policy. Sec. 1.1. There is established a Classified National Security Information Program (Program) designed to safeguard and govern access to classified national security information shared by the...

  20. Information Security: Past, Present and Future - Impact of Developments in Information Technology on Security

    OpenAIRE

    Overbeek, P.L.

    1991-01-01

    The development of information security is addressed in relation to the development of information technology. The leading question is: how has information security developed itself so far, and how should it progress to address tomorrow's security needs. An overwiew is given of the use of information technology in the past, present and expectations for the future. For each period, the security requirements and solutions are discussed, It is made clear that the developments in information tech...

  1. "Choice Set" for health behavior in choice-constrained settings to frame research and inform policy: examples of food consumption, obesity and food security.

    Science.gov (United States)

    Dover, Robert V H; Lambert, Estelle V

    2016-03-16

    Using the nexus between food consumption, food security and obesity, this paper addresses the complexity of health behavior decision-making moments that reflect relational social dynamics in context-specific dialogues, often in choice-constrained conditions. A pragmatic review of literature regarding social determinants of health in relation to food consumption, food security and obesity was used to advance this theoretical model. We suggest that health choice, such as food consumption, is based on more than the capacity and volition of individuals to make "healthy" choices, but is dialogic and adaptive. In terms of food consumption, there will always be choice-constrained conditions, along a continuum representing factors over which the individual has little or no control, to those for which they have greater agency. These range from food store geographies and inventories and food availability, logistical considerations such as transportation, food distribution, the structure of equity in food systems, state and non-government food and nutrition programs, to factors where the individual exercises a greater degree of autonomy, such as sociocultural foodways, family and neighborhood shopping strategies, and personal and family food preferences. At any given food decision-making moment, many factors of the continuum are present consciously or unconsciously when the individual makes a decision. These health behavior decision-making moments are mutable, whether from an individual perspective, or within a broader social or policy context. We review the construct of "choice set", the confluence of factors that are temporally weighted by the differentiated and relationally-contextualized importance of certain factors over others in that moment. The choice transition represents an essential shift of the choice set based on the conscious and unconscious weighting of accumulated evidence, such that people can project certain outcomes. Policies and interventions should avoid

  2. Invalidating Policies using Structural Information

    DEFF Research Database (Denmark)

    Kammuller, Florian; Probst, Christian W.

    2013-01-01

    Insider threats are a major threat to many organisations. Even worse, insider attacks are usually hard to detect, especially if an attack is based on actions that the attacker has the right to perform. In this paper we present a step towards detecting the risk for this kind of attacks by invalida...... on these examples, the organisation can identify real attack vectors that might result in an insider attack. This information can be used to refine access control system or policies....... by invalidating policies using structural information of the organisational model. Based on this structural information and a description of the organisation's policies, our approach invalidates the policies and identifies exemplary sequences of actions that lead to a violation of the policy in question. Based...

  3. Materials for the information security education

    International Nuclear Information System (INIS)

    Yashiro, Shigeo; Aoki, Kazuhisa; Sato, Tomohiko; Tanji, Kazuhiro

    2014-01-01

    With the rapid progress of the utilization of Information Technology (IT), IT infrastructure (network environment and information system) became crucial as a lifeline for promoting business. At the same time, changes in the circumstances surrounding the IT infrastructure globalize the threat of cyber attacks and increase the risk of the information security such as unlawful access to an information system, viral infection, an alteration of a website, disclosure of subtlety information, destruction of an information system and so on. Information security measure is an important issue in Japan Atomic Energy Agency (JAEA). In order to protect the information property of JAEA from the threat, Center for Computational Science and e-Systems (CCSE) has been taking triadic measures for information security: (1) to lay down a set of information security rules, (2) to introduce security equipments to backbone network and (3) to provide information security education. This report is a summary of the contents of the information security education by e-learning. (author)

  4. Information security management handbook, v.7

    CERN Document Server

    O'Hanley, Richard

    2013-01-01

    Updated annually, the Information Security Management Handbook, Sixth Edition, Volume 7 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations. Reporting on the latest developments in information security and recent changes to the (ISC)2(R) CISSP Common Body of Knowledge (CBK(R)), this volume features 27 new chapters on topics

  5. ITIL{sup ®} and information security

    Energy Technology Data Exchange (ETDEWEB)

    Jašek, Roman; Králík, Lukáš; Popelka, Miroslav [Tomas Bata University in Zlin, Faculty of Applied Informatics NadStranemi 4511, 760 05 Zlin (Czech Republic)

    2015-03-10

    This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework.

  6. Information Security Incident Management Practical Aspects

    Directory of Open Access Journals (Sweden)

    A. B. Kostina

    2010-03-01

    Full Text Available The information security incident management process model (ISIMP is developed; the role of this process in the information security management system is established. Input and output data of the process are determined. Key practical aspects of incident management are determined.

  7. 75 FR 37253 - Classified National Security Information

    Science.gov (United States)

    2010-06-28

    ... shall be applied to and displayed on the document. If such a mechanism does not exist, the default... existing Directive implementing Executive Order 12958, as amended. Moreover, since Executive Order 13526..., Intelligence, National defense, National security information, Presidential documents, Security information...

  8. Social Networks and Corporate Information Security

    Directory of Open Access Journals (Sweden)

    Ekaterina Gennadievna Kondratova

    2013-06-01

    Full Text Available It is defined in the article social networks as a tool in the hands of cyber-criminals to compromise the organization’s data. The author focuses on a list of threats to information security caused by social networks usage, which should be considered in the set up of information security management system of the company.

  9. The (social) construction of information security

    NARCIS (Netherlands)

    Pieters, Wolter

    While the philosophical foundations of information security have been unexamined, there is an implicit philosophy of what protection of information is. This philosophy is based on the notion of containment, taken from analogies with things that offer physical security (e.g., buildings, safes,

  10. Information security : is your information safe?

    Science.gov (United States)

    1999-01-01

    This article characterizes the problem of cyber-terrorism, outlines the Federal government's response to several security-related concerns, and describes the Volpe Center's critical support to this response. The possibility of catastrophic terrorist ...

  11. Information security risk management for computerized health information systems in hospitals: a case study of Iran

    Directory of Open Access Journals (Sweden)

    Zarei J

    2016-05-01

    Full Text Available Javad Zarei,1 Farahnaz Sadoughi2 1Health Information Management, Health Management and Economics Research Center, School of Health Management and Information Science, Iran University of Medical Sciences, Tehran, Islamic Republic of Iran, 2Health Information Management Department, School of Health Management and Information Science, Iran University of Medical Sciences, Tehran, Islamic Republic of Iran Background: In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs, which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran.Materials and methods: This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health.Results: Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals.Conclusion: Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security

  12. A Comparative Analysis of University Information Systems within the Scope of the Information Security Risks

    Directory of Open Access Journals (Sweden)

    Rustu Yilmaz

    2016-05-01

    Full Text Available Universities are the leading institutions that are the sources of educated human population who both produce information and ensure to develop new products and new services by using information effectively, and who are needed in every area. Therefore, universities are expected to be institutions where information and information management are used efficiently. In the present study, the topics such as infrastructure, operation, application, information, policy and human-based information security at universities were examined within the scope of the information security standards which are highly required and intended to be available at each university today, and then a comparative analysis was conducted specific to Turkey. Within the present study, the Microsoft Security Assessment Tool developed by Microsoft was used as the risk analysis tool. The analyses aim to enable the universities to compare their information systems with the information systems of other universities within the scope of the information security awareness, and to make suggestions in this regard.

  13. Information Security: Past, Present and Future - Impact of Developments in Information Technology on Security

    NARCIS (Netherlands)

    Overbeek, P.L.

    1991-01-01

    The development of information security is addressed in relation to the development of information technology. The leading question is: how has information security developed itself so far, and how should it progress to address tomorrow's security needs. An overwiew is given of the use of

  14. Hash functions and information theoretic security

    DEFF Research Database (Denmark)

    Bagheri, Nasoor; Knudsen, Lars Ramkilde; Naderi, Majid

    2009-01-01

    Information theoretic security is an important security notion in cryptography as it provides a true lower bound for attack complexities. However, in practice attacks often have a higher cost than the information theoretic bound. In this paper we study the relationship between information theoretic...... attack costs and real costs. We show that in the information theoretic model, many well-known and commonly used hash functions such as MD5 and SHA-256 fail to be preimage resistant....

  15. Issues with Access to Acquisition Data and Information in the Department of Defense: A Closer Look at the Origins and Implementation of Controlled Unclassified Information Labels and Security Policy

    Science.gov (United States)

    2016-12-01

    options and their advantages and disadvantages and assessed implementation strategies for them. Task 2: Characterize commonly used data markings...procedures, practices, and security policies affect access and management of acquisition oversight data. This builds on our earlier work (Riposo et...several forms (e.g., hard copy, digital repositories, reports and studies ).2 Many of these forms are exchanged between both government and

  16. Private military and security companies policy in Africa: regional ...

    African Journals Online (AJOL)

    The purpose of this article is to explain the policy stasis around private security regulation in Africa. Africa is one of the largest theatres of private military and security company operations in the world. Yet, there is still no new regional convention or policy on their regulation. Previous studies focused on Western efforts to ...

  17. Network Security: Policies and Guidelines for Effective Network Management

    Directory of Open Access Journals (Sweden)

    Jonathan Gana KOLO

    2008-12-01

    Full Text Available Network security and management in Information and Communication Technology (ICT is the ability to maintain the integrity of a system or network, its data and its immediate environment. The various innovations and uses to which networks are being put are growing by the day and hence are becoming complex and invariably more difficult to manage by the day. Computers are found in every business such as banking, insurance, hospital, education, manufacturing, etc. The widespread use of these systems implies crime and insecurity on a global scale. In addition, the tremendous benefits brought about by Internet have also widened the scope of crime and insecurity at an alarming rate. Also, ICT has fast become a primary differentiator for institution/organization leaders as it offers effective and convenient means of interaction with each other across the globe. This upsurge in the population of organizations depending on ICT for business transaction has brought with it a growing number of security threats and attacks on poorly managed and secured networks primarily to steal personal data, particularly financial information and password.This paper therefore proposes some policies and guidelines that should be followed by network administrators in organizations to help them ensure effective network management and security of ICT facilities and data.

  18. Information security practices emerging threats and perspectives

    CERN Document Server

    Awad, Ahmed; Woungang, Isaac

    2017-01-01

    This book introduces novel research targeting technical aspects of protecting information security and establishing trust in the digital space. New paradigms, and emerging threats and solutions are presented in topics such as application security and threat management; modern authentication paradigms; digital fraud detection; social engineering and insider threats; cyber threat intelligence; intrusion detection; behavioral biometrics recognition; hardware security analysis. The book presents both the important core and the specialized issues in the areas of protection, assurance, and trust in information security practice. It is intended to be a valuable resource and reference for researchers, instructors, students, scientists, engineers, managers, and industry practitioners. .

  19. Operational Information Management Security Architecture

    Science.gov (United States)

    2006-12-01

    Pretty Good Privacy PKI4IPSEC Profiling Use of PKI in IPSEC PKIX Public-Key Infrastructure (X.509) SACRED Securely Available Credentials SASL Simple... VPN ). 8.2.3 Web Services Data in Transit In the web services world, such as NCES, the XML_DSIG (XML Digital Signature) and Web Services Security...had a protocol such as an SSL tunnel set up with the initial OIM, that would be of no use when a remote OIM attempted to respond to them. Therefore

  20. Information fusion for cyber-security analytics

    CERN Document Server

    Karabatis, George; Aleroud, Ahmed

    2017-01-01

    This book highlights several gaps that have not been addressed in existing cyber security research. It first discusses the recent attack prediction techniques that utilize one or more aspects of information to create attack prediction models. The second part is dedicated to new trends on information fusion and their applicability to cyber security; in particular, graph data analytics for cyber security, unwanted traffic detection and control based on trust management software defined networks, security in wireless sensor networks & their applications, and emerging trends in security system design using the concept of social behavioral biometric. The book guides the design of new commercialized tools that can be introduced to improve the accuracy of existing attack prediction models. Furthermore, the book advances the use of Knowledge-based Intrusion Detection Systems (IDS) to complement existing IDS technologies. It is aimed towards cyber security researchers. .

  1. Implementing healthcare information security: standards can help.

    Science.gov (United States)

    Orel, Andrej; Bernik, Igor

    2013-01-01

    Using widely spread common approaches to systems security in health dedicated controlled environments, a level of awareness, confidence and acceptance of relevant standardisation is evaluated. Patients' information is sensitive, so putting appropriate organisational techniques as well as modern technology in place to secure health information is of paramount importance. Mobile devices are becoming the top priorities in advanced information security planning with healthcare environments being no exception. There are less and less application areas in healthcare without having a need for a mobile functionality which represents an even greater information security challenge. This is also true in emergency treatments, rehabilitation and homecare just to mention a few areas outside hospital controlled environments. Unfortunately quite often traditional unsecured communications principles are still in routine use for communicating sensitive health related information. The security awareness level with users, patients and care professionals is not high enough so potential threats and risks may not be addressed and the respective information security management is therefore weak. Standards like ISO/IEC 27000 ISMS family, the ISO/IEC 27799 information security guidelines in health are often not well known, but together with legislation principles such as HIPAA, they can help.

  2. Security policy of the European Union and refuge crisis

    Directory of Open Access Journals (Sweden)

    Stevović Marko

    2015-01-01

    Full Text Available The paper is chronologicaly analizing the process of the establishing of the European Union Security policy. In a row of intergovernmental agreements, which were verified wit their own constitutions, the key points of creating the Security policy are given, but the internal policies of the memebr states of the European Union remained a little bit dissyncronised. The paper is chronologically analizing the process of the establishing of common foreign and security policy of the European Union. A series of agreements reached, which were verified by mutual agreement states (Treaty of Mastriht, the Treaty of Lisbon, established the guidelines of the common foreign and security policy of the European Union (EU CFSP. There is still incomplete harmonization of national security policy of the EU countries to a level that could completely uniquely to perform on the world stage. This deficiency a cause of this is that the majority of European Union countries unprepared for the huge number of refugees from war-affected areas from the Middle East. Large refugee crisis in the foreground released a security aspect of the common policy of the European Union, but is also revealed the differences between the external policies of the member states in the approaches to the solution of the current problems. Were analyzed security aspects of the newly established factual condition, caused by the refugee crisis and discussed potential solutions to overcome it, as well as issues that the current crisis immigrants open for further research.

  3. Academic Training Lecture Regular Programme: Computer Security - Introduction to information and computer security (1/4)

    CERN Multimedia

    2012-01-01

    Computer Security: Introduction to information and computer security (1/4), by Sebastian Lopienski (CERN).   Monday, 21 May, 2012 from 11:00 to 12:00 (Europe/Zurich) at CERN ( 31-3-004 - IT Auditorium ) Sebastian Lopienski is CERN's Deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and maintains security tools for vulnerability assessment and intrusion detection; provides training and awareness raising; and does incident investigation and response. During his work at CERN since 2001, Sebastian has had various assignments, including designing and developing software to manage and support services hosted in the CERN Computer Centre; providing Central CVS Service for software projects at CERN; and development of applications for accelerator controls in Java. He graduated from the University of Warsaw (MSc in Computer Science) in 2002, and earned an MBA degree at the Enterprise Administration Institute in Ai...

  4. Teaching Information Security Students to "Think thief"

    NARCIS (Netherlands)

    Hartel, Pieter H.; Junger, Marianne

    2012-01-01

    We report on an educational experiment where information security master students were encouraged to think out of the box. Instead of taking the usual point of view of the security engineer we challenged the students to take the point of view of the motivated offender. We report on the exciting

  5. The executive MBA in information security

    CERN Document Server

    Trinckes, John J

    2009-01-01

    Supplying a complete overview of the concepts executives need to know, this book provides the tools needed to ensure your organization has an effective information security management program in place. It also includes a ready-to use security framework for developing workable programs and supplies proven tips for avoiding common pitfalls.

  6. Handbook of space security policies, applications and programs

    CERN Document Server

    Hays, Peter; Robinson, Jana; Moura, Denis; Giannopapa, Christina

    2015-01-01

    Space Security involves the use of space (in particular communication, navigation, earth observation, and electronic intelligence satellites) for military and security purposes on earth and also the maintenance of space (in particular the earth orbits) as safe and secure areas for conducting peaceful activities. The two aspects can be summarized as "space for security on earth" and “the safeguarding of space for peaceful endeavors.” The Handbook will provide a sophisticated, cutting-edge resource on the space security policy portfolio and the associated assets, assisting fellow members of the global space community and other interested policy-making and academic audiences in keeping abreast of the current and future directions of this vital dimension of international space policy. The debate on coordinated space security measures, including relevant 'Transparency and Confidence-Building Measures,' remains at a relatively early stage of development. The book offers a comprehensive description of the variou...

  7. State Policy Against Information War

    Directory of Open Access Journals (Sweden)

    Dmitry Shibaev

    2016-01-01

    Full Text Available The most recent and effective method to resolve aconflict between countries is information war. Information warfare, i.e. propaganda, information sabotage, blackmail, could be more damaging than the effects of the traditional methods of war. The government must be prepared to prevent and counteract the bleeding-edge techniques of warfare that is to work out measures, to oppose enemy’s information weapons , to gain information superiority , to develop a society thatis immune to disinformation, to elaborate a concept of information warfare counteraction.The authors have examined both foreign and Russian sources of law which define the requirements for the government activities to oppose information warfare. They also refer to the opinions of foreign and Russian researchers, politicians and public figures who have commented on the concept and features of such political and legal constructs as information warfare and information weapons. The problem of information warfare must be identified as a profoundly serious and damaging threat. This paper provides the features of information warfare and the methods to resist it as well as the proposals to amend the domestic legislation to create conditions for an accurate understanding of this political and legal phenomenon. In addition, it points out that the amendment of the Information Security Doctrine is not sufficient to counterbalance the threat of information warfare. In a certain document it is necessary to recount all notions, requirements and methods for the government actions aimed to gradually change the situation, particularly, the development of sectoral (information security legislation, specialists training to be able to deal with informational and psychological aggression forming public opinion through the government-run mass media, etc.

  8. Analysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical Systems

    NARCIS (Netherlands)

    Lenzini, Gabriele; Mauw, Sjouke; Ouchani, Samir; Barthe, Gilles; Markatos, Evangelos; Samarati, Pierangela

    2016-01-01

    A crucial question for an ICT organization wishing to improve its security is whether a security policy together with physical access controls protects from socio-technical threats. We study this question formally. We model the information flow defined by what the organization’s employees do (copy,

  9. Management of information security risks in a federal public institution: a case study

    Directory of Open Access Journals (Sweden)

    Jackson Gomes Soares Souza

    2016-11-01

    Full Text Available Public institutions bound to the Brazilian federal public sector must apply security measures, policies, procedures and guidelines as information assets protection measures. This case study sought to determine whether the management of information security risks is applied in a federal public institution according to Information Technology (I.T. managers perceptions and the results expose the importance of the roles played by people, responsibilities, policies, standards, procedures and their implementation aiming greater control of information security risks and opportunities related to information technology security.

  10. Information security of educational environments of school

    Directory of Open Access Journals (Sweden)

    Dzyatkovskaya Elena N.

    2016-01-01

    Full Text Available The information as an important ecological factor, which defines the security, development and health of children is considered. The article raises the problem of distortion of the information environment of childhood in the post-industrial era. The aim is to ensure information security educational environment for all participants in the educational process. It is proved that the hygienic approach to solving problems is insufficient. Adaptive-developing strategy for information security of the educational environments for children was theoretically justified and proved by the practical results of medical, physiological and neuropsychological research. It provides the school work on the compensation of violations of the information environment of childhood; development resources of students’ resistance to information stress; expanding the sphere of their adaptation to the information load (adaptive norm; the principles and structure of management of educational process on the basis of system-wide control of complex, self-regulating systems.

  11. Information Security Management: The Study of Lithuanian State Institutions

    OpenAIRE

    Jastiuginas, Saulius

    2012-01-01

    Growing information security cases and scope illustrate that the relevance of information security issues becomes critical and present information security means are not sufficient enough to manage information security. Narrow comprehension of information security merely as technological problem is broadened by the research results of economic, managerial, psychological, legal and other related aspects’ influence to information security. Information is named as the object of information s...

  12. Biometric Feature Script for Information Security

    Directory of Open Access Journals (Sweden)

    N. E. Gunko

    2010-03-01

    Full Text Available Special studies related to the development of rules for making decisions on the psychological characteristics of the offender in his manuscript handwriting with the goal of ensuring information security.

  13. ESCAPE. Energy Security and ClimAte Policy Evaluation

    International Nuclear Information System (INIS)

    Kessels, J.R.; Bakker, S.J.A.

    2005-05-01

    Climate change and energy supply security policy are currently not integrated in most countries, despite possible synergies. The ESCAPE approach suggests that linking climate change policy with security of energy supply could improve climate change policy at both a national and international level. The report explores the interaction between policies of energy security and climate change and the options of inclusion of energy security issues into national and international post-2012 climate negotiations. It emphasises the importance of the US in this regard and takes a close look at US energy policy documents. It appears that current US energy policy is not directed towards reducing its reliance on imported fossil fuel, even though the government has a strong preference for this. This study shows that measures to reduce import dependency are mostly synergetic with climate policy and gives some options that can be implemented. On an international level, linkages of energy security into post-2012 climate policy may be possible in sectoral bottom-up approaches or technology frameworks. As well, inclusion of a security of supply criterion in international emission trading instruments may provide potential benefits

  14. INFORMATION SECURITY IN MOBILE MODULAR MEASURING SYSTEMS

    Directory of Open Access Journals (Sweden)

    A. N. Tkhishev

    2017-01-01

    Full Text Available A special aspect of aircraft test is carrying out both flight evaluation and ground operation evaluation in a structure of flying aids and special tools equipment. The specific of flight and sea tests involve metering in offshore zone, which excludes the possibility of fixed geodetically related measuring tools. In this regard, the specific role is acquired by shipbased measurement systems, in particular the mobile modular measuring systems. Information processed in the mobile modular measurement systems is a critical resource having a high level of confidentiality. When carrying out their functions, it should be implemented a proper information control of the mobile modular measurement systems to ensure their protection from the risk of data leakage, modification or loss, i.e. to ensure a certain level of information security. Due to the specific of their application it is difficult to solve the problems of information security in such complexes. The intruder model, the threat model, the security requirements generated for fixed informatization objects are not applicable to mobile systems. It was concluded that the advanced mobile modular measuring systems designed for flight experiments monitoring and control should be created due to necessary information protection measures and means. The article contains a diagram of security requirements formation, starting with the data envelopment analysis and ending with the practical implementation. The information security probabilistic model applied to mobile modular measurement systems is developed. The list of current security threats based on the environment and specific of the mobile measurement system functioning is examined. The probabilistic model of the information security evaluation is given. The problems of vulnerabilities transformation of designed information system into the security targets with the subsequent formation of the functional and trust requirements list are examined.

  15. Data Mining Research for Information Security

    Science.gov (United States)

    2016-01-29

    AFRL-AFOSR-JP-TR-2016-0028 Data Mining Research for Information Security Kevin Barton Texas A&M University-San Antonio Final Report 01/29/2016...Final 3.  DATES COVERED (From - To)      20-05-2014 to 19-05-2015 4.  TITLE AND SUBTITLE Data Mining Research for Information Security 5a.  CONTRACT

  16. Algorithms, architectures and information systems security

    CERN Document Server

    Sur-Kolay, Susmita; Nandy, Subhas C; Bagchi, Aditya

    2008-01-01

    This volume contains articles written by leading researchers in the fields of algorithms, architectures, and information systems security. The first five chapters address several challenging geometric problems and related algorithms. These topics have major applications in pattern recognition, image analysis, digital geometry, surface reconstruction, computer vision and in robotics. The next five chapters focus on various optimization issues in VLSI design and test architectures, and in wireless networks. The last six chapters comprise scholarly articles on information systems security coverin

  17. 76 FR 10262 - Information Security Program

    Science.gov (United States)

    2011-02-24

    ... national security information, including information relating to defense against transnational terrorism... information relating to defense against transnational terrorism. Because the changes made in this proceeding... revising paragraphs (i)(3), (j), (p), and (q) to read as follows: Sec. 503.51 Definitions. * * * * * (i...

  18. Information governance and security protecting and managing your company's proprietary information

    CERN Document Server

    Iannarelli, John G

    2014-01-01

    Information Governance and Security shows managers in any size organization how to create and implement the policies, procedures and training necessary to keep their organization's most important asset-its proprietary information-safe from cyber and physical compromise. Many intrusions can be prevented if appropriate precautions are taken, and this book establishes the enterprise-level systems and disciplines necessary for managing all the information generated by an organization. In addition, the book encompasses the human element by considering proprietary information lost, damaged, or destroyed through negligence. By implementing the policies and procedures outlined in Information Governance and Security, organizations can proactively protect their reputation against the threats that most managers have never even thought of. Provides a step-by-step outline for developing an information governance policy that is appropriate for your organization Includes real-world examples and cases to help illustrate key ...

  19. MOBILE DEVICES AND EFFECTIVE INFORMATION SECURITY

    Directory of Open Access Journals (Sweden)

    Igor Bernik

    2013-05-01

    Full Text Available Rapidly increasing numbers of sophisticated mobile devices (smart phones, tab computers, etc. all over the world mean that ensuring information security will only become a more pronounced problem for individuals and organizations. It’s important to effectively protect data stored on or accessed by mobile devices, and also during transmission of data between devices and between device and information system. Technological and other trends show, that the cyber threats are also rapidly developing and spreading. It's crucial to educate users about safe usage and to increase their awareness of security issues. Ideally, users should keep-up with technological trends and be well equipped with knowledge otherwise mobile technology will significantly increase security risks. Most important is that we start educating youth so that our next generations of employees will be part of a culture of data and information security awareness.

  20. Competing policy packages and the complexity of energy security

    International Nuclear Information System (INIS)

    Sovacool, Benjamin K.; Saunders, Harry

    2014-01-01

    To underscore both the diversity and severity of energy security tradeoffs, this study examines five different energy security policy packages—five distinct strategies aimed at reducing oil dependence, enhancing energy affordability, expanding access to modern energy services, responding to climate change, and minimizing the water intensity of energy production. It identifies both compelling synergies and conflicts between each of the five strategies. The central value of the study is that it turns on its head the widely accepted notion of a “portfolio approach” or “all of the above” strategy to energy policymaking. To make this case, the article begins by elucidating the complexity and multidimensionality of energy security as a concept. It then introduces our five energy security policy packages to illustrate how some energy security objectives complement each other whereas others counteract each other. It concludes by noting that energy security is not an absolute state, and that achieving it only “works” by prioritizing some dimensions, or policy goals and packages, more than others. - Highlights: • Energy security is a complex, multidimensional concept. • Policy packages aimed at achieving energy security often conflict with each other. • Energy security only “works” by prioritizing some dimensions more than others

  1. External dimension of Ukraine’s security policy

    Directory of Open Access Journals (Sweden)

    O. S. Vonsovych

    2015-07-01

    Full Text Available Investigation of the external dimension of security policy of Ukraine is stipulated for the need to analyse the current state of relations with organizations such as the Organization for Security and Co-operation in Europe and The Collective Security Treaty Organization, and relations within the Common European Security and Defence Policy. Ukraine’s European Integration means inclusion in the global space security with countries that it shares common values and principles. It does not exclude the collaboration with the countries that belong to other systems of collective security in the scope that is appropriate to basic national interests of Ukraine. It is proved that the activities of the OSCE Special Monitoring Mission is an important contribution to the process of peaceful conflict resolution, and helps to develop democratic principles and foundations of foreign policy. It is determined that the further development of the constructive cooperation between the EU advisory mission under CSDP will provide an opportunity to improve and increase the security of national borders from external threats and challenges, and help to accelerate the process of integration into the European security space. The attention is paid to the fact that, taken into consideration the state of relations with Russia, the further cooperation with the Collective Security Treaty Organization (CSTO may adversely affect the overall security situation in Ukraine and lead to further tension with Russia today.

  2. Position paper: A generic approach for security policies composition

    DEFF Research Database (Denmark)

    Hernandez, Alejandro Mario; Nielson, Flemming

    2012-01-01

    When modelling access control in distributed systems, the problem of security policies composition arises. Much work has been done on different ways of combining policies, and using different logics to do this. In this paper, we propose a more general approach based on a 4-valued logic, that abst......When modelling access control in distributed systems, the problem of security policies composition arises. Much work has been done on different ways of combining policies, and using different logics to do this. In this paper, we propose a more general approach based on a 4-valued logic...

  3. The Encryption Export Policy Controversy: Searching for Balance in the Information Age

    National Research Council Canada - National Science Library

    Miller, Marcus S

    2000-01-01

    .... The federal government s encryption export policy highlights a complex information age issue involving seemingly insurmountable conflicts between national security, law enforcement, privacy, and business interests...

  4. Protection of National Security Information

    National Research Council Canada - National Science Library

    Elsea, Jennifer K

    2006-01-01

    Recent cases involving alleged disclosures of classified information to the news media or others who are not entitled to receive it have renewed Congress s interest with regard to the possible need...

  5. 76 FR 81827 - Declassification of National Security Information

    Science.gov (United States)

    2011-12-29

    ... Declassification of National Security Information AGENCY: National Archives and Records Administration. ACTION... related to declassification of classified national security information in records transferred to NARA's..., Classified National Security Information, and its Implementing Directive. These changes include establishing...

  6. 77 FR 72814 - Information Collection; Secure Rural Schools Act

    Science.gov (United States)

    2012-12-06

    ... DEPARTMENT OF AGRICULTURE Forest Service Information Collection; Secure Rural Schools Act AGENCY... and revise a currently approved information collection, ``Secure Rural Schools Act, County... INFORMATION: Title: Secure Rural Schools Act, County Certification of Title III Expenditures. OMB Number: 0596...

  7. Polish Defense Policy in the Context of National Security Strategy

    National Research Council Canada - National Science Library

    Bieniek, Piotr S

    2006-01-01

    ... goals to eliminate current threats and risks such as terrorism. As far as Poland is concerned, its priority is to be an active leader in improving common security policy within the boundaries of the European Union (EU...

  8. Debating food security policy in two different ideational settings

    DEFF Research Database (Denmark)

    Farsund, Arild Aurvåg; Daugbjerg, Carsten

    2017-01-01

    Food security has emerged as a relatively new policy issue in agricultural policy making in developed countries. This policy problem is addressed within an institutional landscape in which agricultural ideas and institutions are well-established. In this article, food security policy making...... (agriculture is considered a unique economic sector with special market and production conditions). It is demonstrated in the article how these two opposing institutionalised ideational foundations have influenced the nature of the food security debate in the two countries. In Australia, the debate emphasises...... the positive role of the market and trade in providing global food security. In Norway, the debate highlights the need to regulate market forces and restrict trade in order to allow countries to develop their own agricultural sectors....

  9. The Warriors Future Directions in Japanese Security Policies

    National Research Council Canada - National Science Library

    Levin, Norman

    1993-01-01

    This report describes our assessment of how changes in the domestic, regional, and international environments are likely to affect future Japanese security policies and defense cooperation between Japan and the U.S...

  10. Polish Defense Policy in the Context of National Security Strategy

    National Research Council Canada - National Science Library

    Bieniek, Piotr S

    2006-01-01

    ...) and the North Atlantic Treaty Organization (NATO). Polish security policy and strategy is shaped by its geographical location, which places Poland in NATO's main strategic area opposite the Russian Federation and Belarus...

  11. Critical Perspective on ASEAN's Security Policy Under ASEAN Political and Security Community

    Directory of Open Access Journals (Sweden)

    Irawan Jati

    2016-03-01

    Full Text Available   Despite economic integration challenges, ASEAN faces greater security challenges. It is obvious to assert that a stable economic development requires a secure regional atmosphere. The most probable threats against ASEAN are ranging from hostile foreign entities infiltration, intra and inter states disputes, radical religious movements, human trafficking, drugs and narcotics smuggling, cybercrimes and environmental disasters. In 2009, ASEAN established the ASEAN Political and Security Community as the umbrella of ASEAN’s political and security initiatives. APSC slots in some significant fora; ASEAN Intergovernmental Commission on Human Rights (AICHR, ASEAN Foreign Ministers Meeting (AMM,  ASEAN Regional Forum (ARF, ASEAN Defense Minister’s Meeting (ADMM, ASEAN Law Ministers Meeting (ALAWMM, and ASEAN Ministerial Meeting on Transnational Crimes (AMMTC. The wide array of these forums signify ASEAN efforts to confront double features of security; the traditional and nontraditional or critical security. The traditional security considers state security as the primary object security. While the critical security tends to focus on non-state aspects such as individual human being as its referent object. Even though some argue that APSC has been able to preserve the stability in the region, it still lack of confidence in solving critical issues such as territorial disputes and irregular migrants problems.Therefore, this piece would examine the fundamental questions: How does ASEAN address beyond state security issues in its security policy through APSC? To search for the answer this paper would apply critical security studies approach. Critical security posits that threats are not always for the states but in many cases for the people. Based on the examination of ASEAN security policies, this paper argues that ASEAN’s security policy has touched the non-traditional security issues but showing slow progress on its development and application. 

  12. Computer Security: Introduction to information and computer security (1/4)

    CERN Multimedia

    CERN. Geneva

    2012-01-01

    Sebastian Lopienski is CERN's Deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and maintains security tools for vulnerability assessment and intrusion detection; provides training and awareness raising; and does incident investigation and response. During his work at CERN since 2001, Sebastian has had various assignments, including designing and developing software to manage and support services hosted in the CERN Computer Centre; providing Central CVS Service for software projects at CERN; and development of applications for accelerator controls in Java. He graduated from the University of Warsaw (MSc in Computer Science) in 2002, and earned an MBA degree at the Enterprise Administration Institute in Aix-en-Provence and Haute Ecole de Gestion in Geneva in 2010. His professional interests include software and network security, distributed systems, and Web and mobile technologies. With the prevalence of modern information te...

  13. Globalized Security Reshaping America’s Defense Trade Policy

    Science.gov (United States)

    2001-04-01

    AU/SCHOOL/NNN/2001-04 THE ATLANTIC COUNCIL OF THE UNITED STATES AIR UNIVERSITY NATIONAL DEFENSE FELLOWSHIP PROGRAM GLOBALIZED SECURITY RESHAPING...to) - Title and Subtitle Globalized Security Reshaping America’s Defense Trade Policy Contract Number Grant Number Program Element Number...20 Globalization

  14. Private Military and Security Companies Policy in Africa

    African Journals Online (AJOL)

    Gwatiwa Tshepo

    INTERNATIONAL POLITICS. Tshepo T. Gwatiwa. Graduate Institute of International and Development. Studies, Geneva. Abstract. The purpose of this article is to explain the policy stasis around private security regulation in Africa. Africa is one of the largest theatres of private military and security company operations in the ...

  15. Collaborative Policy Making: Vertical Integration in The Homeland Security Enterprise

    Science.gov (United States)

    2011-12-01

    National Preparedness: A Case Study in the Development of Public Policy,” Sam Clovis agrees that homeland security is a national issue but...recommends that state and local governments have maximum flexibility in implementing homeland security programs ( Clovis , 2006). He sees the federal...national preparedness ( Clovis , 2006). The author goes on to recommend a framework of “Collaborative Federalism” for homeland security. A review of

  16. The economics of information security and privacy

    CERN Document Server

    Böhme, Rainer

    2013-01-01

    In the late 1990s, researchers began to grasp that the roots of many information security failures can be better explained with the language of economics than by pointing to instances of technical flaws. This led to a thriving new interdisciplinary research field combining economic and engineering insights, measurement approaches and methodologies to ask fundamental questions concerning the viability of a free and open information society. While economics and information security comprise the nucleus of an academic movement that quickly drew the attention of thinktanks, industry, and governmen

  17. IT induction and information security awareness

    CERN Document Server

    Maddock, Valerie

    2010-01-01

    This pocket guide offers practical advice on how to develop an IT Induction programme for staff that can help safeguard business information. By providing employees with simple instruction in good IT working practices, and by making sure they know what is expected of them, a company can strengthen their information security and reduce the risk that data will be stolen or lost.

  18. Information Systems Security: Whose Responsibility? | Senzige ...

    African Journals Online (AJOL)

    Explosive growth in use of information systems for all manner of applications in all walks of life has made provision of proper security essential. Users must have confidence that information systems will operate as intended without unanticipated failures or problems. Issues concerning privacy, availability, confidentiality and ...

  19. Considerations When Including Students with Disabilities in Test Security Policies. NCEO Policy Directions. Number 23

    Science.gov (United States)

    Lazarus, Sheryl; Thurlow, Martha

    2015-01-01

    Sound test security policies and procedures are needed to ensure test security and confidentiality, and to help prevent cheating. In this era when cheating on tests draws regular media attention, there is a need for thoughtful consideration of the ways in which possible test security measures may affect accessibility for some students with…

  20. The information security landscape in the supply chain

    OpenAIRE

    Sohrabi Safa, Nader; Maple, Carsten; Watson, Tim

    2017-01-01

    Information security breaches have serious consequences for companies. And information security breaches in the defence industry negatively impact national security. Selling information concerning industrial design, organisational strategic plans, customers, experts and other valuable information for monetary benefit, revenge, bribery and embezzlement are just some examples of the human dimension of information security.\\ud \\ud

  1. Information Security Assessment of SMEs as Coursework -- Learning Information Security Management by Doing

    Science.gov (United States)

    Ilvonen, Ilona

    2013-01-01

    Information security management is an area with a lot of theoretical models. The models are designed to guide practitioners in prioritizing management resources in companies. Information security management education should address the gap between the academic ideals and practice. This paper introduces a teaching method that has been in use as…

  2. Globally reasoning about localised security policies in distributed systems

    DEFF Research Database (Denmark)

    Hernandez, Alejandro Mario

    In this report, we aim at establishing proper ways for model checking the global security of distributed systems, which are designed consisting of set of localised security policies that enforce specific issues about the security expected. The systems are formally specified following a syntax......, defined in detail in this report, and their behaviour is clearly established by the Semantics, also defined in detail in this report. The systems include the formal attachment of security policies into their locations, whose intended interactions are trapped by the policies, aiming at taking access...... control decisions of the system, and the Semantics also takes care of this. Using the Semantics, a Labelled Transition System (LTS) can be induced for every particular system, and over this LTS some model checking tasks could be done. We identify how this LTS is indeed obtained, and propose an alternative...

  3. The Political Economy of Carbon Securities and Environmental Policy

    DEFF Research Database (Denmark)

    Polborn, Sarah

    The costs of the current suboptimal carbon abatement policy are likely in the range of 3 to 6 trillion 2005 US dollars. Using methods from the political economy of environmental policy, the paper develops a new carbon abatement policy instrument, carbon securities. A carbon security entitles its...... owner to a ?xed proportion of ex ante unknown total emissions. This creates an additional group of stakeholders on the side of the issue that has traditionally been underrepresented. The advantages over existing systems include an equilibrium carbon price closer to the social optimum, a more predictable...

  4. Survey of Big Data Information Security

    Directory of Open Access Journals (Sweden)

    Aida Tofikovna Makhmudova

    2016-06-01

    Full Text Available Today the information security (IS of data mining is the crucial and comprehensive issue for organizations of the different spheres and size. The main challenges of Big Data are management of large amounts of heterogeneous information and providing its availability. Big Data protection against unauthorized access and corruption (keeping its confidentiality and integrity and availability maintenance form the key research priorities in this field. The issues related to providing these Big Data features are considered in the paper. The existing approaches to their solution are analyzed. Also some concepts for their improvement while designing the secure Big Data mining algorithm are formulated in accordance to IS properties.

  5. Family Economic Security Policies and Child and Family Health

    Science.gov (United States)

    Spencer, Rachael A.; Komro, Kelli A.

    2017-01-01

    In this review we examine the effects of family economic security policies (i.e., minimum wage, Earned Income Tax Credit, unemployment insurance, Temporary Assistance to Needy Families) on child and family health outcomes, summarize policy generosity across states in the U.S., and discuss directions and possibilities for future research. This manuscript is an update to a review article that was published in 2014. Millions of Americans are affected by family economic security policies each year, many of whom are the most vulnerable in society. There is increasing evidence that these policies impact health outcomes and behaviors of adults and children. Further, research indicates that, overall, policies which are more restrictive are associated with poorer health behaviors and outcomes; however, the strength of the evidence differs across each of the four policies. There is significant diversity in state-level policies and it is plausible that these policy variations are contributing to health disparities across and within states. Despite increasing evidence of the relationship between economic policies and health, there continues to be limited attention to this issue. State policy variations offer a valuable opportunity for scientists to conduct natural experiments and contribute to evidence linking social policy effects to family and child wellbeing. The mounting evidence will help to guide future research and policy making for evolving toward a more nurturing society for family and child health and wellbeing. PMID:28176020

  6. Family Economic Security Policies and Child and Family Health.

    Science.gov (United States)

    Spencer, Rachael A; Komro, Kelli A

    2017-03-01

    In this review, we examine the effects of family economic security policies (i.e., minimum wage, earned income tax credit, unemployment insurance, Temporary Assistance to Needy Families) on child and family health outcomes, summarize policy generosity across states in the USA, and discuss directions and possibilities for future research. This manuscript is an update to a review article that was published in 2014. Millions of Americans are affected by family economic security policies each year, many of whom are the most vulnerable in society. There is increasing evidence that these policies impact health outcomes and behaviors of adults and children. Further, research indicates that, overall, policies which are more restrictive are associated with poorer health behaviors and outcomes; however, the strength of the evidence differs across each of the four policies. There is significant diversity in state-level policies, and it is plausible that these policy variations are contributing to health disparities across and within states. Despite increasing evidence of the relationship between economic policies and health, there continues to be limited attention to this issue. State policy variations offer a valuable opportunity for scientists to conduct natural experiments and contribute to evidence linking social policy effects to family and child well-being. The mounting evidence will help to guide future research and policy making for evolving toward a more nurturing society for family and child health and well-being.

  7. Securing Information Systems in an Uncertain World Enterprise Level Security (Invited Paper

    Directory of Open Access Journals (Sweden)

    William R. Simpson

    2016-04-01

    Full Text Available Increasing threat intrusions to enterprise computing systems have led to a formulation of guarded enterprise systems. The approach was to put in place steel gates and prevent hostile entities from entering the enterprise domain. The current complexity level has made the fortress approach to security implemented throughout the defense, banking, and other high trust industries unworkable. The alternative security approach presented in this paper is the result of a concentrated fourteen year program of pilots and research. Its distributed approach has no need for passwords or accounts and derives from a set of tenets that form the basic security model requirements. At each step in the process it determines identities and claims for access and privileges. These techniques are resilient, secure, extensible, and scalable. They are currently being implemented for a major enterprise, and are a candidate for other enterprise security approaches. This paper discusses the Enterprise Level Security architecture, a web-based security architecture designed to select and incorporate technology into a cohesive set of policies and rules for an enterprise information system. The paper discusses the history, theoretical underpinnings, implementation decisions, current status, and future plans for expansion of capabilities and scale.

  8. Developing a secured social networking site using information security awareness techniques

    Directory of Open Access Journals (Sweden)

    Julius O. Okesola

    2014-11-01

    Full Text Available Background: Ever since social network sites (SNS became a global phenomenon in almost every industry, security has become a major concern to many SNS stakeholders. Several security techniques have been invented towards addressing SNS security, but information security awareness (ISA remains a critical point. Whilst very few users have used social circles and applications because of a lack of users’ awareness, the majority have found it difficult to determine the basis of categorising friends in a meaningful way for privacy and security policies settings. This has confirmed that technical control is just part of the security solutions and not necessarily a total solution. Changing human behaviour on SNSs is essential; hence the need for a privately enhanced ISA SNS. Objective: This article presented sOcialistOnline – a newly developed SNS, duly secured and platform independent with various ISA techniques fully implemented. Method: Following a detailed literature review of the related works, the SNS was developed on the basis of Object Oriented Programming (OOP approach, using PhP as the coding language with the MySQL database engine at the back end. Result: This study addressed the SNS requirements of privacy, security and services, and attributed them as the basis of architectural design for sOcialistOnline. SNS users are more aware of potential risk and the possible consequences of unsecured behaviours. Conclusion: ISA is focussed on the users who are often the greatest security risk on SNSs, regardless of technical securities implemented. Therefore SNSs are required to incorporate effective ISA into their platform and ensure users are motivated to embrace it.

  9. Information security architecture an integrated approach to security in the organization

    CERN Document Server

    Killmeyer, Jan

    2000-01-01

    An information security architecture is made up of several components. Each component in the architecture focuses on establishing acceptable levels of control. These controls are then applied to the operating environment of an organization. Functionally, information security architecture combines technical, practical, and cost-effective solutions to provide an adequate and appropriate level of security.Information Security Architecture: An Integrated Approach to Security in the Organization details the five key components of an information security architecture. It provides C-level executives

  10. Issues with Access to Acquisition Data and Information in the Department of Defense: A Closer Look at the Origins and Implementation of Controlled Unclassified Information Labels and Security Policy

    Science.gov (United States)

    2016-12-19

    public interest. RAND’s publications do not necessarily reflect the opinions of its research clients and sponsors. Support RAND Make a tax ...and interpretation of a large quantity of laws, regulations, and policies; Controlled Unclassified Information (CUI) labels; and DoD culture , among... culture Many different labels and markings for CUI data Acquisition data Introduction 3 RAND has been supporting these efforts. Earlier research

  11. Food security, agricultural policies and economic growth

    NARCIS (Netherlands)

    Koning, Niek

    2017-01-01

    Using a political-economic approach supplemented with insights from human ecology, this volume analyzes the long-term dynamics of food security and economic growth. The book begins by discussing the nature of preindustrial food crises and the changes that have occurred since the 19th century with

  12. Latvian Security and Defense Policy within the Twenty-First Century Security Environment

    Directory of Open Access Journals (Sweden)

    Rublovskis Raimonds

    2014-12-01

    Full Text Available The aim of this paper is to analyze fundamental factors which form and profoundly shape security and defense policy of the Republic of Latvia. One can argue that historical background, geographical location, common institutional history within the former Soviet Union, the Russia factor, the relative smallness of the territory of state and the population, the ethnic composition of the population, the low density of the population and rather limited financial and manpower resources available for the defense of the Republic of Latvia are the key factors of influence on the state security and defense policy. The core principles of the security and defense policy of Latvia are the membership in powerful global military alliance of NATO and bilateral strategic partnership with the United States. However, security and defense cooperation among the three Baltic States as well as enhanced cooperation within the Baltic-Nordic framework is seen as an important supplementary factor for the increased security of the Republic of Latvia. Latvia has developed a sustainable legal and institutional framework in order to contribute to state security and defense; however, security challenges and significant changes within the global security environment of the twenty-first century will further challenge the ability of the Republic of Latvia to sustain its current legal framework, and more importantly, current institutional structure of Latvian security and defense architecture. Significant internal and external challenges will impact the fundamental pillars of Latvian security and defense policy, such as American strategic shift to the Pacific, and lack of political will to increase defense budgets in European part of NATO. It has to be clear that very independence, security and defense of the Republic of Latvia depend on the ability of NATO to remain an effective organization with timely and efficient decision-making, and the ability of the United States to remain

  13. 76 FR 78009 - Information Collection; Implementation of Information Technology Security Provision

    Science.gov (United States)

    2011-12-15

    ...] Information Collection; Implementation of Information Technology Security Provision AGENCY: General Services... collection requirement regarding Implementation of Information Technology Security Provision. Public comments... Information Collection 3090- 0294, Implementation of Information Technology Security Provision, by any of the...

  14. 32 CFR 2700.51 - Information Security Oversight Committee.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

  15. 14 CFR 1203.201 - Information security objectives.

    Science.gov (United States)

    2010-01-01

    ... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives of...

  16. 12 CFR 605.501 - Information Security Officer.

    Science.gov (United States)

    2010-01-01

    ... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by the...

  17. Information security: where computer science, economics and psychology meet.

    Science.gov (United States)

    Anderson, Ross; Moore, Tyler

    2009-07-13

    Until ca. 2000, information security was seen as a technological discipline, based on computer science but with mathematics helping in the design of ciphers and protocols. That perspective started to change as researchers and practitioners realized the importance of economics. As distributed systems are increasingly composed of machines that belong to principals with divergent interests, incentives are becoming as important to dependability as technical design. A thriving new field of information security economics provides valuable insights not just into 'security' topics such as privacy, bugs, spam and phishing, but into more general areas of system dependability and policy. This research programme has recently started to interact with psychology. One thread is in response to phishing, the most rapidly growing form of online crime, in which fraudsters trick people into giving their credentials to bogus websites; a second is through the increasing importance of security usability; and a third comes through the psychology-and-economics tradition. The promise of this multidisciplinary research programme is a novel framework for analysing information security problems-one that is both principled and effective.

  18. 49 CFR 1548.19 - Security Directives and Information Circulars.

    Science.gov (United States)

    2010-10-01

    ... CARRIER SECURITY § 1548.19 Security Directives and Information Circulars. (a) TSA may issue an Information... aviation, TSA issues a Security Directive setting forth mandatory measures. (1) Each indirect air carrier... Security Directive that TSA issues to it, within the time prescribed in the Security Directive for...

  19. Secure Refactoring with Java Information Flow

    DEFF Research Database (Denmark)

    Helke, Steffen; Kammüunietd kller, Florian; Probst, Christian W.

    2016-01-01

    Refactoring means that a program is changed without changing its behaviour from an observer's point of view. Does the change of behaviour also imply that the security of the program is not affected by the changes? Using Myers and Liskov's distributed information flow control model DLM and its Java...

  20. A process framework for information security management

    Directory of Open Access Journals (Sweden)

    Knut Haufe

    2016-01-01

    Full Text Available Securing sensitive organizational data has become increasingly vital to organizations. An Information Security Management System (ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's information security. Key elements of the operation of an ISMS are ISMS processes. However, and in spite of its importance, an ISMS process framework with a description of ISMS processes and their interaction as well as the interaction with other management processes is not available in the literature. Cost benefit analysis of information security investments regarding single measures protecting information and ISMS processes are not in the focus of current research, mostly focused on economics. This article aims to fill this research gap by proposing such an ISMS process framework as the main contribution. Based on a set of agreed upon ISMS processes in existing standards like ISO 27000 series, COBIT and ITIL. Within the framework, identified processes are described and their interaction and interfaces are specified. This framework helps to focus on the operation of the ISMS, instead of focusing on measures and controls. By this, as a main finding, the systemic character of the ISMS consisting of processes and the perception of relevant roles of the ISMS is strengthened.

  1. Data Security Using Cryptographic Approach | Okoro | Information ...

    African Journals Online (AJOL)

    The need for data security in Information and Communications Technology (ICT) can not be overemphasized. In this paper, the use of symmetric and asymmetric key cryptographies to clearly achieve the required protection by means of prime number system and modular multiplicative inverse has been highlighted and ...

  2. Security aspects of policy controlled cognitive radio

    OpenAIRE

    BALDINI Gianmarco; ATANASOVSKI Vladimir; RAKOVIC Valentin; GAVRILOVSKA Liljana

    2012-01-01

    Cognitive radio networks envision coexistence of several primary and secondary systems in the same environment, where the secondary system actors must cooperate among each other to achieve the goal of higher spectrum utilization concurrently protecting the primary system. The nature of this type of networks makes them vulnerable to a variety of malicious attacks that can decrease the performance of the secondary and especially the primary system. This paper focuses on the security issues in p...

  3. Confidentiality and Security in Medical Information Systems

    Directory of Open Access Journals (Sweden)

    Victor Papanaga

    2008-11-01

    Full Text Available Behind the technologies Medical System contains different types of information including patient information also. The patient data is classified as confidential and is one of the patient rights based on World Health Organization declaration. There are several compromises in solutions selection based on hardware and software requirements, performance, usability, portability. This article presents the investigation results and proposes the secured solution principles for the medical system that deal with patient data.

  4. Securing the smart grid information exchange

    Energy Technology Data Exchange (ETDEWEB)

    Fries, Steffen; Falk, Rainer [Siemens AG, Corporate Technology, Muenchen (Germany)

    2012-07-01

    The smart grid is based on information exchange between various stakeholders using open communication technologies, to control the physical electric grid through the information grid. Protection against cyber attacks is essential to ensure a reliable operation of the smart grid. This challenge is addressed by various regulatory, standardization, and research activities. After giving an overview of the security demand of a smart grid, existing and appearing standardization activities are described. (orig.)

  5. MOBILE DEVICES AND EFFECTIVE INFORMATION SECURITY

    OpenAIRE

    Igor Bernik; Blaž Markelj

    2013-01-01

    Rapidly increasing numbers of sophisticated mobile devices (smart phones, tab computers, etc.) all over the world mean that ensuring information security will only become a more pronounced problem for individuals and organizations. It’s important to effectively protect data stored on or accessed by mobile devices, and also during transmission of data between devices and between device and information system. Technological and other trends show, that the cyber threats are also rapidly developi...

  6. The European Security and Defence Policy

    DEFF Research Database (Denmark)

    Adler-Nissen, Rebecca

    2009-01-01

    -making capacities and capabilities. For many years, a genuine European defence policy remained a distant dream for an exclusive group of political leaders from federally oriented states such as Belgium and Luxembourg. Yet since 1999, the EU has carried out 23 military missions in the Balkans, Africa and Asia....... The Union is thus gradually emerging as an important player on the international scene, with a strategic vision, as well as diplomatic, civilian and military crisis-management instruments that complement the existing economic, commercial, humanitarian and development policies on which the EU has hitherto...

  7. Korea’s Overseas Food Security Policy

    DEFF Research Database (Denmark)

    Müller, Anders Riel

    Korea. While each country has distinct economies, policies, and histories compiling all countries into one is problematic and even dangerous as it oversimplifies complex issue into an “Asian onslaught” onto the Global Economy. Also these generalizations do little to understand why certain governments...

  8. National Security Implications of Global Warming Policy

    Science.gov (United States)

    2010-03-01

    Although numerous historical examples demonstrate how actual climate change has contributed to the rise and fall of powers, global warming , in and of...become convinced that global warming is universally bad and humans are the primary cause, political leaders may develop ill-advised policies restricting

  9. National Security Policy and Security Challenges of Maldives

    Science.gov (United States)

    2014-06-13

    increasing flows of information that 18Nye, 204. 19Ibid., 205-207. 20Thomas Friedman, The Lexus and the...PA: Strategic Studies Institute, U.S. Army War College, October 2012. Friedman, Thomas. The Lexus and the Olive Tree; Understanding Globalization

  10. Group Policy Fundamentals, Security, and the Managed Desktop

    CERN Document Server

    Moskowitz, Jeremy

    2010-01-01

    The ultimate Group Policy guide-now updated for Windows 7 and Server 2008 R2!. IT and network administrators can streamline their Windows Server management tasks by using Group Policy tools to automate or implement rules, processes, or new security across the enterprise. In this comprehensive guide, Microsoft Group Policy MVP Jeremy Moskowitz thoroughly explores Group Policy across all Windows platforms, including the latest on Windows 7 and Server 2008 R2. If you're a Windows network administrator managing scores of users and computers, you need this essential reference on your desk.: Covers

  11. Security Policy for a Generic Space Exploration Communication Network Architecture

    Science.gov (United States)

    Ivancic, William D.; Sheehe, Charles J.; Vaden, Karl R.

    2016-01-01

    This document is one of three. It describes various security mechanisms and a security policy profile for a generic space-based communication architecture. Two other documents accompany this document- an Operations Concept (OpsCon) and a communication architecture document. The OpsCon should be read first followed by the security policy profile described by this document and then the architecture document. The overall goal is to design a generic space exploration communication network architecture that is affordable, deployable, maintainable, securable, evolvable, reliable, and adaptable. The architecture should also require limited reconfiguration throughout system development and deployment. System deployment includes subsystem development in a factory setting, system integration in a laboratory setting, launch preparation, launch, and deployment and operation in space.

  12. Information Security Risks on a University Campus

    Directory of Open Access Journals (Sweden)

    Amer A. Al-Rawas

    2002-06-01

    Full Text Available This paper is concerned with issues relating to security in the provision of information systems (IS services within a campus environment. It is based on experiences with a specific known environment; namely Sultan Qaboos University. In considering the risks and challenges that face us in the provision of IS services we need to consider a number of interwoven subject areas.  These are: the importance of information to campus communities, the types of information utilised, and the risk factors that relate to the provision of IS services. Based on our discussion of the risk factors identified within this paper, we make a number of recommendations for improving security within any environment that wishes to take the matter seriously. These recommendations are classified into three main groups: general, which are applicable to the entire institution; social, aimed at the work attitudes of staff and students; and technical, addressing the skills and technologies required.

  13. The Evolution of the European Security Policy

    Directory of Open Access Journals (Sweden)

    Vasilica Negrut

    2010-06-01

    Full Text Available The process of development of the European Union’s security dimension has known a spectacular evolution in the past years, passing from political consultation to establishing objectives, then commonactions and positions; at a practical level, the Petersburg measures, carried on initially by the Western European Union as an armed branch of the European Union, have been replaced by actions of implication ofthe Union in managing some conflicts. The Lisbon Treaty confirms the commitments of the member states and mentions the fact that the European Union will dispose of the necessary measures for the defense of its objectives and to contribute to world peace and stability.

  14. Paradiplomacy, Security Policies and City Networks: the Case of the Mercocities Citizen Security Thematic Unit

    Directory of Open Access Journals (Sweden)

    Gilberto Marcos Antonio Rodrigues

    Full Text Available Abstract In a phenomenon known as paradiplomacy, cities are playing an increasingly important role in international relations. Through paradiplomacy, cities are co-operating internationally with other cities, and city networks have become important spaces for sharing experiences of and best practices in local public policy. Moreover, security policy is a increasingly important part of local policy-making. In Latin America, the concept of citizen security, based on a democratic and human rights approach, has developed in response to the legacy of authoritarian regimes from the 1960s to the 1980s. This article examines how security policies have been disseminated, discussed and transferred through Mercocities, the main city network in South America.

  15. 78 FR 7797 - Homeland Security Information Network Advisory Committee (HSINAC)

    Science.gov (United States)

    2013-02-04

    ... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2013-0005] Homeland Security Information Network... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSIN AC) will meet... received by the (Homeland Security Information Network Advisory Committee), go to http://www.regulations...

  16. 76 FR 67750 - Homeland Security Information Network Advisory Committee

    Science.gov (United States)

    2011-11-02

    ... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0107] Homeland Security Information Network... Information Network Advisory Committee. SUMMARY: The Secretary of Homeland Security has determined that the renewal of the Homeland Security Information Network Advisory Committee (HSINAC) is necessary and in the...

  17. 32 CFR 2103.51 - Information Security Oversight Committee.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

  18. Climate policy, asymmetric information and firm survival

    International Nuclear Information System (INIS)

    Hagem, C.

    2001-02-01

    The purpose of this paper is to compare the effect of different domestic climate policy instruments under asymmetric information when the regulator wants to secure the survival of a specific firm. It is a well-known result from economic theory that emission taxes lead to a cost-effective distribution of abatement across polluters. However, if the regulator wants to ensure the survival of a specific firm, it may need to design policy instruments that reduce the firm's cost of complying with an emission tax regime. The climate policy instruments considered in this paper are tradable emission permits with distribution of free permits, emission taxes in combination with a fixed subsidy, and two types of voluntary agreements. It demonstrates first that if distributing free tradable permits shall have a preventing effect, the allocation of permits has to be made contingent on production. It further shows that a voluntary agreement where a specific abatement target is set by the regulator can prevent a shutdown but leads to lower welfare than the use of emission taxes in combination with a fixed subsidy. And finally it illustrates that a voluntary agreement designed as a menu of abatement contracts increases social welfare compared to an emission tax regime

  19. Report: Information Security Series: Security Practices Safe Drinking Water Information System

    Science.gov (United States)

    Report #2006-P-00021, March 30, 2006. We found that the Office of Water (OW) substantially complied with many of the information security controls reviewed and had implemented practices to ensure production servers are monitored.

  20. Information Security – Guidance for Manually Completing the Information Security Awareness Training

    Science.gov (United States)

    The purpose of this guidance is to provide an alternative manual process for disseminating EPA Information Security Awareness Training (ISAT) materials and collecting results from EPA users who elect to complete the ISAT manually.

  1. 49 CFR 1544.305 - Security Directives and Information Circulars.

    Science.gov (United States)

    2010-10-01

    ... threat assessment or to a specific threat against civil aviation, TSA issues a Security Directive setting... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRCRAFT OPERATOR...

  2. The effects of a social media policy on pharmacy students' facebook security settings.

    Science.gov (United States)

    Williams, Jennifer; Feild, Carinda; James, Kristina

    2011-11-10

    To examine how students entering a doctor of pharmacy (PharmD) program used Facebook privacy settings before and after the college's social media policy was presented to them. The Facebook profiles of all entering first-year pharmacy students across 4 campuses of a college of pharmacy were evaluated. Ten dichotomous variables of interest were viewed and recorded for each student's Facebook account at 3 time points: before the start of the semester, after presentation of the college's social media policy, and at the end of the semester. Data on whether a profile could be found and what portions of the profile were viewable also were collected. After introduction of the policy, a significant number of students increased their security settings (made information not visible to the public) related to Facebook walls, information pages, and links. Making pharmacy students aware of a college's social media policy had a positive impact on their behaviors regarding online security and privacy.

  3. Telecommunications Policy Research Conference. Computer and Communications Security Section. Papers.

    Science.gov (United States)

    Telecommunications Policy Research Conference, Inc., Washington, DC.

    In his paper, "European Needs and Attitudes towards Information Security," Richard I. Polis notes that the needs for security in computer systems, telecommunications, and media are rather uniform throughout Western Europe, and are seen as being significantly different from the needs in the United States. Recognition of these needs is,…

  4. A Secure Information Framework with APRQ Properties

    Science.gov (United States)

    Rupa, Ch.

    2017-08-01

    Internet of the things is the most trending topics in the digital world. Security issues are rampant. In the corporate or institutional setting, security risks are apparent from the outset. Market leaders are unable to use the cryptographic techniques due to their complexities. Hence many bits of private information, including ID, are readily available for third parties to see and to utilize. There is a need to decrease the complexity and increase the robustness of the cryptographic approaches. In view of this, a new cryptographic technique as good encryption pact with adjacency, random prime number and quantum code properties has been proposed. Here, encryption can be done by using quantum photons with gray code. This approach uses the concepts of physics and mathematics with no external key exchange to improve the security of the data. It also reduces the key attacks by generation of a key at the party side instead of sharing. This method makes the security more robust than with the existing approach. Important properties of gray code and quantum are adjacency property and different photons to a single bit (0 or 1). These can reduce the avalanche effect. Cryptanalysis of the proposed method shows that it is resistant to various attacks and stronger than the existing approaches.

  5. Nanoscale hierarchical optical interactions for secure information

    Directory of Open Access Journals (Sweden)

    Tate Naoya

    2016-12-01

    Full Text Available There is increasing demand for novel physical security that can differentiate between real and false specific artifact that have been added to bank bills, certifications, and other vouchers. The most simple and effective method for improving the security level is to scale down the elemental structures so that they cannot be duplicated by attackers. While there is a paradox that the achieved fabrication resolution by a defender can also be realized by an attacker, further improvement in security is possible by the functional fusion of artifact metrics and nanophotonics. The fundamental advantages of this concept are the high-level clone resistance and individuality of nanoscale artifacts, which are based on the super-resolution fabrication and nanoscale hierarchical structure of optical near-field interactions, respectively. In this paper, the basis for the fabrication of nanoscale artifacts by utilizing random phenomena is described, and a quantitative evaluation of the security level is presented. An experimental demonstration using a nano-/macro-hierarchical hologram is presented to demonstrate the fundamental procedure for retrieving nanoscale features as hidden information. Finally, the concept and a simple demonstration of non-scanning probe microscopy are described as a practical application of the retrieval and authentication of nanoscale artifact metrics.

  6. Land Reform and Food Security | Sanusi | Economic and Policy ...

    African Journals Online (AJOL)

    This paper posits that to achieve a longterm success of land reform in Nigeria and increase its productive capacities for food security, it will require the formulation of an agrarian policy that will balance the competing social and economic needs of the people.

  7. Afghanistan: Post Taliban Governance, Security, and U.S. Policy

    Science.gov (United States)

    2016-09-26

    Governance, Security, and U.S. Policy Congressional Research Service 4 reputation as a brilliant strategist by preventing the Soviets from...the National Guard from several states deployed nine “ Agribusiness Development Teams” to help Afghan farmers with water management, soil

  8. Features of modern security policy UK political parties

    Directory of Open Access Journals (Sweden)

    A. V. Stalovierova

    2015-12-01

    Full Text Available The security policy of the British coalition government of D. Cameron (2010-2015 is summarized; it’s been proved that political forces of Tory and Liberal Democrat should have compromised to carry out unanimous course in the scope of national security, and the problems of the security strategy on parliamentary elections in 2015 are analyzed, particularly the comparative analysis of the modern safety strategy of leading British parties is exercised. Under conditions of the appearance of new challenges and threats, transformation of international safety system, the questions of safety policy often become the object of attention of the British community and experts. The absence of cross-party consensus on most terms of safety strategy of the United Kingdom during the election campaign in 2015 makes the discussion about perspectives of the British safety policy still more urgent. During the election campaign there was no unity on any aspect of security subject between parties. First of all, Labourists, Liberal Democrats, Scottish National Party and Green Party made a statement about readiness to develop cooperation with the EU and the Conservatives and the UK Independence Party were on the side of the Eurosceptics. The opinions of the parties were also divided on military operations abroad, financing and force level. In terms of one-party government and presence of majority in the House of Commons, the Conservatives have opportunities to realize their own vision of British safety policy.

  9. Analysis of information security reliability: A tutorial

    International Nuclear Information System (INIS)

    Kondakci, Suleyman

    2015-01-01

    This article presents a concise reliability analysis of network security abstracted from stochastic modeling, reliability, and queuing theories. Network security analysis is composed of threats, their impacts, and recovery of the failed systems. A unique framework with a collection of the key reliability models is presented here to guide the determination of the system reliability based on the strength of malicious acts and performance of the recovery processes. A unique model, called Attack-obstacle model, is also proposed here for analyzing systems with immunity growth features. Most computer science curricula do not contain courses in reliability modeling applicable to different areas of computer engineering. Hence, the topic of reliability analysis is often too diffuse to most computer engineers and researchers dealing with network security. This work is thus aimed at shedding some light on this issue, which can be useful in identifying models, their assumptions and practical parameters for estimating the reliability of threatened systems and for assessing the performance of recovery facilities. It can also be useful for the classification of processes and states regarding the reliability of information systems. Systems with stochastic behaviors undergoing queue operations and random state transitions can also benefit from the approaches presented here. - Highlights: • A concise survey and tutorial in model-based reliability analysis applicable to information security. • A framework of key modeling approaches for assessing reliability of networked systems. • The framework facilitates quantitative risk assessment tasks guided by stochastic modeling and queuing theory. • Evaluation of approaches and models for modeling threats, failures, impacts, and recovery analysis of information systems

  10. Emergent information technologies and enabling policies for counter-terrorism

    CERN Document Server

    Popp, R

    2006-01-01

    Explores both counter-terrorism and enabling policy dimensions of emerging information technologies in national security After the September 11th attacks, "connecting the dots" has become the watchword for using information and intelligence to protect the United States from future terrorist attacks. Advanced and emerging information technologies offer key assets in confronting a secretive, asymmetric, and networked enemy. Yet, in a free and open society, policies must ensure that these powerful technologies are used responsibly, and that privacy and civil liberties remain protected. Emergent Information Technologies and Enabling Policies for Counter-Terrorism provides a unique, integrated treatment of cutting-edge counter-terrorism technologies and their corresponding policy options. Featuring contributions from nationally recognized authorities and experts, this book brings together a diverse knowledge base for those charged with protecting our nation from terrorist attacks while preserving our civil liberti...

  11. European Energy Policy and Its Effects on Gas Security

    Science.gov (United States)

    Radu, Victorita Stefana Anda

    The goal of this study is to examine the effects of the energy policies of the European Union (EU) on its gas security in the period 2006 to 2016. While energy security is often given a broad meaning, this paper focuses on its external dimension: the EU?s relations with external gas suppliers. It is grounded on four pillars drawing from the compounded institutionalist and liberal theoretical frameworks: regulatory state, rational-choice, external governance, and regime effectiveness. The research question was investigated through a qualitative methodology with two main components: a legislative analysis and four case studies representing the main gas supply options--Russia, North African exporting countries, Norway, and liquefied natural gas (LNG). They highlighted that the EU framed the need for gas security mainly in the context of political risks associated with Russian gas supply, but it almost never took into account other equally important risks. Moreover, the research revealed two main issues. First, that the deeper and the more numerous EU?s energy policies were, the bigger was the magnitude of the effect. Specifically, competitiveness and infrastructure policies had the largest magnitude, while the sustainability and security of supply policies had the smallest effect. Second, EU energy policies only partially diminished the economic and political risks in relation to foreign gas suppliers. To conclude, to a certain extent the EU?s efforts made a positive contribution to the external dimension of the EU?s gas security, but the distinguishing trait remains that there is no consistency in terms of the magnitude of the effect and its nature.

  12. 48 CFR 1339.107-70 - Information security.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... Clause 1352.239-73, Security Requirements for Information Technology Resources, is needed, contracting...

  13. Disaster at a University: A Case Study in Information Security

    Science.gov (United States)

    Ayyagari, Ramakrishna; Tyks, Jonathan

    2012-01-01

    Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small…

  14. Examining the Contribution of Critical Visualisation to Information Security

    NARCIS (Netherlands)

    Hall, Peter A.; Heath, Claude P.; Coles-Kemp, Lizzie; Tanner, Axel

    This paper examines the use of visualisations in the field of information security and in particular focuses on the practice of information security risk assessment. We examine the current roles of information security visualisations and place these roles in the wider information visualisation

  15. 49 CFR 8.9 - Information Security Review Committee.

    Science.gov (United States)

    2010-10-01

    ... 49 Transportation 1 2010-10-01 2010-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review Committee...

  16. Secure medical information sharing in cloud computing.

    Science.gov (United States)

    Shao, Zhiyi; Yang, Bo; Zhang, Wenzheng; Zhao, Yi; Wu, Zhenqiang; Miao, Meixia

    2015-01-01

    Medical information sharing is one of the most attractive applications of cloud computing, where searchable encryption is a fascinating solution for securely and conveniently sharing medical data among different medical organizers. However, almost all previous works are designed in symmetric key encryption environment. The only works in public key encryption do not support keyword trapdoor security, have long ciphertext related to the number of receivers, do not support receiver revocation without re-encrypting, and do not preserve the membership of receivers. In this paper, we propose a searchable encryption supporting multiple receivers for medical information sharing based on bilinear maps in public key encryption environment. In the proposed protocol, data owner stores only one copy of his encrypted file and its corresponding encrypted keywords on cloud for multiple designated receivers. The keyword ciphertext is significantly shorter and its length is constant without relation to the number of designated receivers, i.e., for n receivers the ciphertext length is only twice the element length in the group. Only the owner knows that with whom his data is shared, and the access to his data is still under control after having been put on the cloud. We formally prove the security of keyword ciphertext based on the intractability of Bilinear Diffie-Hellman problem and the keyword trapdoor based on Decisional Diffie-Hellman problem.

  17. The citizen security reconfiguration: The security and coexistence policy for football in Colombia

    Directory of Open Access Journals (Sweden)

    Diego Felipe Puentes Sánchez

    2015-06-01

    Full Text Available Security policies are passing through a crucial time in which management strategies focused on crime, use of force and increasing clampdown on criminal matters, are inefficient in a scenario that promotes a normative spectrum linked to Human Rights seeking to insert the security as a condition for the construction of universal dignity in what the United Nations has called Human Security. This article is inserted in the current citizen security policy debates, to evidence how concepts such as Civic Culture and Culture of Peace are an inexorable prerequisite for the transformation to a Human Security approach, issue that goes through the possibility of promoting such change from perspectives that understand the conflicts in a broader and interdisciplinary manner. In order to this, the policy for security and coexistence for football in Colombia will be analyzed so as to have a practical and concrete example that will allow to evidence the expressed theoretical approaches and also because football has great social importance (economic, political and cultural in Colombia.

  18. The securitisation of pandemic influenza: framing, security and public policy.

    Science.gov (United States)

    Kamradt-Scott, Adam; McInnes, Colin

    2012-01-01

    This article examines how pandemic influenza has been framed as a security issue, threatening the functioning of both state and society, and the policy responses to this framing. Pandemic influenza has long been recognised as a threat to human health. Despite this, for much of the twentieth century it was not recognised as a security threat. In the decade surrounding the new millennium, however, the disease was successfully securitised with profound implications for public policy. This article addresses the construction of pandemic influenza as a threat. Drawing on the work of the Copenhagen School, it examines how it was successfully securitised at the turn of the millennium and with what consequences for public policy.

  19. A secure integrated medical information system.

    Science.gov (United States)

    Hsiao, Tsung-Chih; Wu, Zhen-Yu; Chung, Yu-Fang; Chen, Tzer-Shyong; Horng, Gwo-Boa

    2012-10-01

    The rapid rise and development of the internet has made digitization of our everyday life common. E-medicine, including electronic prescription records, electronic prescriptions, diagnosis information systems, and others are now being regarded as future trends. As development on the structure and format of electronic patient records and prescriptions matures, the implementation of a comprehensive medical information system is imperative, one which is constructed from integrating the various electronic information systems that is being developed. It is important to allow the implementation of such a system applicable to the present medical environment, which facilitates the integration of electronic patient record from all levels of medical centers and clinics, secures the transmission of these integrated patient records between them, enables the combined use of electronic prescriptions with patients' medications, and permits anonymous or confidential transmission of patients' private data. To put the ideas into practice, in this study, we would like to propose an Integrated Medical Information System.

  20. Trends in Research on the Security of Medical Information in Korea: Focused on Information Privacy Security in Hospitals.

    Science.gov (United States)

    Kim, Yong-Woon; Cho, Namin; Jang, Hye-Jung

    2018-01-01

    Information technology involves a risk of privacy violation in providing easy access to confidential information,such as personal information and medical information through the Internet. In this study, we investigated medical information security to gain a better understanding of trends in research related to medical information security. We researched papers published on '의료정보' and 'medical information' in various Korean journals during a 10-year period from 2005 to 2015. We also analyzed these journal papers for each fiscal year; these papers were categorized into the areas of literature research and empirical research, and were further subdivided according to themes and subjects. It was confirmed that 48 papers were submitted to 35 academic journals. There were 33 (68.8%) literature review articles, and analysis of secondary data was not carried out at all. In terms of empirical research, 8 (16.7%) surveys and 7 (14.6%) program developments were studied. As a result of analyzing these papers according to the research theme by research method, 17 (35.4%) papers on laws, systems, and policies were the most numerous. It was found that among the literature research papers on medical personnel were the most common, and among the empirical research papers, research on experts in information protection and medical personnel were the most common. We suggest that further research should be done in terms of social perception, human resource development, and technology development to improve risk management in medical information systems.

  1. Controlled information destruction: the final frontier in preserving information security for every organisation

    Science.gov (United States)

    Curiac, Daniel-Ioan; Pachia, Mihai

    2015-05-01

    Information security represents the cornerstone of every data processing system that resides in an organisation's trusted network, implementing all necessary protocols, mechanisms and policies to be one step ahead of possible threats. Starting from the need to strengthen the set of security services, in this article we introduce a new and innovative process named controlled information destruction (CID) that is meant to secure sensitive data that are no longer needed for the organisation's future purposes but would be very damaging if revealed. The disposal of this type of data has to be controlled carefully in order to delete not only the information itself but also all its splinters spread throughout the network, thus denying any possibility of recovering the information after its alleged destruction. This process leads to a modified model of information assurance and also reconfigures the architecture of any information security management system. The scheme we envisioned relies on a reshaped information lifecycle, which reveals the impact of the CID procedure directly upon the information states.

  2. Engineering Principles for Information Technology Security (A Baseline for Achieving Security)

    National Research Council Canada - National Science Library

    Stoneburner, Gary

    2001-01-01

    The purpose of the Engineering Principles for Information Technology (IT) Security (HP-ITS) is to present a list of system-level security principles to he considered in the design, development, and operation of an information system...

  3. Operational Resilience Improving Criteria in case of Information Security Incidents

    Directory of Open Access Journals (Sweden)

    P. A. Demin

    2012-12-01

    Full Text Available Resilience management system states and behavior are described with the use of fuzzy Petri net. Operational resilience improving criteria in case of information security incidents is defined. Information security incident response management model is introduced.

  4. National Security and the Right to Information in Europe

    DEFF Research Database (Denmark)

    Jacobsen, Amanda Lynn

    2013-01-01

    Full text available at: http://cast.ku.dk/pdf/National_Security_and_the_Right_to_Information.pdf/......Full text available at: http://cast.ku.dk/pdf/National_Security_and_the_Right_to_Information.pdf/...

  5. The Faroe Islands’ Security Policy in a Process of Devolution

    Directory of Open Access Journals (Sweden)

    Beinta í Jákobsstovu

    2012-12-01

    Full Text Available Since the late 1990s there has been a remarkable change in the institutional context of safety and security policies for the Faroes. The end of the Cold War led to a reduction in the strategic importance of, and military presence in, the islands. However, today Faroese sea and air space is increasingly exposed to heavy civilian traffic due to expected oil production as well as new sailing routes from the High North. The Faroese government is in a process, nearly completed, of taking over the full responsibility for societal security policy, a field it used to share with the Danish state authorities. In April 2002, the Faroese authorities took over the responsibility for SAR in Faroese sea territory and established a MRCC Center in Tórshavn. A new civic security law was passed by Løgtingið (the parliament in May 2012. This article discusses micro-states’ options in the international arena; provides a brief overview of the history of Faroese security policy; and discusses the present and future challenges involved in assuring protection and rescue services for the Faroese region of the North Atlantic.

  6. Data survivability vs. security in information systems

    International Nuclear Information System (INIS)

    Levitin, Gregory; Hausken, Kjell; Taboada, Heidi A.; Coit, David W.

    2012-01-01

    A multiple objective problem formulation and solution methodology is presented to select optimal information and data storage configurations considering both data survivability and data security, as well as cost. This paper considers a situation where the information is divided into several separately stored blocks in order to mitigate the risk of unauthorized access or theft. The information can be used only if all of the blocks are accessed. To impede the information theft, the defender prefers to maximize the number of blocks. On the other hand the destruction of any block destroys the integrity of information and makes it impossible to use. To impede the information destruction, the defender prefers to maximize the number of parallel (reserve) copies of each block, regardless how many blocks in series there are. Given the set of available information storage resources, the defender must consider a multi-objective optimization problem to determine how many blocks and their copies to create, and how to distribute them among available resources in order to minimize information vulnerability, insecurity, and storage cost. Non-dominated solutions to this problem are determined using a multiple objective genetic algorithm (MOGA). This methodology is demonstrated with two general examples.

  7. Portunes: generating attack scenarios by finding inconsistencies between security policies in the physical, digital and social domain

    NARCIS (Netherlands)

    Dimkov, T.; Pieters, Wolter; Hartel, Pieter H.

    2009-01-01

    The security goals of an organization are implemented through security policies, which concern physical security, digital security and security awareness. An insider is aware of these security policies, and might be able to thwart the security goals without violating any policies, by combining

  8. The French nuclear policy. A model for security policy in North-East Asia

    International Nuclear Information System (INIS)

    Choe, K.

    1998-01-01

    Between the end of the second world war and the collapse of the Berlin wall, the French diplomacy was based on the nuclear policy in a solid and coherent way. This nuclear policy was an 'incarnation' of the national security conception, allowing France to recover its political, military and economical rank on the international scene. The most important characteristic of the French nuclear policy concerns the commercialization of the nuclear energy which aims to ensuring the national security through the building up of a financial, technological and political 'reserve'. In front of the domination of the USA and USSR during the cold war era, NE Asia had a similar geostrategic configuration as Western Europe. It concerns in particular the massive application of nuclear energy for both military and industrial purposes. The bases of the security policy in this region refers to the real use of the nuclear weapon by the USA against Japan in 1945. The French nuclear policy may be considered as a model for the building of the security policy of NE Asia, in particular through the commercialization of the nuclear technology between the countries in concern. This nuclear approach would allow the countries of these region to change their present day national defense policy into an economical and military cooperation. (J.S.)

  9. BASES OF PUBLIC POLICY FORMATION DIRECTED AT ENSURING BUDGET SECURITY

    Directory of Open Access Journals (Sweden)

    S. Onishchenko

    2015-03-01

    Full Text Available In the article the priorities and public policies that can improve the safety level of the budget of Ukraine have been grounded. Attention on the problems of imbalance and deficiency trends accumulation of public debt has been focused. The detailed analysis of the budget deficit of the European community to further research the main problems of fiscal security has been carried out. The formation of the concept of budget policy should include long-term and medium-term priorities of the state priorities areas have been concluded. Budget policy on public debt must deal with interrelated issues of debt bondage and effective use of public credit, promote economic growth with respect safe level and structure of public debt have been emphasized by author. Debt policy as part of fiscal policy under certain conditions can be a powerful tool to intensify investment and innovation processes in society, promote economic and social development. The reorientation of fiscal policy to address current problems through debt and use it as the basis of investment and innovation development provides an effective public debt management is designed to reduce state budget expenditures on its servicing and repayment, optimizing the scope and structure of debt according to economic growth. The role of debt policy in modern terms increases is clearly subordinate to and consistent with long-term goals and priorities of fiscal policy. There is an urgent development and implementation of effective mechanisms for investing borrowed resources, increasing the efficiency of public investment, including the improvement of organizational, financial, legal and controls. Strategically budget security guarantees only competitive economy, which can be constructed only by recovery and accelerated development of promising sectors of the national economy in the presence of a balanced budget policy. Now there is a tendency to implement only measures to stabilize the political and socio

  10. CRISP. Information Security Models and Their Economics

    International Nuclear Information System (INIS)

    Gustavsson, R.; Mellstrand, P.; Tornqvist, B.

    2005-03-01

    The deliverable D1.6 includes background material and specifications of a CRISP Framework on protection of information assets related to power net management and management of business operations related to energy services. During the project it was discovered by the CRISP consortium that the original description of WP 1.6 was not adequate for the project as such. The main insight was that the original emphasis on cost-benefit analysis of security protection measures was to early to address in the project. This issue is of course crucial in itself but requires new models of consequence analysis that still remains to be developed, especially for the new business models we are investigated in the CRISP project. The updated and approved version of the WP1.6 description, together with the also updated WP2.4 focus on Dependable ICT support of Power Grid Operations constitutes an integrated approach towards dependable and secure future utilities and their business processes. This document (D1.6) is a background to deliverable D2.4. Together they provide a dependability and security framework to the three CRISP experiments in WP3

  11. Controls Mitigating the Risk of Confidential Information Disclosure by Facebook: Essential Concern in Auditing Information Security

    Directory of Open Access Journals (Sweden)

    Ivan Ognyanov Kuyumdzhiev

    2014-08-01

    Full Text Available Facebook allows people to easily share information about themselves which in some cases could be classified as confidential or sensitive in the organisation they’re working for. In this paper we discuss the type of data stored by Facebook and the scope of the terms “confidential” and “sensitive data”. The intersection of these areas shows that there is high possibility for confidential data disclosure in organisations with none or ineffective security policy. This paper proposes a strategy for managing the risks of information leakage. We define five levels of controls against posting non-public data on Facebook - security policy, applications installed on employees’ workstations, specific router software or firmware, software in the cloud, Facebook itself. Advantages and disadvantages of every level are evaluated. As a result we propose developing of new control integrated in the social media.

  12. Practical Methods for Information Security Risk Management

    Directory of Open Access Journals (Sweden)

    Cristian AMANCEI

    2011-01-01

    Full Text Available The purpose of this paper is to present some directions to perform the risk man-agement for information security. The article follows to practical methods through question-naire that asses the internal control, and through evaluation based on existing controls as part of vulnerability assessment. The methods presented contains all the key elements that concurs in risk management, through the elements proposed for evaluation questionnaire, list of threats, resource classification and evaluation, correlation between risks and controls and residual risk computation.

  13. Academic Information Security Researchers: Hackers or Specialists?

    Science.gov (United States)

    Dadkhah, Mehdi; Lagzian, Mohammad; Borchardt, Glenn

    2018-04-01

    In this opinion piece, we present a synopsis of our findings from the last 2 years concerning cyber-attacks on web-based academia. We also present some of problems that we have faced and try to resolve any misunderstandings about our work. We are academic information security specialists, not hackers. Finally, we present a brief overview of our methods for detecting cyber fraud in an attempt to present general guidelines for researchers who would like to continue our work. We believe that our work is necessary for protecting the integrity of scholarly publishing against emerging cybercrime.

  14. Examining the Relationship between Organization Systems and Information Security Awareness

    Science.gov (United States)

    Tintamusik, Yanarong

    2010-01-01

    The focus of this dissertation was to examine the crucial relationship between organization systems within the framework of the organizational behavior theory and information security awareness (ISA) of users within the framework of the information security theory. Despite advanced security technologies designed to protect information assets,…

  15. 41 CFR 105-53.133 - Information Security Oversight Office.

    Science.gov (United States)

    2010-07-01

    ... 41 Public Contracts and Property Management 3 2010-07-01 2010-07-01 false Information Security... FUNCTIONS Central Offices § 105-53.133 Information Security Oversight Office. (a) Creation and authority. The Information Security Oversight Office (ISOO), headed by the Director of ISOO, who is appointed by...

  16. Assessing Information Security Strategies, Tactics, Logic and Framework

    CERN Document Server

    Vladimirov, Andrew; Michajlowski, Andriej

    2010-01-01

    This book deals with the philosophy, strategy and tactics of soliciting, managing and conducting information security audits of all flavours. It will give readers the founding principles around information security assessments and why they are important, whilst providing a fluid framework for developing an astute 'information security mind' capable of rapid adaptation to evolving technologies, markets, regulations, and laws.

  17. Information Security for Business: the Necessity of Reputational Risk Management

    Directory of Open Access Journals (Sweden)

    Vitaly Eduardovich Dorokhov

    2015-06-01

    Full Text Available The article presents the analysis of actual information security problems in commercial segment. The main directions in regulations of the Russian Federation connected with information security assurance are defined. The results indicate the insufficiency of legal regulation in prevention of reputational losses due to information security incidents

  18. 39 CFR 267.5 - National Security Information.

    Science.gov (United States)

    2010-07-01

    ... 39 Postal Service 1 2010-07-01 2010-07-01 false National Security Information. 267.5 Section 267.5... § 267.5 National Security Information. (a) Purpose and scope. The purpose of this section is to provide regulations implementing Executive Order 12356 National Security Information (hereinafter referred to as the...

  19. Exploring Factors that Influence Students' Behaviors in Information Security

    Science.gov (United States)

    Yoon, Cheolho; Hwang, Jae-Won; Kim, Rosemary

    2012-01-01

    Due to the ever-increasing use of the Internet, information security has become a critical issue in society. This is especially the case for young adults who have different attitudes towards information security practices. In this research, we examine factors that motivate college students' information security behaviors. Based on the concept of…

  20. 75 FR 70764 - Small Business Information Security Task Force

    Science.gov (United States)

    2010-11-18

    ... SMALL BUSINESS ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small... publish meeting minutes for the Small Business Information Security Task Force Meeting. DATES: 1 p.m... 2009, SBA submits the meeting minutes for the first meeting of the Small Business Information Security...

  1. 75 FR 77934 - Small Business Information Security Task Force

    Science.gov (United States)

    2010-12-14

    ... SMALL BUSINESS ADMINISTRATION Small Business Information Security Task Force AGENCY: U.S. Small... publish meeting minutes for the Small Business Information Security Task Force Meeting. DATES: 1 p.m... 2009, SBA submits the meeting minutes for the second meeting of the Small Business Information Security...

  2. Beyond the Poverty of National Security: Toward a Critical Human Security Perspective in Educational Policy

    Science.gov (United States)

    Means, Alexander J.

    2014-01-01

    This article examines the intersecting logics of human capital and national security underpinning the corporate school reform movement in the United States. Taking a 2012 policy report by the Council on Foreign Relations as an entry point, it suggests that these logics are incoherent not only on their own narrow instrumental terms, but also more…

  3. 39 CFR 267.4 - Information security standards.

    Science.gov (United States)

    2010-07-01

    ... management: (1) Information system development, (2) Information collection, (3) Information handling and... 39 Postal Service 1 2010-07-01 2010-07-01 false Information security standards. 267.4 Section 267... INFORMATION § 267.4 Information security standards. (a) The Postal Service will operate under a uniform set of...

  4. Information Security Intelligence as a Basis for Modern Information Security Management

    Directory of Open Access Journals (Sweden)

    Natalia Georgievna Miloslavskaya

    2013-12-01

    Full Text Available There is a transfer from the simple Log Management Systems and SIEM systems to those supporting Information Security Intelligence (ISI. ISIe as Business Intelligence enables companies to make more informed business decisions through more effective processing of great volumes of available information concerning their IT infrastructure. The relevance of such a transition is defined. The main goal and advantage of ISI are highlighted. The basic functionality of computer-based systems for ISI are determined.

  5. Credibility of Policy Announcements Under Asymmetric Information

    DEFF Research Database (Denmark)

    Christensen, Michael

    1999-01-01

    In a simple macro-economic model, where the monetary authorities process superior information about a real shocks, the scope for an active stabilization policy is shown to depend on the credibility of the policy maker. Lack of credibility increases the need for an active stabilization policy...

  6. SECURITY AWARENESS – MAJOR PIECE IN THE PUZZLE OF INFORMATION SECURITY

    OpenAIRE

    MARIUS PETRESCU; NICOLETA SÎRBU; ANCA-GABRIELA PETRESCU; MIOARA BRABOVEANU

    2011-01-01

    Information security has come to be recognized as increasingly important because global communication and information systems allow a potentially large number of unauthorized users to access and possibly alter information from around the world. As the dependence on information systems grows, so the security of information networks becomes ever more critical to any entity, no matter if it is a company or a public institution. Information security involves both technology and people. Any securi...

  7. Security Policies from a Spatial Perspective: the Case of Honduras

    Directory of Open Access Journals (Sweden)

    Lirio del Carmen Gutiérrez Rivera

    2014-06-01

    Full Text Available Public insecurity became a central issue for many Hondurans in the late 1990s, as crime, delinquency and homicide increased significantly in the isthmus. Honduras had the second highest homicide rate (35.1 per 100,000 in the region after El Salvador (50.2. per 100,000 . This social violence triggered insecurity and fear, which was further accompanied by the overall perception that the state was unable of relieving or protecting the population. This article looks at the failed attempts of the Honduran state to stop social violence and to control youth gang expansion by focusing on the security policies Cero Tolerancia (Zero Tolerance, Mano Dura (Iron Fist and the Ley Antimaras (Anti-Gang Law. It understands security policies as territorial strategies that attempt to reduce social violence and impose control.

  8. Risk Management as Strategic Change in National Homeland Security Policy

    Science.gov (United States)

    2007-09-01

    management framework under the NIPP, examines how implementation has been managed as strategic change through the lens of change management theory ...implementation has been managed as strategic change through the lens of change management theory , and offers recommendations for improvement. It is...framework been handled as strategic change in homeland security policy? How might change management theory and practice be applied to assess the

  9. Framework for an African policy towards creating cyber security awareness

    CSIR Research Space (South Africa)

    Dlamini, IZ

    2011-05-01

    Full Text Available , Council for Scientific and Industrial Research, Pretoria, RSA 2 Meraka, Council for Scientific and Industrial Research, Pretoria, RSA 3 Cyber Security Department, Department of Communications, Pretoria, RSA idlamini@csir.co.za btaute@csir.co.za jabur... for the development of the proposed framework. The review will analyse the extent to which these policies address awareness as well as related issues such as education, support to industry and citizens, collaboration and increase in technical expertise, and linkages...

  10. Do Economic Theories Inform Policy?

    DEFF Research Database (Denmark)

    Bartalevich, Dzmitry

    Adopting the (institutionalist) premise that ideas and the economic theories within which they are embedded influence policy, the dissertation investigates the influence of the Chicago School of antitrust analysis on the competition policy of the European Union (EU). The dissertation encapsulates...... three articles. The first article employs qualitative content analysis to assess whether and the extent to which the European Commission incorporates Chicago School theory into EU competition policy. It does so on the basis of current Commission Guidelines, Notices, and Block Exemption Regulations...... the Harvard School, the Freiburg School, and considerations for Single Market integration underpin EU merger control, in addition to the influence of the Chicago School. The analysis presented in the articles suggests that the Chicago School has exerted considerable influence over EU competition policy...

  11. Efficient Attribute-Based Secure Data Sharing with Hidden Policies and Traceability in Mobile Health Networks

    Directory of Open Access Journals (Sweden)

    Changhee Hahn

    2016-01-01

    Full Text Available Mobile health (also written as mHealth provisions the practice of public health supported by mobile devices. mHealth systems let patients and healthcare providers collect and share sensitive information, such as electronic and personal health records (EHRs at any time, allowing more rapid convergence to optimal treatment. Key to achieving this is securely sharing data by providing enhanced access control and reliability. Typically, such sharing follows policies that depend on patient and physician preferences defined by a set of attributes. In mHealth systems, not only the data but also the policies for sharing it may be sensitive since they directly contain sensitive information which can reveal the underlying data protected by the policy. Also, since the policies usually incur linearly increasing communication costs, mHealth is inapplicable to resource-constrained environments. Lastly, access privileges may be publicly known to users, so a malicious user could illegally share his access privileges without the risk of being traced. In this paper, we propose an efficient attribute-based secure data sharing scheme in mHealth. The proposed scheme guarantees a hidden policy, constant-sized ciphertexts, and traces, with security analyses. The computation cost to the user is reduced by delegating approximately 50% of the decryption operations to the more powerful storage systems.

  12. A model for best practice driven information security governance

    OpenAIRE

    2008-01-01

    To ensure the likely success of an organisation’s Information Security Governance, discipline leaders recommend that organisations follow the guidelines as set out in Information Security Governance best practice documents. Best practices and related documents from the Information Security Governance discipline, as well as best practices and related documents from the Corporate Governance and Information Technology Governance disciplines, all include sections pertaining to Information Securit...

  13. Information security architecture an integrated approach to security in the organization

    CERN Document Server

    Killmeyer, Jan

    2006-01-01

    Information Security Architecture, Second Edition incorporates the knowledge developed during the past decade that has pushed the information security life cycle from infancy to a more mature, understandable, and manageable state. It simplifies security by providing clear and organized methods and by guiding you to the most effective resources available.

  14. The information security of children: Self-regulatory approaches.

    Directory of Open Access Journals (Sweden)

    Vartanova E.L.

    2014-09-01

    Full Text Available The 21st century has been characterized by tremendous changes in mass-media systems. The rapid growth of the Internet, inspired by the progress of communication technologies and digitalization, has resulted in the rise of new interactive media. Developments contributing to the scope and speed of media production and distribution have drawn particular attention to the information security of audiences – in particular, to protecting children from content that might be harmful and not appropriate for their age. Unlike adults, who are accustomed to living in an information-rich society, children cannot understand and filter content. Digital media, with their profound effects on a young audience, definitely affect children’s psychology and emotions. Recognizing this development, the most economically advanced countries have elaborated specific media policies to ensure that children receive the advantages of new media and simultaneously are kept safe from harmful content. These policies, aimed at traditional media (press and analogue broadcasting, have been based on legal approaches, but in digital reality laws do not always produce the same desired effects because the law-making process often does not keep up with technological change. Governments, therefore, have to share their responsibilities with the nongovernmental – private business and civil– sectors. Even countries with strong government influence over public life, such as Singapore, are working toward a co-regulated and self-regulated mass-media industry. Many foreign countries, including those in Western Europe, North America, and Asia, already have experience with these policies. The article reviews practices in the field of media aimed at guaranteeing children’s information security and at opposing harmful content. It points to key aspects of the regulation of market-driven media content in different countries.

  15. Cyber-crime Science = Crime Science + Information Security

    NARCIS (Netherlands)

    Hartel, Pieter H.; Junger, Marianne; Wieringa, Roelf J.

    2010-01-01

    Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality,

  16. The chief information security officer insights, tools and survival skills

    CERN Document Server

    Kouns, Barry

    2011-01-01

    Chief Information Security Officers are bombarded with huge challenges every day, from recommending security applications to strategic thinking and business innovation. This guide describes the hard and soft skills that a successful CISO requires: not just a good knowledge of information security, but also attributes such as flexibility and communication skills.

  17. Effect of Organizational Factors on Information Security Implementations

    Science.gov (United States)

    Perez, Rafael G.

    2013-01-01

    The purpose of this quantitative inferential study is to determine the level of correlation between the organizational factors of information security awareness, balanced security processes, and organizational structure with the size of the estimation gap of information security implementations mediated by the end user intentionality. The study…

  18. Institutionalization of Information Security: Case of the Indonesian Banking Sector

    Science.gov (United States)

    Nasution, Muhamad Faisal Fariduddin Attar

    2012-01-01

    This study focuses on the institutionalization of information security in the banking sector. This study is important to pursue since it explicates the internalization of information security governance and practices and how such internalization develops an organizational resistance towards security breach. The study argues that information…

  19. INTERVALS OPTIMIZATION OF SYSTEMS INFORMATION SECURITY INSPECTION

    Directory of Open Access Journals (Sweden)

    V. A. Bogatyrev

    2014-09-01

    Full Text Available A Markov model is suggested for secure information systems, functioning under conditions of destructive impacts, which aftereffects are found by on-line and test control. It is assumed that on-line control, in contrast to the test one, is char- acterized by the limited control completeness, but does not require the stopping of computational process. The aim of re- search is to create models that optimize intervals of test control initialization by the criterion of probability maximization for system stay in the ready state to secure fulfillment of the functional requests and minimization of the dangerous system states in view of the uncertainty and intensity variance of the destructive impacts. Variants of testing intervals optimization are con- sidered depending on the intensity of destructive impacts by the criterion of the maximum system availability for the safe execution of queries. Optimization is carried out with and without adaptation to the actual intensity change of destructive impacts. The efficiency of adaptive change for testing periods is shown depending on the observed activity of destructive impacts. The solution of optimization problem is obtained by built-in tools of computer mathematics Mathcad 15, including symbolic mathematics for solution of systems of algebraic equations. The proposed models and methods of determining the optimal testing intervals can find their application in the system design of computer systems and networks of critical applications, working under conditions of destabilizing actions with the increased requirements for their safety.

  20. Securing military information systems on public infrastructure

    CSIR Research Space (South Africa)

    Botha, P

    2015-03-01

    Full Text Available to private encrypted networks. Several security mechanisms from commercial enterprise and social networking systems were adopted and customised in order to secure Cmore, a Web based real time distributed command and control system developed by the Council...

  1. Business Information Exchange System with Security, Privacy, and Anonymity

    Directory of Open Access Journals (Sweden)

    Sead Muftic

    2016-01-01

    Full Text Available Business Information Exchange is an Internet Secure Portal for secure management, distribution, sharing, and use of business e-mails, documents, and messages. It has three applications supporting three major types of information exchange systems: secure e-mail, secure instant messaging, and secure sharing of business documents. In addition to standard security services for e-mail letters, which are also applied to instant messages and documents, the system provides innovative features of privacy and full anonymity of users and their locations, actions, transactions, and exchanged resources. In this paper we describe design, implementation, and use of the system.

  2. Information System Security: Government Information Security Reform Act Implementation: Defense Security Assistance Management System

    National Research Council Canada - National Science Library

    Young, Shelton

    2002-01-01

    .... Of the 560 systems, the Office of the Inspector General of the Department of Defense, the Defense Information Systems Agency Inspector General, and Military Department audit agencies assessed a sample of 115 systems...

  3. China's Quest for Energy; Impact upon Foreign and Security Policy

    International Nuclear Information System (INIS)

    Kiesow, Ingolf

    2004-11-01

    Contrary to Chinese intentions, the proportion of China's imports coming from potentially unstable countries is steadily increasing. As a response, China tries to diversify its sources of import and to own the oil when loaded in an export harbour. In spite of very high costs and political problems, China tries to import oil and gas from owned fields in Central Asia through pipelines. In the case of China, the competition is evident on the highest international level. Especially with Japan, this tends to make already previously sensitive relations deteriorate. China has territorial disputes with several neighbouring countries that are becoming more complicated by the fact that there is oil and gas on the bottom of the sea in the disputed area. Relations with Russia have been complicated. Since the 1990s they are on their way of being steadily improved, but they become strained, when Japan is given priority access to oil fields in Siberia. The sensitive relations with the U.S. tend to be impaired by China's ways of getting access to more secure supply of oil and gas. Chinese efforts to get a more attractive foreign policy profile is on the other hand alleviating but does not eliminate the potential of the energy issue to complicate. China's foreign and security policy relations. The European Union seems to be on its way to introduce energy questions as a field of common policy. This is a reason for Sweden to study the development. It is a matter of special interest that China has proposed an 'Energy Dialogue between Asia and Europe' about the resources and the Eurasian continent. The Chinese example illustrates the need for a Swedish energy security policy and plans for energy crisis preparedness

  4. Exploring Information Security and Shared Encrypted Spaces in Libraries

    Directory of Open Access Journals (Sweden)

    Keith Engwall

    2015-07-01

    Full Text Available Libraries are sensitive to the need to protect patron data, but may not take measures to protect the data of the library. However, in an increasingly collaborative online environment, the protection of data is a concern that merits attention. As a follow-up to a new patron privacy policy, the Oakland University William Beaumont Medical Library evaluated information security tools for use in day-to-day operations in an attempt to identify ways to protect private information in communication and shared storage, as well as a means to manage passwords in a collaborative team environment. This article provides an overview of encryption measures, outlines the Medical Library’s evaluation of encryption tools, and reflects on the benefits and challenges in their adoption and use.

  5. An Information Security Control Assessment Methodology for Organizations

    Science.gov (United States)

    Otero, Angel R.

    2014-01-01

    In an era where use and dependence of information systems is significantly high, the threat of incidents related to information security that could jeopardize the information held by organizations is more and more serious. Alarming facts within the literature point to inadequacies in information security practices, particularly the evaluation of…

  6. Embedding security messages in existing processes: a pragmatic and effective approach to information security culture change

    CERN Document Server

    Lopienski, Sebastian

    Companies and organizations world-wide depend more and more on IT infrastructure and operations. Computer systems store vital information and sensitive data; computing services are essential for main business processes. This high dependency comes with a number of security risks, which have to be managed correctly on technological, organizational and human levels. Addressing the human aspects of information security often boils down just to procedures, training and awareness raising. On the other hand, employees and collaborators do not adopt security attitude and habits simply when told to do so – a real change in behaviour requires an established security culture. But how to introduce a security culture? This thesis outlines the need of developing or improving security culture, and discusses how this can be done. The proposed approach is to gradually build security knowledge and awareness, and influence behaviours. The way to achieve this is to make security communication pervasive by embedding security me...

  7. Cyber Security Policy. A methodology for Determining a National Cyber-Security Alert Level

    Directory of Open Access Journals (Sweden)

    Dan Constantin TOFAN

    2012-01-01

    Full Text Available Nowadays, assuring the security of the national cyber-space has become a big issue that can only be tackled through collaborative approaches. Threats cannot be confined to a single computer system just as much as computer systems are rendered useless without being con-nected to a supporting network. The authors of this article propose an innovative architecture of a system designated to help governments collect and analyze data about cyber-security in-cidents, from different organizations, dispersed nationwide, and acting within various economic sectors. The collected data will make us able to determine a national cyber-security alert score that could help policy makers in establishing the best strategies for protecting the national cyber-space.

  8. Security leader insights for information protection lessons and strategies from leading security professionals

    CERN Document Server

    Fahy, Bob

    2014-01-01

    How do you, as a busy security executive or manager, stay current with evolving issues, familiarize yourself with the successful practices of your peers, and transfer this information to build a knowledgeable, skilled workforce the times now demand? With Security Leader Insights for Information Protection, a collection of timeless leadership best practices featuring insights from some of the nation's most successful security practitioners, you can. This book can be used as a quick and effective resource to bring your security staff up to speed on security's role in information protection. I

  9. Information Security in the 1990s: Keeping the Locks on.

    Science.gov (United States)

    Kovac, Ron J.

    1999-01-01

    As the Internet proliferates, it drastically increases an institution's level of data insecurity. Hacker attacks can result in denial of service, data corruption or erasure, and passive theft (via spoofing, splicing, or session stealing). To ensure data security, a firewall (screening software program) and a security policy should be implemented.…

  10. Welfare, Liberty, and Security for All? U.S. Sex Education Policy and the 1996 Title V Section 510 of the Social Security Act.

    Science.gov (United States)

    Lerner, Justin E; Hawkins, Robert L

    2016-07-01

    When adolescents delay (meaning they wait until after middle school) engaging in sexual intercourse, they use condoms at higher rates and have fewer sexual partners than those who have sex earlier, thus resulting in a lower risk for unintended pregnancies and sexually transmitted infections. The 1996 Section 510 of Title V of the Social Security Act (often referred to as A-H) is a policy that promotes abstinence-only-until-marriage education (AOE) within public schools. Using Stone's (2012) policy analysis framework, this article explores how A-H limits welfare, liberty, and security among adolescents due to the poor empirical outcomes of AOE policy. We recommend incorporating theory-informed comprehensive sex education in addition to theory-informed abstinence education that utilizes Fishbein and Ajzen's (2010) reasoned action model within schools in order to begin to address adolescent welfare, liberty, and security.

  11. THE FOREIGN AND SECURITY POLICIES OF THE EUROPEAN UNION

    Directory of Open Access Journals (Sweden)

    Anand Menon

    2003-09-01

    Full Text Available In only a decade the European Union has moved from being a new kid on the block in terms of foreign and security policies to being a high profile and surprisingly effective international actor. Certainly, it has failed to match the ambitions of some of its most enthusiastic proponents. Certainly, too, European publics know next to nothing about what the Union does in the international realm. It is because of this that, despite their potential and their effectiveness to date, EU policies in this sphere were widely derided as failures following the moment when the attacks of 11 September 2001 shook the western world to its core. The Convention on the Future of Europe and subsequent intergovernmental conference look set to make significant institutional changes to the Union’s foreign and security policy systems. In undertaking these reforms, Convention members, and national governments are doubtless motivated by the laudable objective of enabling the Union to do more on the international stage. One can only hope that these motives notwithstanding, they do not simply propose reforms for their own sake and, in the process, undermine a system that, to the surprise of many, has continued to function respectably in an ever more complex and ever more dangerous world.

  12. Dynamic reconfiguration of security policies in wireless sensor networks.

    Science.gov (United States)

    Pinto, Mónica; Gámez, Nadia; Fuentes, Lidia; Amor, Mercedes; Horcas, José Miguel; Ayala, Inmaculada

    2015-03-04

    Providing security and privacy to wireless sensor nodes (WSNs) is very challenging, due to the heterogeneity of sensor nodes and their limited capabilities in terms of energy, processing power and memory. The applications for these systems run in a myriad of sensors with different low-level programming abstractions, limited capabilities and different routing protocols. This means that applications for WSNs need mechanisms for self-adaptation and for self-protection based on the dynamic adaptation of the algorithms used to provide security. Dynamic software product lines (DSPLs) allow managing both variability and dynamic software adaptation, so they can be considered a key technology in successfully developing self-protected WSN applications. In this paper, we propose a self-protection solution for WSNs based on the combination of the INTER-TRUST security framework (a solution for the dynamic negotiation and deployment of security policies) and the FamiWare middleware (a DSPL approach to automatically configure and reconfigure instances of a middleware for WSNs).We evaluate our approach using a case study from the intelligent transportation system domain.

  13. Dynamic Reconfiguration of Security Policies in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Mónica Pinto

    2015-03-01

    Full Text Available Providing security and privacy to wireless sensor nodes (WSNs is very challenging, due to the heterogeneity of sensor nodes and their limited capabilities in terms of energy, processing power and memory. The applications for these systems run in a myriad of sensors with different low-level programming abstractions, limited capabilities and different routing protocols. This means that applications for WSNs need mechanisms for self-adaptation and for self-protection based on the dynamic adaptation of the algorithms used to provide security. Dynamic software product lines (DSPLs allow managing both variability and dynamic software adaptation, so they can be considered a key technology in successfully developing self-protected WSN applications. In this paper, we propose a self-protection solution for WSNs based on the combination of the INTER-TRUST security framework (a solution for the dynamic negotiation and deployment of security policies and the FamiWare middleware (a DSPL approach to automatically configure and reconfigure instances of a middleware for WSNs.We evaluate our approach using a case study from the intelligent transportation system domain.

  14. Information Sharing and Environmental Policies

    Directory of Open Access Journals (Sweden)

    Nikos Tsakiris

    2010-10-01

    Full Text Available Based on the assumption that in a standard eco-dumping model governments are uncertain about future product demand and allowing governments to obtain information from firms, we examine governments’ and firms’ incentives to share information. We show that when governments regulate polluting firms through emission standards, then governments and firms will reach an agreement concerning information sharing. The opposite holds when governments regulate pollution through emission taxes.

  15. U.S. energy security: problems and policies

    Energy Technology Data Exchange (ETDEWEB)

    Toman, M.A

    2002-12-15

    The reemergence of concern about energy security in the wake of the September 2001 terror attacks amplified a theme that was already present in U.S. energy policy debates. Energy security was a central theme in the Bush administration energy policy report released by Vice President Cheney in the spring of 2001. World oil prices rose from about 10 dollar a barrel in 1998 to more than 30 dollar a barrel in late 2000. Prices trended down through most of 2001 to below 20 dollar a barrel, although the combined effect of improving economic conditions, OPEC supply cuts, and Middle East conflict (both actual and potential) have recently brought prices back into the dollar 25 per barrel neighborhood. In 2000 the United States imported almost 60 percent of the petroleum it consumed; imports from the Organization of Petroleum Exporting Countries (OPEC) made up about a quarter of total U.S. consumption. In previous energy security debates in the U.S., most of the attention has been on international oil markets and geopolitics. This time, even before September 11, the energy security debate had a much larger domestic component. The 2001 ''electricity market meltdown'' in California raised large concerns there and nationwide about the causes and consequences of electricity shortages and price volatility. The concerns run so deep that they are likely to have a significant effect on the ongoing debate about restructuring of the power sector though the nature of that effect remains to be determined. Similarly, periods of sharply rising motor fuels prices over the past few years increases well beyond what would be implied just by crude oil price volatility have led to concerns about the effects on households and commerce. All of these concerns are only amplified by worries about attacks on critical energy infrastructure. (author)

  16. U.S. energy security: problems and policies

    International Nuclear Information System (INIS)

    Toman, M.A.

    2002-12-01

    The reemergence of concern about energy security in the wake of the September 2001 terror attacks amplified a theme that was already present in U.S. energy policy debates. Energy security was a central theme in the Bush administration energy policy report released by Vice President Cheney in the spring of 2001. World oil prices rose from about 10 dollar a barrel in 1998 to more than 30 dollar a barrel in late 2000. Prices trended down through most of 2001 to below 20 dollar a barrel, although the combined effect of improving economic conditions, OPEC supply cuts, and Middle East conflict (both actual and potential) have recently brought prices back into the dollar 25 per barrel neighborhood. In 2000 the United States imported almost 60 percent of the petroleum it consumed; imports from the Organization of Petroleum Exporting Countries (OPEC) made up about a quarter of total U.S. consumption. In previous energy security debates in the U.S., most of the attention has been on international oil markets and geopolitics. This time, even before September 11, the energy security debate had a much larger domestic component. The 2001 ''electricity market meltdown'' in California raised large concerns there and nationwide about the causes and consequences of electricity shortages and price volatility. The concerns run so deep that they are likely to have a significant effect on the ongoing debate about restructuring of the power sector though the nature of that effect remains to be determined. Similarly, periods of sharply rising motor fuels prices over the past few years increases well beyond what would be implied just by crude oil price volatility have led to concerns about the effects on households and commerce. All of these concerns are only amplified by worries about attacks on critical energy infrastructure. (author)

  17. Trends in Research on the Security of Medical Information in Korea: Focused on Information Privacy Security in Hospitals

    Science.gov (United States)

    Kim, Yong-Woon; Cho, Namin

    2018-01-01

    Objectives Information technology involves a risk of privacy violation in providing easy access to confidential information,such as personal information and medical information through the Internet. In this study, we investigated medical information security to gain a better understanding of trends in research related to medical information security. Methods We researched papers published on ‘의료정보’ and ‘medical information’ in various Korean journals during a 10-year period from 2005 to 2015. We also analyzed these journal papers for each fiscal year; these papers were categorized into the areas of literature research and empirical research, and were further subdivided according to themes and subjects. Results It was confirmed that 48 papers were submitted to 35 academic journals. There were 33 (68.8%) literature review articles, and analysis of secondary data was not carried out at all. In terms of empirical research, 8 (16.7%) surveys and 7 (14.6%) program developments were studied. As a result of analyzing these papers according to the research theme by research method, 17 (35.4%) papers on laws, systems, and policies were the most numerous. It was found that among the literature research papers on medical personnel were the most common, and among the empirical research papers, research on experts in information protection and medical personnel were the most common. Conclusions We suggest that further research should be done in terms of social perception, human resource development, and technology development to improve risk management in medical information systems. PMID:29503754

  18. Energy policy seesaw between security and protecting the environment

    International Nuclear Information System (INIS)

    Finon, D.

    1994-01-01

    It is just the price of oil that causes the energy policies of importing countries to vacillate. Changing perceptions of energy supply factors has had as much to do with transfiguring government action modes since 1973 as has the idea of the legitimacy of that action. The present paper thus draws a parallel between the goal of energy security twenty years ago and that of global environmental protection today, which explains the critical reversion to a view of minimum government action in the energy field - a view that marked the eighties. (author). 20 refs

  19. Science and Security Policy: The Case of Advanced Pathogens

    International Nuclear Information System (INIS)

    Harris, E. D.

    2007-01-01

    The revolution in biotechnology presents unprecedented opportunities and dangers for the health and well being of mankind. Today, one can plausibly imagine the eradication of many historic diseases. One can also envisage the creation of new diseases that would endanger a substantial proportion of the entire human species. As powerful applications for biotechnology research are identified, appropriate arrangements for managing their extraordinary consequences will inevitably become necessary. This presentation will explore recent efforts to balance science and security policy in the area of advanced biotechnology research. Key developments on the dual-use issue will be discussed, together with a variety of governance options aimed at mitigating the risk from such research. (author)

  20. INFORMATION SECURITY: IRS Electronic Filing Systems

    National Research Council Canada - National Science Library

    2001-01-01

    ...) computer controls over its external access points and internal networks and systems, we assessed the effectiveness of key computer controls designed to ensure the security, privacy, and reliability...

  1. Management of organizations in Serbia from the aspect of the maturity analysis of information security

    Directory of Open Access Journals (Sweden)

    Trivan Dragan

    2016-01-01

    Full Text Available The aim of this work is focused on research of information security in organizations, with a focus on cybersecurity. In accordance with the theoretical analysis, the subject of the empirical part of the work is the analysis of information security in Serbia, in order to better understand the information security programs and management structures in organizations in Serbia. The survey covers a variety of industries and discusses how organizations assess, develop, create and support their programs to ensure information security. The survey included 53 companies. The results that were obtained enabled us to select five core elements of the program on the state of information security and cybersecurity in Serbian companies: most companies had not been exposed to cybersecurity incidents; in most companies policy, procedures and spheres of responsibility for information security exist, there are not enough controls to ensure compliance with relevant safety standards by third parties, top management and end-users are insufficiently familiar with cybersecurity risks, although they apply basic measures of protection, safety protection systems are very rare. The scientific goal of this work is to, on the basis of the results obtained, make conclusions that can contribute to the study of corporate information security with special emphasis on cybersecurity. The practical aim of the research is the application of the results for more efficient implementation process of security against cyber attacks in the Serbian organizations.

  2. Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    2007-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most

  3. Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    2006-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most

  4. Specifying Information Security Needs for the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; van Eck, Pascal

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. We propose to explicitly link security requirements with the organizations' business vision, i.e. to provide business rationale for security requirements. The rationale is then

  5. Cyber-crime Science = Crime Science + Information Security

    OpenAIRE

    Hartel, Pieter H.; Junger, Marianne; Wieringa, Roelf J.

    2010-01-01

    Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality, integrity, and availability of information assets but is less strong on the empirical study of the effectiveness of these techniques. Crime Science studies the effect of crime prevention techniques empi...

  6. Information Aggregation, Currency Swaps, and the Design of Derivative Securities

    OpenAIRE

    Chowdhry, Bhagwan; Grinblatt, Mark

    1997-01-01

    A model of security design based on the principle of information aggregation and alignment is used to show that (i) firms needing to finance their operations should issue different securities to different groups of investors in order to aggregate their disparate information and (ii) each security should be highly correlated (closely aligned) with the private information signal of the investor to whom it is marketed. This alignment reduces the adverse selection penalty paid by a firm with su...

  7. Best practices show the way to information security maturity

    CSIR Research Space (South Africa)

    Lessing, MM

    2008-09-01

    Full Text Available is not to promote the use of the generic Security Maturity Model, but to use this model only for comparison reasons. Leading to the idea of classifying the best practice Information Security Governance model as a Security Maturity Model, was the Cadbury...

  8. 49 CFR 1520.5 - Sensitive security information.

    Science.gov (United States)

    2010-10-01

    ..., including threats against cyber infrastructure. (8) Security measures. Specific details of aviation... 49 Transportation 9 2010-10-01 2010-10-01 false Sensitive security information. 1520.5 Section 1520.5 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY...

  9. ROMANIA AND THE EU'S COMMON FOREIGN AND SECURITY POLICY

    Directory of Open Access Journals (Sweden)

    Daniel Călin

    2003-03-01

    Full Text Available Within this article, the author tries to sum up the most salient steps undertaken by Romania on the way to the EU, with respect to an area of particular importance for the Union, i.e. CFSP. After a presentation on its actions in CFSP area, one reviews in short the stances adopted by Romania vis-à-vis the new child of EU policies, i.e. ESDP, as well as towards the Romanian involvement / participation in military crisis management. In the end, the European security policy and the enlargement of both the EU and NATO are assessed in the light of the coming IGC and against the background of the 9/11 events.

  10. Information security management system planning for CBRN facilities

    Energy Technology Data Exchange (ETDEWEB)

    Lenaeu, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)

    2015-12-01

    The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

  11. 48 CFR 2452.239-71 - Information Technology Virus Security.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor hereby...

  12. Department of Energy security program needs effective information systems

    International Nuclear Information System (INIS)

    1991-10-01

    Although security is an important, nearly billion-dollar-a-year function in the Department of Energy (DOE), key information systems that hold important data about security weaknesses and incidents have limited analytical capabilities and contain unreliable information. The resultant difficulty in identifying patterns and trends reduces managers' ability to ensure the effectiveness of the security program. Resources are also wasted because DOE has deployed incompatible systems that are unable to electronically share or transfer data, often forcing employees to manually re-enter data that are already stored in computers elsewhere. Finally, continuing data problems with other important security information systems, such as those used to track security clearances and classified documents, indicate that information system deficiencies are extensive. A major reason for these problems is that DOE has not done a comprehensive, strategic assessment of its information and information technology needs of the security program. DOE's efforts are fragmented because it has not assigned to any organization the leadership responsibility to determine security information needs and to plan and manage security information resources Department-wide. This paper reports that a number of changes are needed to correct these problems and take advantage of information technology to help strengthen the security program

  13. Information security system quality assessment through the intelligent tools

    Science.gov (United States)

    Trapeznikov, E. V.

    2018-04-01

    The technology development has shown the automated system information security comprehensive analysis necessity. The subject area analysis indicates the study relevance. The research objective is to develop the information security system quality assessment methodology based on the intelligent tools. The basis of the methodology is the information security assessment model in the information system through the neural network. The paper presents the security assessment model, its algorithm. The methodology practical implementation results in the form of the software flow diagram are represented. The practical significance of the model being developed is noted in conclusions.

  14. Information security governance simplified from the boardroom to the keyboard

    CERN Document Server

    Fitzgerald, Todd

    2011-01-01

    Security practitioners must be able to build cost-effective security programs while also complying with government regulations. Information Security Governance Simplified: From the Boardroom to the Keyboard lays out these regulations in simple terms and explains how to use control frameworks to build an air-tight information security (IS) program and governance structure. Defining the leadership skills required by IS officers, the book examines the pros and cons of different reporting structures and highlights the various control frameworks available. It details the functions of the security d

  15. Promoting Economic Security through Information Technology ...

    African Journals Online (AJOL)

    The problem of economic insecurity is a global threat to national security. In Nigeria today, we have witness a lot of national security issues that risks the continued existence of the country as one indivisible political entity with many calling for disintegration. Hitherto, many terrorist networks have sprang up in many parts of ...

  16. Promoting Economic Security through Information Technology Abstract

    African Journals Online (AJOL)

    PROF. O. E. OSUAGWU

    2013-12-01

    Dec 1, 2013 ... Abstract. The problem of economic insecurity is a global threat to national security. In Nigeria today, we have witness a lot of national security issues that risks the continued existence of the country as one indivisible political entity with many calling for disintegration. Hitherto, many terrorist networks have ...

  17. Promoting Economic Security through Information Technology Abstract

    African Journals Online (AJOL)

    PROF. O. E. OSUAGWU

    2013-12-01

    Dec 1, 2013 ... a major component of economic growth and innovation in other areas of society and the economy. As the President's. Council of Advisors on Science and. Technology acknowledged in ... America's security, economy, and quality of life, The .... Sharing will greatly improve the ability of the security agencies ...

  18. Secure Broadcasting with Uncertain Channel State Information

    KAUST Repository

    Hyadi, Amal

    2017-03-13

    We investigate the problem of secure broadcasting over fast fading channels with imperfect main channel state information (CSI) at the transmitter. In particular, we analyze the effect of the noisy estimation of the main CSI on the throughput of a broadcast channel where the transmission is intended for multiple legitimate receivers in the presence of an eavesdropper. Besides, we consider the realistic case where the transmitter is only aware of the statistics of the eavesdropper\\'s CSI and not of its channel\\'s realizations. First, we discuss the common message transmission case where the source broadcasts the same information to all the receivers, and we provide an upper and a lower bounds on the ergodic secrecy capacity. For this case, we show that the secrecy rate is limited by the legitimate receiver having, on average, the worst main channel link and we prove that a non-zero secrecy rate can still be achieved even when the CSI at the transmitter is noisy. Then, we look at the independent messages case where the transmitter broadcasts multiple messages to the receivers, and each intended user is interested in an independent message. For this case, we present an expression for the achievable secrecy sum-rate and an upper bound on the secrecy sum-capacity and we show that, in the limit of large number of legitimate receivers K, our achievable secrecy sum-rate follows the scaling law log((1-a ) log(K)), where is the estimation error variance of the main CSI. The special cases of high SNR, perfect and no-main CSI are also analyzed. Analytical derivations and numerical results are presented to illustrate the obtained expressions for the case of independent and identically distributed Rayleigh fading channels.

  19. Secure Broadcasting with Uncertain Channel State Information

    KAUST Repository

    Hyadi, Amal

    2016-01-06

    We investigate the problem of secure broadcasting over fast fading channels with imperfect main channel state information (CSI) at the transmitter. In particular, we analyze the effect of the noisy estimation of the main CSI on the throughput of a broadcast channel where the transmission is intended for multiple legitimate receivers in the presence of an eavesdropper. Besides, we consider the realistic case where the transmitter is only aware of the statistics of the eavesdropper s CSI and not of its channel s realizations. First, we discuss the common message transmission case where the source broadcasts the same information to all the receivers, and we provide an upper and a lower bounds on the ergodic secrecy capacity. For this case, we show that the secrecy rate is limited by the legitimate receiver having, on average, the worst main channel link and we prove that a non-zero secrecy rate can still be achieved even when the CSI at the transmitter is noisy. Then, we look at the independent messages case where the transmitter broadcasts multiple messages to the receivers, and each intended user is interested in an independent message. For this case, we present an expression for the achievable secrecy sum-rate and an upper bound on the secrecy sum-capacity and we show that, in the limit of large number of legitimate receivers K, our achievable secrecy sum-rate follows the scaling law log((1-a ) log(K)), where is the estimation error variance of the main CSI. The special cases of high SNR, perfect and no-main CSI are also analyzed. Analytical derivations and numerical results are presented to illustrate the obtained expressions for the case of independent and identically distributed Rayleigh fading channels.

  20. Cyber-Security Issues in Healthcare Information Technology.

    Science.gov (United States)

    Langer, Steve G

    2017-02-01

    In 1999-2003, SIIM (then SCAR) sponsored the creation of several special topic Primers, one of which was concerned with computer security. About the same time, a multi-society collaboration authored an ACR Guideline with a similar plot; the latter has recently been updated. The motivation for these efforts was the launch of Health Information Portability and Accountability Act (HIPAA). That legislation directed care providers to enable the portability of patient medical records across authorized medical centers, while simultaneously protecting patient confidentiality among unauthorized agents. These policy requirements resulted in the creation of numerous technical solutions which the above documents described. While the mathematical concepts and algorithms in those papers are as valid today as they were then, recent increases in the complexity of computer criminal applications (and defensive countermeasures) and the pervasiveness of Internet connected devices have raised the bar. This work examines how a medical center can adapt to these evolving threats.

  1. Information frictions and monetary policy

    Czech Academy of Sciences Publication Activity Database

    Matějka, Filip

    2012-01-01

    Roč. 6, č. 1 (2012), s. 7-24 ISSN 1802-792X Institutional support: RVO:67985998 Keywords : nominal rigidity * information frictions * monetary economics Subject RIV: AH - Economics http://www.vsfs.cz/periodika/acta-2012-01.pdf

  2. Using Financial Instruments to Transfer the Information Security Risks

    Directory of Open Access Journals (Sweden)

    Pankaj Pandey

    2016-05-01

    Full Text Available For many individuals and organizations, cyber-insurance is the most practical and only way of handling a major financial impact of an information security event. However, the cyber-insurance market suffers from the problem of information asymmetry, lack of product diversity, illiquidity, high transaction cost, and so on. On the other hand, in theory, capital market-based financial instruments can provide a risk transfer mechanism with the ability to absorb the adverse impact of an information security event. Thus, this article addresses the limitations in the cyber-(reinsurance markets with a set of capital market-based financial instruments. This article presents a set of information security derivatives, namely options, vanilla options, swap, and futures that can be traded at an information security prediction market. Furthermore, this article demonstrates the usefulness of information security derivatives in a given scenario and presents an evaluation of the same in comparison with cyber-insurance. In our analysis, we found that the information security derivatives can at least be a partial solution to the problems in the cyber-insurance markets. The information security derivatives can be used as an effective tool for information elicitation and aggregation, cyber risk pricing, risk hedging, and strategic decision making for information security risk management.

  3. Security of electronic medical information and patient privacy: what you need to know.

    Science.gov (United States)

    Andriole, Katherine P

    2014-12-01

    The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients. Copyright © 2014 American College of Radiology. Published by Elsevier Inc. All rights reserved.

  4. Implementing Information Security and Its Technology: A LineManagement Perspective

    Energy Technology Data Exchange (ETDEWEB)

    Barletta, William A.

    2005-08-22

    Assuring the security and privacy of institutionalinformation assets is a complex task for the line manager responsible forinternational and multi-national transactions. In the face of an unsureand often conflicting international legal framework, the line managermust employ all available tools in an Integrated Security and PrivacyManagement framework that ranges from legal obligations, to policy, toprocedure, to cutting edge technology to counter the rapidly evolvingcyber threat to information assets and the physical systems thatinformation systems control.

  5. Risk-informed, performance-based safety-security interface

    International Nuclear Information System (INIS)

    Mrowca, B.; Eltawila, F.

    2012-01-01

    Safety-security interface is a term that is used as part of the commercial nuclear power security framework to promote coordination of the many potentially adverse interactions between plant security and plant safety. Its object is to prevent the compromise of either. It is also used to describe the concept of building security into a plant's design similar to the long standing practices used for safety therefore reducing the complexity of the operational security while maintaining or enhancing overall security. With this in mind, the concept of safety-security interface, when fully implemented, can influence a plant's design, operation and maintenance. It brings the approach use for plant security to one that is similar to that used for safety. Also, as with safety, the application of risk-informed techniques to fully implement and integrate safety and security is important. Just as designers and operators have applied these techniques to enhance and focus safety, these same techniques can be applied to security to not only enhance and focus the security but also to aid in the implementation of effective techniques to address the safety-security interfaces. Implementing this safety-security concept early within the design process can prevent or reduce security vulnerabilities through low cost solutions that often become difficult and expensive to retrofit later in the design and/or post construction period. These security considerations address many of the same issues as safety in ensuring that the response of equipment and plant personnel are adequate. That is, both safety and security are focused on reaching safe shutdown and preventing radiological release. However, the initiation of challenges and the progression of actions in response these challenges and even the definitions of safe shutdown can be considerably different. This paper explores the techniques and limitations that are employed to fully implement a risk-informed, safety-security

  6. Challenges of EU Security on the Example of Cybeterrorism Policy

    Directory of Open Access Journals (Sweden)

    Izabela Oleksiewicz

    2015-06-01

    Full Text Available In addition to traditional threats to information as spying or leaking state secrets and business secrets appeared the new threats, among which the most dangerous is cyberterrorism. Taking into account the problems of cyber-terrorism, includes, in particular, the analysis of legislation aimed at ensuring the security of information systems of individual countries particular, this subject should be also recognized as requiring at the present time the insightful analysis. Therefore, this publication is an attempt of characteristics the determinants of this phenomenon and analysis of the latest legal solutions in the fight against cyber terrorism within the European Union. Moreover, it was made the attempt to find an answer to the question whether the current legal solutions of the European Union in the area of security are an effective tool in the fight against cyberterrorism.

  7. Information Security for Compliance with Select Agent Regulations

    Science.gov (United States)

    Lewis, Nick; Campbell, Mark J.

    2015-01-01

    The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as “select agents.” While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts—still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment. PMID:26042864

  8. Information security for compliance with select agent regulations.

    Science.gov (United States)

    Lewis, Nick; Campbell, Mark J; Baskin, Carole R

    2015-01-01

    The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as "select agents." While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts--still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment.

  9. Information Governance: A Model for Security in Medical Practice

    Directory of Open Access Journals (Sweden)

    Patricia A.H. Williams

    2007-03-01

    Full Text Available Information governance is becoming an important aspect of organisational accountability. In consideration that information is an integral asset of most organisations, the protection of this asset will increasingly rely on organisational capabilities in security.  In the medical arena this information is primarily sensitive patient-based information. Previous research has shown that application of security measures is a low priority for primary care medical practice and that awareness of the risks are seriously underestimated. Consequently, information security governance will be a key issue for medical practice in the future. Information security governance is a relatively new term and there is little existing research into how to meet governance requirements. The limited research that exists describes information security governance frameworks at a strategic level. However, since medical practice is already lagging in the implementation of appropriate security, such definition may not be practical although it is obviously desirable. This paper describes an on-going action research project undertaken in the area of medical information security, and presents a tactical approach model aimed at addressing information security governance and the protection of medical data. 

  10. The Current Mind-Set of Federal Information Security Decision-Makers on the Value of Governance: An Informative Study

    Science.gov (United States)

    Stroup, Jay Walter

    2014-01-01

    Understanding the mind-set or perceptions of organizational leaders and decision-makers is important to ascertaining the trends and priorities in policy and governance of the organization. This study finds that a significant shift in the mind-set of government IT and information security leaders has started and will likely result in placing a…

  11. Information security requirements in patient-centred healthcare support systems.

    Science.gov (United States)

    Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

    2013-01-01

    Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

  12. Integrating Programming Language and Operating System Information Security Mechanisms

    Science.gov (United States)

    2016-08-31

    suggestions for reducing the burden, to the Department of Defense, Executive Service Directorate (0704-0188). Respondents should be aware that...improve the precision of security enforcement, and to provide greater assurance of information security. This grant focuses on two key projects: language...based control of authority; and formal guarantees for the correctness of audit information. 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17

  13. THE MODEL FOR RISK ASSESSMENT ERP-SYSTEMS INFORMATION SECURITY

    Directory of Open Access Journals (Sweden)

    V. S. Oladko

    2016-12-01

    Full Text Available The article deals with the problem assessment of information security risks in the ERP-system. ERP-system functions and architecture are studied. The model malicious impacts on levels of ERP-system architecture are composed. Model-based risk assessment, which is the quantitative and qualitative approach to risk assessment, built on the partial unification 3 methods for studying the risks of information security - security models with full overlapping technique CRAMM and FRAP techniques developed.

  14. Maintaining Information Flow Security under Refinement and Transformation

    OpenAIRE

    Seehusen, Fredrik; Stølen, Ketil

    2006-01-01

    - We address the problem of maintaining information flow security under refinement and transformation. To this end we define a schema for the specification of secure information flow properties and show that all security properties defined in the schema are preserved by a notion of refinement. Refinement is a process that requires human guidance and is in general not subject for automation. A transformation on the other hand, is an executable function mapping specifications to specificatio...

  15. Analisis kebijakan standardisasi keamanan perangkat telekomunikasi untuk menunjang kebijakan pertahanan dan keamanan nasional [Policy analysis on telecommunication devices security standardization to support national security and defence policy

    Directory of Open Access Journals (Sweden)

    Wirianto Pradono

    2015-12-01

    Full Text Available Beberapa tahun terakhir, kejadian yang terkait dengan pembobolan informasi meningkat dengan signifikan dan menyebabkan kerugian yang tidak sedikit baik bagi pemerintah, industri maupun perorangan. Oleh karenanya diperlukan jaminan terhadap keamanan informasi terutama yang menyangkut informasi yang sensitif dan rahasia. Untuk mengatasi hal tersebut, diperlukan kebijakan di bidang standarisasi keamanan perangkat telekomunikasi untuk menjamin validitas dan kerahasiaan informasi yang dilewatkan melalui perangkat tersebut. Pendekatan kualitatif maupun kuantitatif digunakan dalam studi ini untuk memperoleh gambaran tentang kondisi penerapan standar keamanan perangkat baik oleh pemerintah maupun industri telekomunikasi serta mengidentifikasi kendala yang dihadapi dalam menjamin keamanan perangkat telekomunikasi baik untuk kebutuhan umum maupun kebutuhan khusus baik dari aspek teknologi, kelembagaan, maupun regulasi. Hasil penelitian menunjukkan belum ada regulasi yang mengatur standarisasi keamanan perangkat telekomunikasi untuk kebutuhan khusus. Selain itu belum ada penetapan secara eksplisit tentang lembaga yang berwenang dalam pengujian dan sertifikasi keamanan perangkat telekomunikasi terutama untuk kebutuhan khusus. Sejumlah regulasi yang mengatur secara spesifik bidang standarisasi keamanan perangkat telekomunikasi saat ini masih dalam proses penyusunan oleh instansi-instansi terkait.*****In the past years, incidents involving information security breach increase significantly and cause huge damage to industry, government or individual. Due to that, information security needs to be well guaranteed especially when it comes to sensitive and confidential information. One has to be done to cope with that is the availibility of policy on telecommunication devices security standardization to assure validity and confidentiality of all information going through the devices. Both qualitative and quantitative method used in this study to describe

  16. Evolution of Biotechnology and Information Technology and Its Impact on Human Security

    Directory of Open Access Journals (Sweden)

    Elena S. Zinovieva

    2015-01-01

    Full Text Available Abstract: The development of post-industrial society initiates profound economic, technological and cultural change in the way of life of all mankind. The revolutionary breakthroughs in the field of new technologies such as biotechnology and information technology are reflected in all spheres of human activity, directly affecting the human security. The article analyzes the consequences of widespread usage biotechnology and information technology in the foreign policy practice on the basis of the human security theory. The detailed description of the main directions of the use of biometric technology in the foreign policy and consular practices is provided, the challenges and threats to information security associated with biometrics are analyzed, arising from widespread biotechnology are the main challenges and threats to as well as human security threats arising at the present stage of development and application of these technologies. Human security threats associated with the use of biotechnology are placed in the broader context of global trends in scientific and technological development. The recommendations are formulated in the field of foreign policy and international cooperation, which would neutralize new threats to international and personal safety arising at the present stage of development of biotechnology. The authors conclude that in order to ensure ethical regulation of new technologies that address issues of human security, it is necessary to organize multi-stakeholder partnerships at national and international level with the participation of states, representatives of civil society, business and the research community.

  17. Information Security System and Development of a Modern Organization

    OpenAIRE

    Wawak, Slawomir

    2009-01-01

    Information security management systems are increasingly applied in a number of sectors of the new, global, interconnected economy. They are used by production and service companies, businesses that provide information technology and telecom services, state administration authorities and local governments. Specifically, they are used in case of crime groups or as a means of securing illegal transactions.

  18. Security information and event management systems: benefits and inefficiencies

    OpenAIRE

    Κάτσαρης, Δημήτριος Σ.

    2014-01-01

    In this Master’s thesis, the new trend in computer and information security industry called Security Information and Event Management systems will be covered. The evolution, advantages and weaknesses of these systems will be described, as well as a home-based implementation with open source tools will be proposed and implemented.

  19. Modeling of Information Security Strategic Planning Methods and Expert Assessments

    Directory of Open Access Journals (Sweden)

    Alexander Panteleevich Batsula

    2014-09-01

    Full Text Available The article, paper addresses problem of increasing the level of information security. As a result, a method of increasing the level of information security is developed through its modeling of strategic planning SWOT-analysis using expert assessments.

  20. An introduction to information security and ISO27001:2013

    CERN Document Server

    Watkins, Steve

    2013-01-01

    Up to date with the latest version of the Standard (ISO27001:2013), An Introduction to information security and ISO27001:2013 is the perfect solution for anyone wanting an accurate, fast, easy-to-read primer on information security from an acknowledged expert on ISO27001.

  1. An Overview of Economic Approaches to Information Security Management

    NARCIS (Netherlands)

    Su, X.

    The increasing concerns of clients, particularly in online commerce, plus the impact of legislations on information security have compelled companies to put more resources in information security. As a result, senior managers in many organizations are now expressing a much greater interest in

  2. Obstacle of Team Teaching and Collaborative Learning in Information Security

    Directory of Open Access Journals (Sweden)

    Marn-Ling Shing

    2007-10-01

    Full Text Available The field of information security includes diverse contents such as network security and computer forensics which are highly technical-oriented topics. In addition, information forensic requires the background of criminology. The information security also includes non-technical content such as information ethics and security laws. Because the diverse nature of information security, Shing et al. has proposed the use of team teaching and collaborative learning for the information security classes. Although team teaching seems to be efficient in information security, practically it needs a few challenges. The Purdue's case mentioned in Shing's paper has funding support of National Security Agency (NSA. However, a vast amount of resources may not be available for an instructor in a normal university. In addition, many obstacles are related to the administration problems. For example, how are the teaching evaluations computed if there are multiple instructors for a single course? How will instructors in a computer forensics class prepare students (criminal justice majors and information technology majors before taking the same class with diverse background? The paper surveyed approximately 25 students in a university in Virginia concerning the satisfaction of team-teaching. Finally, this paper describes ways to meet those challenges.

  3. 49 CFR 15.5 - Sensitive security information.

    Science.gov (United States)

    2010-10-01

    ... sources and methods used to gather or develop threat information, including threats against cyber..., including threat images and descriptions of threat images for threat image projection systems. (10) Security... 49 Transportation 1 2010-10-01 2010-10-01 false Sensitive security information. 15.5 Section 15.5...

  4. IAEA Nuclear Security Programme: The role of information

    International Nuclear Information System (INIS)

    2010-01-01

    Discusses collecting and collating information on needs integrated in Nuclear Security Support Plans and analyzing data on illicit trafficking and nuclear security incidents. Coordination with donor States and international organizations on Illicit trafficking Database reports and other related information provided by states.

  5. A Framework for the Governance of Information Security

    Science.gov (United States)

    Edwards, Charles K.

    2013-01-01

    Information security is a complex issue, which is very critical for success of modern businesses. It can be implemented with the help of well-tested global standards and best practices. However, it has been studied that the human aspects of information security compliance pose significant challenge to its practitioners. There has been significant…

  6. Process Control Security in the Cybercrime Information Exchange NICC

    NARCIS (Netherlands)

    Luiijf, H.A.M.

    2009-01-01

    Detecting, investigating and prosecuting cybercrime? Extremely important, but not really the solution for the problem. Prevention is better! The sectors that have joined the Cybercrime Information Exchange have accepted the challenge of ensuring the effectiveness of the (information) security of

  7. Improving the United States National Security Strategy: An Informed Public

    National Research Council Canada - National Science Library

    Malackowski, Patrick C

    2005-01-01

    .... This paper discusses the need to have the President build an information and communications strategy that keeps the American public informed and cognizant of the threat to our national security...

  8. An Exponential Increase in Regional Health Information Exchange With Collaborative Policies and Technologies.

    Science.gov (United States)

    Downing, N Lance; Lane, Steven; Eisenberg, Mathew; Sharp, Christopher; Palma, Jonathan; Longhurst, Christopher

    2015-01-01

    In the United States, the ability to securely exchange health information between organization has been limited by technical interoperability, patient identity matching, and variable institutional policies. Here, we examine the regional experience in a national health information exchange network by examining clinical data sharing between eleven Northern California organizations using the same health information exchange (HIE) platform between 2013-2014. We identify key policies and technologies that have led to a dramatic increase in health information exchange.

  9. Information security as a countermeasure against cheating in video games

    OpenAIRE

    Mikkelsen, Kevin Kjelgren

    2017-01-01

    Most cheating in video games is possible due to information being accessible outside the intended frames of the game developer. The issue of protecting sensitive information have been handled in many areas outside of video games for a long time now. The goal of this paper is to review these information security solutions that are in use in more security concerned areas today and to potentially find transferable approaches that can help protect important and sensitive information in video game...

  10. Food security and nutrition in the Russian Federation – a health policy analysis

    Directory of Open Access Journals (Sweden)

    Karsten Lunze

    2015-06-01

    Full Text Available Background: In the Russian Federation (Russia, an elevated burden of premature mortality attributable to non-communicable diseases (NCDs has been observed since the country's economic transition. NCDs are largely related to preventable risk factors such as unhealthy diets. Objective: This health policy study's aim was to analyze past and current food production and nutritional trends in Russia and their policy implications for Russia's NCD burden. Design: We examined food security and nutrition in Russia using an analytical framework of food availability, access to food, and consumption. Results: Agricultural production declined during the period of economic transition, and nutritional habits changed from high-fat animal products to starches. However, per-capita energy consumption remained stable due to increased private expenditures on food and use of private land. Paradoxically, the prevalence of obesity still increased because of an excess consumption of unsaturated fat, sugar, and salt on one side, and insufficient intake of fruit and vegetables on the other. Conclusions: Policy and economic reforms in Russia were not accompanied by a food security crisis or macronutrient deprivation of the population. Yet, unhealthy diets in contemporary Russia contribute to the burden of NCDs and related avoidable mortality. Food and nutrition policies in Russia need to specifically address nutritional shortcomings and food-insecure vulnerable populations. Appropriate, evidence-informed food and nutrition policies might help address Russia's burden of NCDs on a population level.

  11. The Effects of a Social Media Policy on Pharmacy Students’ Facebook Security Settings

    Science.gov (United States)

    Feild, Carinda; James, Kristina

    2011-01-01

    Objective. To examine how students entering a doctor of pharmacy (PharmD) program used Facebook privacy settings before and after the college's social media policy was presented to them. Methods. The Facebook profiles of all entering first-year pharmacy students across 4 campuses of a college of pharmacy were evaluated. Ten dichotomous variables of interest were viewed and recorded for each student's Facebook account at 3 time points: before the start of the semester, after presentation of the college's social media policy, and at the end of the semester. Data on whether a profile could be found and what portions of the profile were viewable also were collected. Results. After introduction of the policy, a significant number of students increased their security settings (made information not visible to the public) related to Facebook walls, information pages, and links. Conclusions. Making pharmacy students aware of a college's social media policy had a positive impact on their behaviors regarding online security and privacy. PMID:22171105

  12. ENERGY IN THE CONTEXT OF THE PRESENT CHALLENGES TO THE EUROPEAN COMMON SECURITY AND DEFENCE POLICY

    Directory of Open Access Journals (Sweden)

    Gabriel ANDRUSEAC

    2014-10-01

    Full Text Available The Common Security and Defence Policy is a part of the European Union’s Common Foreign and Security Policy (CFSP and establishes the policy framework for the institutional structures and military instruments which have to deal with the security challenges in Europe’s geopolitical neighborhood. The article aims to identify and analyze the role of energy as one of the present challenges to the European Common Security and Defence Policy in the context of the recent events in the world economy.

  13. Human Factors and Information Security: Individual, Culture and Security Environment

    Science.gov (United States)

    2010-10-01

    by the other (Slovic, 1986). Without this cooperative process, communication breakdown is common. 20 DSTO-TR-2484 5. Social...simple strategy is to invest in shredders ; sensitive and valuable information can be easily obtained by going through the rubbish bins of an...et al., 2006). Several defences against social engineering can be used to reduce the threat and they include such actions as using shredders to

  14. Qualitative Characterization of the Facebook Information Security Strategies

    Directory of Open Access Journals (Sweden)

    LOPES, S. F.

    2015-12-01

    Full Text Available Hyperconnectivity due to online social networks exposed security issues on data stored in these systems. This article presents an analysis on how online social networks designers have been communicating information security aspects through these systems’ interfaces. This analysis was made using the Semiotic Inspection Method on Facebook since it is largely used in Brazil and all over the world. Results showed that there is major concern with security information properties. Nevertheless it was possible to identify interface problems that could compromise use and understanding of such security properties

  15. 75 FR 38595 - Guidance to States Regarding Driver History Record Information Security, Continuity of Operation...

    Science.gov (United States)

    2010-07-02

    ... identifying information on the MPR at the CDLIS Central Site includes the name, date of birth, social security... responsibilities, and enterprise architecture. From this ISSP, the State should develop specific policies and... that focuses on restoring an organization's essential functions at an alternate site and performing...

  16. Information-Pooling Bias in Collaborative Security Incident Correlation Analysis.

    Science.gov (United States)

    Rajivan, Prashanth; Cooke, Nancy J

    2018-03-01

    Incident correlation is a vital step in the cybersecurity threat detection process. This article presents research on the effect of group-level information-pooling bias on collaborative incident correlation analysis in a synthetic task environment. Past research has shown that uneven information distribution biases people to share information that is known to most team members and prevents them from sharing any unique information available with them. The effect of such biases on security team collaborations are largely unknown. Thirty 3-person teams performed two threat detection missions involving information sharing and correlating security incidents. Incidents were predistributed to each person in the team based on the hidden profile paradigm. Participant teams, randomly assigned to three experimental groups, used different collaboration aids during Mission 2. Communication analysis revealed that participant teams were 3 times more likely to discuss security incidents commonly known to the majority. Unaided team collaboration was inefficient in finding associations between security incidents uniquely available to each member of the team. Visualizations that augment perceptual processing and recognition memory were found to mitigate the bias. The data suggest that (a) security analyst teams, when conducting collaborative correlation analysis, could be inefficient in pooling unique information from their peers; (b) employing off-the-shelf collaboration tools in cybersecurity defense environments is inadequate; and (c) collaborative security visualization tools developed considering the human cognitive limitations of security analysts is necessary. Potential applications of this research include development of team training procedures and collaboration tool development for security analysts.

  17. Structuring the Chief Information Security Officer Organization

    Science.gov (United States)

    2015-09-07

    accordance with security requirements (firewalls, DMZ, network connections, third-party connectivity, remote access, VPNs )5 Configuration...systems 4 PCI: payment card industry; COTS: commercial off-the-shelf 5 DMZ: demilitarized zone; VPN : virtual private network CMU/SEI-2015-TN...requirements (This includes, for example, firewalls, and VPNs .) • Manage configurations for networks, hardware, systems, and mobile devices • Manage

  18. Modeling behavioral considerations related to information security.

    Energy Technology Data Exchange (ETDEWEB)

    Martinez-Moyano, I. J.; Conrad, S. H.; Andersen, D. F. (Decision and Information Sciences); (SNL); (Univ. at Albany)

    2011-01-01

    The authors present experimental and simulation results of an outcome-based learning model for the identification of threats to security systems. This model integrates judgment, decision-making, and learning theories to provide a unified framework for the behavioral study of upcoming threats.

  19. Financial Irresponsibility: Background Information for Security Personnel

    Science.gov (United States)

    1991-09-01

    around the theme of money--either spending it, saving it, or taking risks with it. Compulsive gambling and compulsive shopping are of security...24 Compulsive Shopping ............................................ 24 Relationship of Financial Issues to Other Problem Behaviors...ramifications--compulsive gambling, compulsive shopping , drug or alcohol abuse. Compulsive behavior is a form of emotional disorder in which one loses

  20. Remote monitoring, data sharing, and information security

    International Nuclear Information System (INIS)

    Parise, D.; Dalton, C.; Regula, J.

    2009-01-01

    Full-text: Remote Monitoring (RM) is being used with increased frequency by the IAEA for safeguards in many parts of the world. This is especially true in Japan where there are also agreements for data sharing. The automated nature of RM lends itself to assist in modernizing old cumbersome data sharing techniques. For example, electronic declarations can be received, parsed and checked; then data for that time period and facility can be automatically released. This could save considerable time and effort now spent processing paper declarations and hand copying data. But care must be taken to ensure the parsing, transfers, and connections for these systems are secure. Advanced authentication and encryption techniques are still vital in this process. This paper will describe how to improve security with vulnerability assessments, the use of certificates, avoiding compromising dial-up connections and other methods. A detailed network layout will be presented that will resemble a future RM collaboration with the IAEA and the Japanese. From this network design, key strategic security points will be identified and suggestions will be made to help secure them. (author)

  1. Organizational Characteristics Influencing SME Information Security Maturity

    NARCIS (Netherlands)

    Mijnhardt, F.; Baars, T.; Spruit, M.

    2016-01-01

    In the current business environment, many organizations use popular standards such as the ISO 27000x series, COBIT and related frameworks to protect themselves against security incidents. However, these standards and frameworks are overly complicated for Small to Medium sized Enterprises, leaving

  2. The information systems security officer's guide establishing and managing an information protection program

    CERN Document Server

    Kovacich, Gerald L

    2003-01-01

    Information systems security continues to grow and change based on new technology and Internet usage trends. In order to protect your organization's confidential information, you need information on the latest trends and practical advice from an authority you can trust. The new ISSO Guide is just what you need. Information Systems Security Officer's Guide, Second Edition, from Gerald Kovacich has been updated with the latest information and guidance for information security officers. It includes more information on global changes and threats, managing an international information secur

  3. A Public Policy Advocacy Project to Promote Food Security: Exploring Stakeholders' Experiences.

    Science.gov (United States)

    Atkey, Kayla M; Raine, Kim D; Storey, Kate E; Willows, Noreen D

    2016-09-01

    To achieve food security in Canada, comprehensive approaches are required, which involve action at the public policy level. This qualitative study explored the experiences of 14 stakeholders engaging in a 9-month participatory public policy advocacy project to promote community food security in the province of Alberta through the initiation of a campaign to develop a Universal School Food Strategy. Through this exploration, four main themes were identified; a positive and open space to contribute ideas, diversity and common ground, confidence and capacity, and uncertainty. Findings from this study suggest that the participatory advocacy project provided a positive and open space for stakeholders to contribute ideas, through which the group was able to narrow its focus and establish a goal for advocacy. The project also seems to have contributed to the group's confidence and capacity to engage in advocacy by creating a space for learning and knowledge sharing, though stakeholders expressed uncertainty regarding some aspects of the project. Findings from this study support the use of participatory approaches as a strategy for facilitating engagement in public policy advocacy and provide insight into one group's advocacy experience, which may help to inform community-based researchers and advocates in the development of advocacy initiatives to promote community food security elsewhere. © 2016 Society for Public Health Education.

  4. Research on information security system of waste terminal disposal process

    Science.gov (United States)

    Zhou, Chao; Wang, Ziying; Guo, Jing; Guo, Yajuan; Huang, Wei

    2017-05-01

    Informatization has penetrated the whole process of production and operation of electric power enterprises. It not only improves the level of lean management and quality service, but also faces severe security risks. The internal network terminal is the outermost layer and the most vulnerable node of the inner network boundary. It has the characteristics of wide distribution, long depth and large quantity. The user and operation and maintenance personnel technical level and security awareness is uneven, which led to the internal network terminal is the weakest link in information security. Through the implementation of security of management, technology and physics, we should establish an internal network terminal security protection system, so as to fully protect the internal network terminal information security.

  5. Cyber security awareness toolkit for national security: an approach to South Africa's cyber security policy implementation

    CSIR Research Space (South Africa)

    Phahlamohlaka, LJ

    2011-05-01

    Full Text Available the websites creating this DDoS attack. In addition, malicious code was spread that overwrote the infected PC?s hard drives that could have resulted in massive loss of data and information [11]. North Korea was blamed for a wave of attacks against US... hacking attacks blamed on North Korea and China [16]. The centre, along a cyber police force, is charged with protecting government organisations and economical subjects from hacker attacks. The centre consists of 200 techies, who are tasked to identify...

  6. Securing information display by use of visual cryptography.

    Science.gov (United States)

    Yamamoto, Hirotsugu; Hayasaki, Yoshio; Nishida, Nobuo

    2003-09-01

    We propose a secure display technique based on visual cryptography. The proposed technique ensures the security of visual information. The display employs a decoding mask based on visual cryptography. Without the decoding mask, the displayed information cannot be viewed. The viewing zone is limited by the decoding mask so that only one person can view the information. We have developed a set of encryption codes to maintain the designed viewing zone and have demonstrated a display that provides a limited viewing zone.

  7. Process Control Security in the Cybercrime Information Exchange NICC

    OpenAIRE

    Luiijf, H.A.M.

    2009-01-01

    Detecting, investigating and prosecuting cybercrime? Extremely important, but not really the solution for the problem. Prevention is better! The sectors that have joined the Cybercrime Information Exchange have accepted the challenge of ensuring the effectiveness of the (information) security of process control systems (PCS), including SCADA. This publication makes it clear why it is vital that organizations establish and maintain control over the security of the information and communication...

  8. A multi-dimensional model for information security management

    OpenAIRE

    2011-01-01

    D.Phil. Any organisation is dependent on its information technology resources. The challenges posed by new developments such as the World Wide Web and e-business, require new approaches to address the management and protection of IT resources. Various documents exist containing recommendations for the best practice to follow for information security management. BS7799 is such a code of practice for information security management. The most important problem to be addressed in this thesis i...

  9. Security Information and Event Management Tools and Insider Threat Detection

    Science.gov (United States)

    2013-09-01

    INFORMATION AND EVENT MANAGEMENT TOOLS AND INSIDER THREAT DETECTION by Christopher J. Callahan September 2013 Thesis Advisor: J.D. Fulp Co...1. REPORT DATE SEP 2013 2. REPORT TYPE N/A 3. DATES COVERED - 4. TITLE AND SUBTITLE Security Information And Event Management Tools And...and reduces the overall insider threat to military networks. Security Information and Event Management (SIEM) tools can be used to identify potential

  10. The Department of Defense Information Security Process: A Study of Change Acceptance and Past-Performance-Based Outsourcing

    Science.gov (United States)

    Hackney, Dennis W. G.

    2011-01-01

    Subchapter III of Chapter 35 of Title 44, United States Code, Federal Information Security Management Act of 2002; Department of Defense (DoD) Directive 8500.01E, Information Assurance, October 24, 2002; DoD Directive 8100.1, Global Information Grid Overarching Policy, September 19, 2002; and DoD Instruction 8500.2, Information Assurance…

  11. 10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

    Science.gov (United States)

    2010-01-01

    ... information for parties; security clearances. 2.905 Section 2.905 Energy NUCLEAR REGULATORY COMMISSION RULES... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

  12. RISK MANAGEMENT FROM THE INFORMATION SECURITY PERSPECTIVE

    Directory of Open Access Journals (Sweden)

    Riza Ionuț

    2017-11-01

    Full Text Available Risk management has emerged ever since the appearance of human communities and it has developed at a slow rate. Over time, a significant improvement was made, from accepting hazards to the identification, evaluation and control of unwanted events, threat prevention and exploitation of opportunities through scientific risk management actions. The fundamental role of research in cyber security is to concentrate the efforts on those contexts and conditions which determine the way in which key players reach a common understanding of the way to conceive and eventually answer to certain challenges in cyber security. In order to build a clear perception of these effects, this work presents the main elements which define cyber space, to come to the aid of turning the management process into an efficient one, especially when talking about cyber space as a space for conflicts, both economic and political.

  13. Impact of information security incidents – theory and reality

    Directory of Open Access Journals (Sweden)

    Jan Drtil

    2013-01-01

    Full Text Available Information security (understood mainly as confidentiality, availability and integrity plays more and more important role in every day usage of IT. The aim of this article is describe these characteristics from their theoretical as well as practical part and illustrate, what can happen in case any of them is affected. However, as IT environments still grow and are getting more and more complex, avoidance of information security incidents requires cooperation not only in technological area, but also across strategic, process, and organizational area. Due to growing level of tighter organizations, this is going to be one of the biggest challenges of information security for coming years.

  14. Information security : an investigation into password habits

    OpenAIRE

    Richardson, Darren

    2015-01-01

    This thesis considers password security guidelines used in current environments and stipulates that password requirements force users to create and use passwords which are easy for computers to guess but hard for humans to remember. The thesis begins by exploring a number of the most prevalent methods of illicitly obtaining passwords in an attempt to design an experimental method to test the notion of weak password distribution. Password cracking techniques are discussed, as well as less ...

  15. The Impact of Information Richness on Information Security Awareness Training Effectiveness

    Science.gov (United States)

    Shaw, R. S.; Chen, Charlie C.; Harris, Albert L.; Huang, Hui-Jou

    2009-01-01

    In recent years, rapid progress in the use of the internet has resulted in huge losses in many organizations due to lax security. As a result, information security awareness is becoming an important issue to anyone using the Internet. To reduce losses, organizations have made information security awareness a top priority. The three main barriers…

  16. A model-driven approach to information security compliance

    Science.gov (United States)

    Correia, Anacleto; Gonçalves, António; Teodoro, M. Filomena

    2017-06-01

    The availability, integrity and confidentiality of information are fundamental to the long-term survival of any organization. Information security is a complex issue that must be holistically approached, combining assets that support corporate systems, in an extended network of business partners, vendors, customers and other stakeholders. This paper addresses the conception and implementation of information security systems, conform the ISO/IEC 27000 set of standards, using the model-driven approach. The process begins with the conception of a domain level model (computation independent model) based on information security vocabulary present in the ISO/IEC 27001 standard. Based on this model, after embedding in the model mandatory rules for attaining ISO/IEC 27001 conformance, a platform independent model is derived. Finally, a platform specific model serves the base for testing the compliance of information security systems with the ISO/IEC 27000 set of standards.

  17. The electronic security partnership of safety/security and information systems departments.

    Science.gov (United States)

    Yow, J Art

    2012-01-01

    The ever-changing world of security electronics is reviewed in this article. The author focuses on its usage in a hospital setting and the need for safety/security and information systems departments to work together to protect and get full value from IP systems.

  18. An Examination of Issues Surrounding Information Security in California Colleges

    Science.gov (United States)

    Butler, Robert D.

    2013-01-01

    Technological advances have provided increasing opportunities in higher education for delivering instruction and other services. However, exposure to information security attacks has been increasing as more organizations conduct their businesses online. Higher education institutions have one of the highest frequencies of security breaches as…

  19. Information Security Issues in Higher Education and Institutional Research

    Science.gov (United States)

    Custer, William L.

    2010-01-01

    Information security threats to educational institutions and their data assets have worsened significantly over the past few years. The rich data stores of institutional research are especially vulnerable, and threats from security breaches represent no small risk. New genres of threat require new kinds of controls if the institution is to prevent…

  20. An Innovative Community College Program and Partnership in Information Security.

    Science.gov (United States)

    Howard, Barbara C; Morneau, Keith A.

    This report describes an innovative network security program initiated by Northern Virginia Community College and funded with a grant from the Northern Virginia Regional Partnership. The program educates and trains students in the instillation, configuration, and troubleshooting of the hardware and software infrastructure of information security.…

  1. Information Security - A Growing Challenge for Online Business

    Directory of Open Access Journals (Sweden)

    Gabriela GHEORGHE

    2017-06-01

    Full Text Available In present, the cyber attack move to a global scale, also the online business cyber threats have the effect of impeding and even huge losses. Security issues currently facing online commerce, online payment systems require finding solutions to improve the security solutions offered by the providers of Business Information solution.

  2. Information Security - A Growing Challenge for Online Business

    OpenAIRE

    Gabriela GHEORGHE; Ioana LUPASC

    2017-01-01

    In present, the cyber attack move to a global scale, also the online business cyber threats have the effect of impeding and even huge losses. Security issues currently facing online commerce, online payment systems require finding solutions to improve the security solutions offered by the providers of Business Information solution.

  3. 78 FR 7784 - Health Information Technology Policy Committee Nomination Letters

    Science.gov (United States)

    2013-02-04

    ... GOVERNMENT ACCOUNTABILITY OFFICE Health Information Technology Policy Committee Nomination Letters.... SUMMARY: The American Recovery and Reinvestment Act of 2009 (ARRA) established the Health Information Technology Policy Committee (Health IT Policy Committee) and gave the Comptroller General responsibility for...

  4. Parliamentary control of security information agency in terms of security culture: State and problems

    Directory of Open Access Journals (Sweden)

    Radivojević Nenad

    2013-01-01

    Full Text Available Even though security services have the same function as before, today they have different tasks and significantly more work than before. Modern security problems of the late 20th and early 21st century require states to reorganize their security services, adapting them to the new changes. The reorganization involves, among other things, giving wider powers of the security services, in order to effectively counter the growing and sophisticated security threats, which may also lead to violations of human rights and freedoms. It is therefore necessary to define the right competence, organization, authority and control of these services. In democratic countries, there are several institutions with different levels of control of security services. Parliament is certainly one of the most important institutions in that control, both in the world and in our country. Powers, finance, the use of special measures and the nature and scope of work of the Security Information Agency are certainly object of the control of the National Assembly. What seems to be the problem is achieving a balance between the need for control of security services and security services to have effective methods for combating modern security problems. This paper presents the legal framework related to the National Assembly control of the Security Intelligence Agency, as well as the practical problems associated with this type of control. We analyzed the role of security culture as one of the factors of that control. In this regard, it provides guidance for the practical work of the members of parliament who control the Security Intelligence Agency, noting in particular the importance of and the need for continuous improvement of security culture representatives.

  5. Report: Information Security Series: Security Practices Comprehensive Environmental Response, Compensation, and Liability Information System

    Science.gov (United States)

    Report #2006-P-00019, March 28, 2006. OSWER’s implemented practices to ensure production servers were being monitored for known vulnerabilities and personnel with significant security responsibility completed the Agency’s recommended security training.

  6. private military and security companies: ethics, policies and civil ...

    African Journals Online (AJOL)

    hennie

    International, regional and national security, as well as the security of the individual is increasingly entwined in services provided by private military and security contractors. The editors accordingly acknowledge that “… [the] astonishing growth of private and security companies (PMSCs) is clearly one of the most noteworthy.

  7. Security Policy Configuration Analysis for Web Services on Heterogeneous Platforms

    Science.gov (United States)

    Hongbin, Ji; Fengyu, Zhao; Tao, Xu

    With the rapid development of web services, message security of web services between heterogeneous platforms is increasingly prominent. As two popular web services platforms, Apache Axis2 and Microsoft .Net, have their own security module respectively (Rampart, WSE). Due to differences in platform security mechanisms, it is difficult to build a secure web services communications between different platforms. This paper firstly introduces the Apache Axis2 and. Net platforms, and then analyzes their differences of security mechanism on these two platforms. Finally, followed by a typical secure case, a series of steps are designed and tested in order to realize secure web service invocation on heterogeneous platforms.

  8. Agents Based e-Commerce and Securing Exchanged Information

    Science.gov (United States)

    Al-Jaljouli, Raja; Abawajy, Jemal

    Mobile agents have been implemented in e-Commerce to search and filter information of interest from electronic markets. When the information is very sensitive and critical, it is important to develop a novel security protocol that can efficiently protect the information from malicious tampering as well as unauthorized disclosure or at least detect any malicious act of intruders. In this chapter, we describe robust security techniques that ensure a sound security of information gathered throughout agent’s itinerary against various security attacks, as well as truncation attacks. A sound security protocol is described, which implements the various security techniques that would jointly prevent or at least detect any malicious act of intruders. We reason about the soundness of the protocol usingSymbolic Trace Analyzer (STA), a formal verification tool that is based on symbolic techniques. We analyze the protocol in key configurations and show that it is free of flaws. We also show that the protocol fulfils the various security requirements of exchanged information in MAS, including data-integrity, data-confidentiality, data-authenticity, origin confidentiality and data non-repudiability.

  9. Information security management: a proposal to improve the effectiveness of information security in the scientific research environment

    International Nuclear Information System (INIS)

    Alexandria, Joao Carlos Soares de

    2009-01-01

    The increase of the connectivity in the business environment, combined with the growing dependency of information systems, has become the information security management an important governance tool. Information security has as main goal to protect the business transactions in order to work normally. In this way, It will be safeguarding the business continuity. The threats of information come from hackers' attacks, electronic frauds and spying, as well as fire, electrical energy interruption and humans fault. Information security is made by implementation of a set of controls, including of the others politics, processes, procedures, organizational structures, software and hardware, which require a continuous management and a well established structure to be able to face such challenges. This work tried to search the reasons why the organizations have difficulties to make a practice of information security management. Many of them just limit to adopt points measures, sometimes they are not consistent with their realities. The market counts on enough quantity of standards and regulations related to information security issues, for example, ISO/IEC 27002, American Sarbanes-Oxley act, Basel capital accord, regulations from regulatory agency (such as the Brazilians ones ANATEL, ANVISA and CVM). The market researches have showed that the information security implementation is concentrated on a well-defined group of organization mainly formed by large companies and from specifics sectors of economy, for example, financial and telecommunication. However, information security must be done by all organizations that use information systems to carry out their activities, independently of its size or economic area that it belongs. The situation of information security in the governmental sector of Brazil, and inside its research institutions, is considered worrying by the Brazilian Court of Accounts (TCU). This research work presents an assessment and diagnostic proposal of

  10. Labelling : Security in Information Management and Sharing

    NARCIS (Netherlands)

    Schotanus, H.A.; Hartog, T.; Hut, D.H.; Boonstra, D.

    2011-01-01

    Military communication infrastructures are often deployed as stand-alone information systems operating at the System High mode. Network-Enabled Capabilities (NEC) and combined military operations lead to new requirements for information management and sharing which current communication

  11. Secure information management using linguistic threshold approach

    CERN Document Server

    Ogiela, Marek R

    2013-01-01

    This book details linguistic threshold schemes for information sharing. It examines the opportunities of using these techniques to create new models of managing strategic information shared within a commercial organisation or a state institution.

  12. Information security governance: business requirements and research directions

    CSIR Research Space (South Africa)

    Höne, K

    2009-01-01

    Full Text Available minimum effort is being spent on the topics deemed important by the business community. Information Security Governance in general can benefit from an improved alignment between the needs of business and the outputs of the research community....

  13. Information Security Management - Part Of The Integrated Management System

    Science.gov (United States)

    Manea, Constantin Adrian

    2015-07-01

    The international management standards allow their integrated approach, thereby combining aspects of particular importance to the activity of any organization, from the quality management systems or the environmental management of the information security systems or the business continuity management systems. Although there is no national or international regulation, nor a defined standard for the Integrated Management System, the need to implement an integrated system occurs within the organization, which feels the opportunity to integrate the management components into a cohesive system, in agreement with the purpose and mission publicly stated. The issues relating to information security in the organization, from the perspective of the management system, raise serious questions to any organization in the current context of electronic information, reason for which we consider not only appropriate but necessary to promote and implement an Integrated Management System Quality - Environment - Health and Operational Security - Information Security

  14. Smart cards--a security tool for health information systems.

    Science.gov (United States)

    Klein, G O

    1994-02-01

    Expanding use of information technology in health care, both within and between the institutions, leads to additional security demands. The role is discussed that can be played by smart cards for healthcare professionals.

  15. Fair Information Principles of Brazilian Companies online privacy policies

    Directory of Open Access Journals (Sweden)

    Patricia Zeni Marchiori

    2016-05-01

    Full Text Available This research aims to present the Fair Information Principles in the privacy policies of the websites of major Brazilian companies (according to the 2014 Forbes Magazine list. The check and analysis were supported by a checklist compiled from documents issued by the Federal Trade Commission and the Organization for Economic Co-operation and development. The study selected fourteen companies from a universe of twenty-five, considering the immediacy criterion of access to the privacy policy on their websites. The security (safeguards principle is the most widespread foundation at the privacy policies of the companies selected (existing in eight of the fourteen analyzed policies; and the principle of responsibility receives less adhesion due to the fact that it is not covered in any of the examined online privacy policies. The Sabesp Company presents the most complete privacy policy, considering the compliance with the Fair Information Principles when compared to the others perused, while WEG does not present any of the principles identified in the documental survey. As for e-commerce, the number of companies that assume some of the Principles is further reduced. For the selected universe the adherence to the Fair information Principles is still incipient, althought its use is not mandatory. An open discussion of the proposed Brazilian law about personal data protection should play an important role in creating further guidance on the subject. Additional studies in this subject should involve the perception of users, as well as a cutout of companies which target e-commerce, considering that an effective alignment with these principles and other guidelines are required in order to protect the user’s privacy and personal data in the web environment.

  16. Establishing an Information Security System related to Physical Protection

    International Nuclear Information System (INIS)

    Jang, Sung Soon; Yoo, Ho Sik

    2009-01-01

    A physical protection system (PPS) integrates people, procedures and equipment for the protection of assets or facilities against theft, sabotage or other malevolent attacks. In the physical protection field, it is important the maintain confidentiality of PPS related information, such as the alarm system layout, detailed maps of buildings, and guard schedules. In this abstract, we suggest establishing a methodology for an information security system. The first step in this methodology is to determine the information to protect and possible adversaries. Next, system designers should draw all possible paths to the information and arrange appropriate protection elements. Finally he/she should analyze and upgrade their information security system

  17. A DOCTORAL PROGRAM WITH SPECIALIZATION IN INFORMATION SECURITY A High Assurance Constructive Security Approach

    OpenAIRE

    Irvine, Cynthia E.; Levin, Timothy E.

    2003-01-01

    A doctoral program in computer science with a specialization in information security is described. The focus of the program is constructive security. Key elements of the program are the strong computer science core upon which it builds, coursework on the theory and principles of information assurance, and a unifying research project. The doctoral candidate is a member of the project team, whose research contributes to the goals of the project and to fundamental advancements in high assurance ...

  18. Designing, Capturing and Validating History-Sensitive Security Policies for Distributed Systems

    DEFF Research Database (Denmark)

    Hernandez, Alejandro Mario; Nielson, Flemming; Nielson, Hanne Riis

    2011-01-01

    We consider the use of Aspect-oriented techniques as a flexible way to deal with security policies in distributed systems. We follow the approach of attaching security policies to the relevant locations that must be governed by them, and then combining them at runtime according to the interactions...... policies in a distributed system, either with or without exploring the entire state space....... has the capability of combining both history-sensitive and future-sensitive policies, providing even more flexibility and power. Moreover, we propose a global Logic for reasoning about the systems designed with this language. We show how the Logic can be used to validate the combination of security...

  19. Energy security, public policy, and the role of the DOE Office of Energy Emergencies

    International Nuclear Information System (INIS)

    Bjornstad, D.J.; Curlee, T.R.; Bohi, D.R.

    1991-11-01

    This paper addresses the concept of energy security, the costs and benefits of energy security, and policies which could potentially alter these costs and benefits. These issues are considered from the perspective of the DOE's Office of Energy Emergencies, with the goal of determining if alternative or additional roles should be open to this Office. The approach taken is limited to the economic costs and benefits of energy security, reflecting our view that the bulk of important energy security issues can at least be approached from this perspective. An energy emergency results from a sudden change in the quantity, market price, and/or social value of energy, in combination with a domestic and/or world wide energy system that cannot rapidly adjust to that change. We do not believe that mitigating the impacts of such events is always necessary, nor that it is uniquely a governmental responsibility. In fact, the first recourse in emergency preparedness should always be to the private sector. Government should deal with three different aspects of emergency energy activities. First, it should condition the decision making environment by seeing that adequate information about energy conditions is available and that its own policy position is clear. Next, it should evaluate the preparedness measures undertaken by the private sector. Finally, if it finds private sector preparation to be inadequate, government has a variety of direct and indirect means with which to intervene. One direct measure currently used is the buildup and drawdown of the strategic petroleum reserve (SPR). Others include contingency plans to override market allocations during wartime, as might be developed under the graduated mobilization response (GMR). Indirect means include a variety of tax and transfer schemes that alter existing private sector incentives to prepare. Well conceived monetary and fiscal policies complete the tools. 1 fig., 1 tab

  20. Three Essays on Information Technology Security Management in Organizations

    Science.gov (United States)

    Gupta, Manish

    2011-01-01

    Increasing complexity and sophistication of ever evolving information technologies has spurred unique and unprecedented challenges for organizations to protect their information assets. Companies suffer significant financial and reputational damage due to ineffective information technology security management, which has extensively been shown to…

  1. Information Security Management Practices of K-12 School Districts

    Science.gov (United States)

    Nyachwaya, Samson

    2013-01-01

    The research problem addressed in this quantitative correlational study was the inadequacy of sound information security management (ISM) practices in K-12 school districts, despite their increasing ownership of information assets. Researchers have linked organizational and sociotechnical factors to the implementation of information security…

  2. Surviving security how to integrate people, process, and technology

    CERN Document Server

    Andress, Amanda

    2003-01-01

    WHY DO I NEED SECURITY? Introduction The Importance of an Effective Security Infrastructure People, Process, and Technology What Are You Protecting Against? Types of Attacks Types of Attackers Security as a Competitive Advantage Choosing a Solution Finding Security Employees The Layered Approach UNDERSTANDING REQUIREMENTS AND RISK What Is Risk? Embracing Risk Information Security Risk Assessment Assessing Risk Insurance SECURITY POLICIES AND PROCEDURES Internal Focus Is Key Security Awareness and Education Policy Life Cycle Developing Policies Components of a Security Policy Sample Security Po

  3. Report: Fiscal Year 2015 Federal Information Security Modernization Act Report: Status of CSB’s Information Security Program

    Science.gov (United States)

    Report #16-P-0086, January 27, 2016. The effectiveness of the CSB’s information security program is challenged by its lack of personal identity verification cards for logical access, complete system inventory.

  4. 78 FR 24749 - Health Information Technology Policy Committee Appointment

    Science.gov (United States)

    2013-04-26

    ... GOVERNMENT ACCOUNTABILITY OFFICE Health Information Technology Policy Committee Appointment AGENCY... Recovery and Reinvestment Act of 2009 (ARRA) established the Health Information Technology Policy Committee to make recommendations on the implementation of a nationwide health information technology...

  5. 78 FR 42945 - Health Information Technology Policy Committee Vacancy

    Science.gov (United States)

    2013-07-18

    ... GOVERNMENT ACCOUNTABILITY OFFICE Health Information Technology Policy Committee Vacancy AGENCY... American Recovery and Reinvestment Act of 2009 (ARRA) established the Health Information Technology Policy... its 20 members. ARRA requires that one member have expertise in health information privacy and...

  6. Explore Awareness of Information Security: Insights from Cognitive Neuromechanism

    Directory of Open Access Journals (Sweden)

    Dongmei Han

    2015-01-01

    Full Text Available With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people’s awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people’s awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people’s cognition of potential risks in online financial payment.

  7. Explore Awareness of Information Security: Insights from Cognitive Neuromechanism.

    Science.gov (United States)

    Han, Dongmei; Dai, Yonghui; Han, Tianlin; Dai, Xingyun

    2015-01-01

    With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment.

  8. 78 FR 72063 - Open Meeting of the Information Security and Privacy Advisory Board

    Science.gov (United States)

    2013-12-02

    ... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet... NIST on information security and privacy issues pertaining to federal computer systems. Details...

  9. Protection and security of data base information

    Directory of Open Access Journals (Sweden)

    Mariuţa ŞERBAN

    2011-06-01

    Full Text Available Data bases are one of the most important components in every large informatics system which stores and processes data and information. Because data bases contain all of the valuable information about a company, its clients, its financial activity, they represent one of the key elements in the structure of an organization, which determines imperatives such as confidentiality, integrity and ease of data access. The current paper discuses the integrity of data bases and it refers to the validity and the coherence of stored data. Usually, integrity is defined in connection with terms of constraint, that are rules regarding coherence which the data base cannot infringe. Data base that integrity refers to information correctness and assumes to detect, correct and prevent errors that might have an effect on the data comprised by the data bases.

  10. VIRTUAL REALITY: U.S. INFORMATION SECURITY THREATS CONCEPT AND ITS INTERNATIONAL DIMENSION

    Directory of Open Access Journals (Sweden)

    Elena Vladimirovna Batueva

    2014-01-01

    Full Text Available The development of ICT and the formation of the global information space changed the agenda of national and international security. Such key characteristics of cyberspace as openness, accessibility, anonymity, and identification complexity determined the rise of actors in cyber space and increased the level of cyber threats. Based on the analyses of the U.S. agencies' approach, the author defines three major groups of threats: use of ICT by states, criminals and terrorists. This concept is shared by the majority of the countries involved in the international dialogue on information security issues and is fundamental for providing cyber security policy on both national and international levels. The United States is developing a complex strategy for cyber space that includes maximization of ICT's advantages in all strategically important fields as well as improvement of national information systems and networks security. On the international level the main task for the American diplomacy is to guarantee the U.S. information dominance. The United States is the only country that takes part practically in all international and regional fora dealing with cyber security issues. However process of the development of a global cyber security regime is not going to be fast due to countries' different approaches to key definitions and lack of joint understanding of cyber security issues as well as due to the position of the countries, among all the United States, that are not interested in any new obligatory international norms and principles. Such American policy aims at saving the possibility of using cyberspace capacity in reaching political and military goals, thus keeping the global leadership.

  11. Virtual Reality: U.S. Information Security Threats Concept And Its International Dimension

    Directory of Open Access Journals (Sweden)

    Elena Vladimirovna Batueva

    2014-01-01

    Full Text Available The development of ICT and the formation of the global information space changed the agenda of national and international security. Such key characteristics of cyberspace as openness, accessibility, anonymity, and identification complexity determined the rise of actors in cyber space and increased the level of cyber threats. Based on the analyses of the U.S. agencies' approach, the author defines three major groups of threats: use of ICT by states, criminals and terrorists. This concept is shared by the majority of the countries involved in the international dialogue on information security issues and is fundamental for providing cyber security policy on both national and international levels. The United States is developing a complex strategy for cyber space that includes maximization of ICT's advantages in all strategically important fields as well as improvement of national information systems and networks security. On the international level the main task for the American diplomacy is to guarantee the U.S. information dominance. The United States is the only country that takes part practically in all international and regional fora dealing with cyber security issues. However process of the development of a global cyber security regime is not going to be fast due to countries' different approaches to key definitions and lack of joint understanding of cyber security issues as well as due to the position of the countries, among all the United States, that are not interested in any new obligatory international norms and principles. Such American policy aims at saving the possibility of using cyberspace capacity in reaching political and military goals, thus keeping the global leadership.

  12. How to implement security controls for an information security program at CBRN facilities

    International Nuclear Information System (INIS)

    Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

    2015-01-01

    This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

  13. How to implement security controls for an information security program at CBRN facilities

    Energy Technology Data Exchange (ETDEWEB)

    Lenaeus, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)

    2015-12-01

    This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

  14. Strategic approach to information security and assurance in health research.

    Science.gov (United States)

    Akazawa, Shunichi; Igarashi, Manabu; Sawa, Hirofumi; Tamashiro, Hiko

    2005-09-01

    Information security and assurance are an increasingly critical issue in health research. Whether health research be in genetics, new drugs, disease outbreaks, biochemistry, or effects of radiation, it deals with information that is highly sensitive and which could be targeted by rogue individuals or groups, corporations, national intelligence agencies, or terrorists, looking for financial, social, or political gains. The advents of the Internet and advances in recent information technologies have also dramatically increased opportunities for attackers to exploit sensitive and valuable information.Government agencies have deployed legislative measures to protect the privacy of health information and developed information security guidelines for epidemiological studies. However, risks are grossly underestimated and little effort has been made to strategically and comprehensively protect health research information by institutions, governments and international communities.There is a need to enforce a set of proactive measures to protect health research information locally and globally. Such measures should be deployed at all levels but will be successful only if research communities collaborate actively, governments enforce appropriate legislative measures at national level, and the international community develops quality standards, concluding treaties if necessary, at the global level.Proactive measures for the best information security and assurance would be achieved through rigorous management process with a cycle of "plan, do, check, and act". Each health research entity, such as hospitals, universities, institutions, or laboratories, should implement this cycle and establish an authoritative security and assurance organization, program and plan coordinated by a designatedChief Security Officer who will ensure implementation of the above process, putting appropriate security controls in place, with key focus areas such aspolicies and best practices, enforcement

  15. Information security in SCADA systems in nuclear power plants

    International Nuclear Information System (INIS)

    Satyamurty, S.A.V.

    2013-01-01

    Few decades back most of the I and C systems are Hardwired based. With the developments in digital electronics, micro processors and micro controllers, the I and C systems are becoming more and more Computer based. Though it brought convenience to the designer, comfort to the operator in the form of better GUI, it also brought many challenges in the form of information security. The talk covers the typical I and C design using SCADA systems, the challenges, typical problems faced and the need for information security. The talk illustrates various security measures to be implemented in the design, development and testing stages. These security measures have to be taken both in the development environment and deployment environment. Verification and validation of computer based system is very important. Configuration change management is very essential for smooth running of the plant. The talk illustrates the various measures need to be taken. (author)

  16. Do You Ignore Information Security in Your Journal Website?

    Science.gov (United States)

    Dadkhah, Mehdi; Borchardt, Glenn; Lagzian, Mohammad

    2017-08-01

    Nowadays, web-based applications extend to all businesses due to their advantages and easy usability. The most important issue in web-based applications is security. Due to their advantages, most academic journals are now using these applications, with papers being submitted and published through their websites. As these websites are resources for knowledge, information security is primary for maintaining their integrity. In this opinion piece, we point out vulnerabilities in certain websites and introduce the potential for future threats. We intend to present how some journals are vulnerable and what will happen if a journal can be infected by attackers. This opinion is not a technical manual in information security, it is a short inspection that we did to improve the security of academic journals.

  17. 75 FR 707 - Classified National Security Information

    Science.gov (United States)

    2010-01-05

    ... within the Government and to the American people. Nevertheless, throughout our history, the national... the omission of other required markings. Whenever such information is used in the derivative.... PART 2--DERIVATIVE CLASSIFICATION Sec. 2.1. Use of Derivative Classification. (a) Persons who reproduce...

  18. Building Global Competitiveness through Information Security ...

    African Journals Online (AJOL)

    If you would like more information about how to print, save, and work with PDFs, Highwire Press provides a helpful Frequently Asked Questions about PDFs. Alternatively, you can download the PDF file directly to your computer, from where it can be opened using a PDF reader. To download the PDF, click the Download link ...

  19. Promoting Economic Security through Information Technology ...

    African Journals Online (AJOL)

    If you would like more information about how to print, save, and work with PDFs, Highwire Press provides a helpful Frequently Asked Questions about PDFs. Alternatively, you can download the PDF file directly to your computer, from where it can be opened using a PDF reader. To download the PDF, click the Download link ...

  20. Policy Feedback System (PFS)

    Data.gov (United States)

    Social Security Administration — The Policy Feedback System (PFS) is a web application developed by the Office of Disability Policy Management Information (ODPMI) team that gathers empirical data...