WorldWideScience

Sample records for reducing security risks

  1. Security 2020 Reduce Security Risks This Decade

    CERN Document Server

    Howard, Doug; Schneier, Bruce

    2010-01-01

    Identify real security risks and skip the hype After years of focusing on IT security, we find that hackers are as active and effective as ever. This book gives application developers, networking and security professionals, those that create standards, and CIOs a straightforward look at the reality of today's IT security and a sobering forecast of what to expect in the next decade. It debunks the media hype and unnecessary concerns while focusing on the knowledge you need to combat and prioritize the actual risks of today and beyond.IT security needs are constantly evolving; this guide examine

  2. NPP physical protection and information security as necessary conditions for reducing nuclear and radiation accident risks

    International Nuclear Information System (INIS)

    Pogosov, O.Yu.; Derevyanko, O.V.

    2017-01-01

    The paper focuses on the fact that nuclear failures and incidents can lead to radioactive contamination of NPP premises. Nuclear and radiation hazard may be caused by malefactors in technological processes when applying computers or inadequate control in case of insufficient level of information security.The researchers performed analysis of factors for reducing risks of nuclear and radiation accidents at NPPs considering specific conditions related to information security of NPP physical protection systems. The paper considers connection of heterogeneous factors that may increase the risk of NPP accidents, possibilities and ways to improve adequate modelling of security of information with limited access directly related to the functioning of automated set of engineering and technical means for NPP physical protection. Within the overall Hutchinson formalization, it is proposed to include additional functional dependencies on indicators specific for NPPs into analysis algorithms.

  3. Audit Teknologiinformasiatas Physical Security Control Dan Logical Security Control Serta Penentuan Kondisi Security Risk Studi Kasus: PT Talc Indonesia

    OpenAIRE

    Inggrid; Arfianti, Rizka I; Utami, Viany

    2009-01-01

    Abstract The fast growth of technology has an impact to the accounting field. This relates to the term of information technology (17) auditing. One of the risI6 of using information technology in business which can be fatal enough i fignored is security risk Security risk can be reduced by security controls which include physical security control and logical security contra Information technology auditing is the process of collecting and evaluating evidence to determine whether or not a co...

  4. Regional cooperation to reduce the safety and security risks of Orphan radioactive sources

    International Nuclear Information System (INIS)

    Howard, Geoffrey; Hacker, Celia; Murray, Allan; Romallosa, Kristine; Caseria, Estrella; Africa del Castillo, Lorena

    2008-01-01

    ANSTO's Regional Security of Radioactive Sources (RSRS) Project, in cooperation with the Philippine Nuclear Research Institute (PNRI), has initiated a program to reduce the safety and security risks of orphan radioactive sources in the Philippines. Collaborative work commenced in February 2006 during the Regional Orphan Source Search and Methods Workshop, co-hosted by ANSTO and the US National Nuclear Security Administration. Further professional development activities have occurred following requests by PNRI to ANSTO to support improvements in PNRI's capability and training programs to use a range of radiation survey equipment and on the planning and methods for conducting orphan source searches. The activities, methods and outcomes of the PNRI-ANSTO cooperative program are described, including: i.) Delivering a training workshop which incorporates use of source search and nuclide identification equipment and search methodology; and train-the-trainer techniques for effective development and delivery of custom designed training in the Philippines; ii.) Support and peer review of course work on Orphan Source Search Equipment and Methodology developed by PNRI Fellows; iii.) Supporting the delivery of the inaugural National Training Workshop on Orphan Source Search hosted by PNRI in the Philippines; iv.) Partnering in searching for orphan sources in Luzon, Philippines, in May 2007. The methods employed during these international cooperation activities are establishing a new model of regional engagement that emphasises sustainability of outcomes for safety and security of radioactive sources. (author)

  5. TWO-LAYER SECURE PREVENTION MECHANISM FOR REDUCING E-COMMERCE SECURITY RISKS

    OpenAIRE

    Sen-Tarng Lai

    2015-01-01

    E-commerce is an important information system in the network and digital age. However, the network intrusion, malicious users, virus attack and system security vulnerabilities have continued to threaten the operation of the e-commerce, making e-commerce security encounter serious test. How to improve ecommerce security has become a topic worthy of further exploration. Combining routine security test and security event detection procedures, this paper proposes the Two-Layer Secure ...

  6. Risk-informed, performance-based safety-security interface

    International Nuclear Information System (INIS)

    Mrowca, B.; Eltawila, F.

    2012-01-01

    Safety-security interface is a term that is used as part of the commercial nuclear power security framework to promote coordination of the many potentially adverse interactions between plant security and plant safety. Its object is to prevent the compromise of either. It is also used to describe the concept of building security into a plant's design similar to the long standing practices used for safety therefore reducing the complexity of the operational security while maintaining or enhancing overall security. With this in mind, the concept of safety-security interface, when fully implemented, can influence a plant's design, operation and maintenance. It brings the approach use for plant security to one that is similar to that used for safety. Also, as with safety, the application of risk-informed techniques to fully implement and integrate safety and security is important. Just as designers and operators have applied these techniques to enhance and focus safety, these same techniques can be applied to security to not only enhance and focus the security but also to aid in the implementation of effective techniques to address the safety-security interfaces. Implementing this safety-security concept early within the design process can prevent or reduce security vulnerabilities through low cost solutions that often become difficult and expensive to retrofit later in the design and/or post construction period. These security considerations address many of the same issues as safety in ensuring that the response of equipment and plant personnel are adequate. That is, both safety and security are focused on reaching safe shutdown and preventing radiological release. However, the initiation of challenges and the progression of actions in response these challenges and even the definitions of safe shutdown can be considerably different. This paper explores the techniques and limitations that are employed to fully implement a risk-informed, safety-security interface

  7. Securing Land Tenure, Improving Food Security and Reducing ...

    International Development Research Centre (IDRC) Digital Library (Canada)

    Securing Land Tenure, Improving Food Security and Reducing Poverty in Rural ... land tenure regimes as obstacles to food security, economic integration and ... its 2017 call for proposals to establish Cyber Policy Centres in the Global South.

  8. Information risk and security modeling

    Science.gov (United States)

    Zivic, Predrag

    2005-03-01

    This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

  9. Reducing Risky Security Behaviours: Utilising Affective Feedback to Educate Users

    Directory of Open Access Journals (Sweden)

    Lynsay A. Shepherd

    2014-11-01

    Full Text Available Despite the number of tools created to help end-users reduce risky security behaviours, users are still falling victim to online attacks. This paper proposes a browser extension utilising affective feedback to provide warnings on detection of risky behaviour. The paper provides an overview of behaviour considered to be risky, explaining potential threats users may face online. Existing tools developed to reduce risky security behaviours in end-users have been compared, discussing the success rates of various methodologies. Ongoing research is described which attempts to educate users regarding the risks and consequences of poor security behaviour by providing the appropriate feedback on the automatic recognition of risky behaviour. The paper concludes that a solution utilising a browser extension is a suitable method of monitoring potentially risky security behaviour. Ultimately, future work seeks to implement an affective feedback mechanism within the browser extension with the aim of improving security awareness.

  10. Reducing e-commerce risks using digital certificates

    Directory of Open Access Journals (Sweden)

    Piščević Miloš

    2009-01-01

    Full Text Available E-commerce means buying and selling goods and services across the Internet. Secured communication in e-commerce, across unsecured medium, such as the Internet, represents one of the major components in a domain of providing necessary security- critical demands, so the flow of information could go in a secure way. The Internet, as a global computer network must provide five major security services: confidentiality, data integrity, authentication, availability, and non-repudiation of information. Without guaranteeing aformentioned security goals, risks may be very high in e-commerce systems. A possible way to reduce these risks is to use digital certificates. Digital certificates provide a means of proving identity in electronic transactions, and from the point of view of computer communication they are irreplacable, but nevertheless they provide a good mechanism for implementing the major part of this security goal, and therefore, their usage in e-commerce is the major topic of this paper.

  11. Managing information technology security risk

    Science.gov (United States)

    Gilliam, David

    2003-01-01

    Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

  12. Physical security and IT convergence: Managing the cyber-related risks.

    Science.gov (United States)

    McCreight, Tim; Leece, Doug

    The convergence of physical security devices into the corporate network is increasing, due to the perceived economic benefits and efficiencies gained from using one enterprise network. Bringing these two networks together is not without risk. Physical devices like closed circuit television cameras (CCTV), card access readers, and heating, ventilation and air conditioning controllers (HVAC) are typically not secured to the standards we expect for corporate computer networks. These devices can pose significant risks to the corporate network by creating new avenues to exploit vulnerabilities in less-than-secure implementations of physical systems. The ASIS Information Technology Security Council (ITSC) developed a white paper describing steps organisations can take to reduce the risks this convergence can pose, and presented these concepts at the 2015 ASIS/ISC2 Congress in Anaheim, California. 1 This paper expands upon the six characteristics described by ITSC, and provides business continuity planners with information on how to apply these recommendations to physical security devices that use the corporate network.

  13. Simulating the Adaptive Mechanisms to Reduce the Risks of Occurence of Threats to the Economic Security of Enterprise

    Directory of Open Access Journals (Sweden)

    Glushchevsky Vyacheslav V.

    2017-09-01

    Full Text Available The article is concerned with addressing the topical problem of effectively countering real and potential threats to economic security of enterprises and reducing the risks of their occurrence. The article is aimed at simulating the adaptive mechanisms to counteract external influences on the marketing component of enterprise’s economic security and developing a system of measures for removing threats to price destabilization of its orders portfolio based on a modern economic-mathematical instrumentarium. The common causes of the threats occurrence related to the price policy of enterprise and the tactics of the contractual processes with the business partners have been explored. Hidden reserves for price maneuvering in concluding contracts with customers have been identified. An algorithmic model for an adaptive pricing task in terms of an assortment of industrial enterprise has been built. On the basis of this model, mechanisms have been developed to counteract the threats of occurrence and aggravation of a «price conflict» between the producing enterprise and the potential customers of its products, and to advise on how to remove the risks of their occurrence. Prospects for using the methodology together with the instrumentarium for economic-mathematical modeling in terms of tasks of the price risks management have been indicated.

  14. Agent of opportunity risk mitigation: people, engineering, and security efficacy.

    Science.gov (United States)

    Graham, Margaret E; Tunik, Michael G; Farmer, Brenna M; Bendzans, Carly; McCrillis, Aileen M; Nelson, Lewis S; Portelli, Ian; Smith, Silas; Goldberg, Judith D; Zhang, Meng; Rosenberg, Sheldon D; Goldfrank, Lewis R

    2010-12-01

    controls; security personnel play dual roles of security and customer service, creating the negative perception that neither role is done well; and budget was described as an important factor in explaining the state of security controls. We determined that AMCs seeking to reduce AO risk should assess their institutionally unique AO risks, understand staff security perceptions, and install access controls that are responsive to the staff's tendency to defeat them. The development of AO attribute fact sheets is desirable for AO risk assessment; new funding and administrative or legislative tools to improve AMC security are required; and security practices and methods that are convenient and effective should be engineered.

  15. Reducing risks to food security from climate change

    DEFF Research Database (Denmark)

    Campbell, Bruce Morgan; Vermeulen, Sonja Joy; Aggarwal, Pramod

    2016-01-01

    , with very little attention paid to more systems components of cropping, let alone other dimensions of food security. Given the serious threats to food security, attention should shift to an action-oriented research agenda, where we see four key challenges: (a) changing the culture of research; (b) deriving...

  16. Reducing the risk of nuclear terrorism

    International Nuclear Information System (INIS)

    Hibbs, R.

    2005-01-01

    Full text: The March 2005 'International conference on nuclear security, global directions for the future' noted that nuclear terrorism is one of the greatest threats to society. Eminent members of a multi-national panel stated that there is no one principal activity to reduce the risk of nuclear terrorism and that a combination of activities is required. This paper seeks to identify those activities by analyzing the elements that comprise the risk of nuclear terrorism. For the purpose of the analysis, risk is the product of the probability of a terrorist attack (A p ), the success of a terrorist act (S p ) and the consequence (C) of the attack: R=A p * S p * C. The paper examines each of these three elements of risk with the objective of identifying what we are doing and what else we could be doing to reduce risk. It takes into consideration some historic catastrophes, examines how they might have been prevented or their consequences reduced, and if there are lessons that are applicable to reducing the risk of nuclear terrorism. The paper demonstrates that we have concentrated on only one of the three elements of risk and offer suggestions for diminishing the risk of nuclear terrorism by addressing all the elements. (author)

  17. Video calls from lay bystanders to dispatch centers - risk assessment of information security.

    Science.gov (United States)

    Bolle, Stein R; Hasvold, Per; Henriksen, Eva

    2011-09-30

    Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers.

  18. Risk-based security cost-benefit analysis: method and example applications - 59381

    International Nuclear Information System (INIS)

    Wyss, Gregory; Hinton, John; Clem, John; Silva, Consuelo; Duran, Felicia A.

    2012-01-01

    Document available in abstract form only. Full text of publication follows: Decision makers wish to use risk-based cost-benefit analysis to prioritize security investments. However, understanding security risk requires estimating the likelihood of attack, which is extremely uncertain and depends on unquantifiable psychological factors like dissuasion and deterrence. In addition, the most common performance metric for physical security systems, probability of effectiveness at the design basis threat [P(E)], performs poorly in cost-benefit analysis. It is extremely sensitive to small changes in adversary characteristics when the threat is near a systems breaking point, but very insensitive to those changes under other conditions. This makes it difficult to prioritize investment options on the basis of P(E), especially across multiple targets or facilities. To overcome these obstacles, a Sandia National Laboratories Laboratory Directed Research and Development project has developed a risk-based security cost-benefit analysis method. This approach characterizes targets by how difficult it would be for adversaries to exploit each targets vulnerabilities to induce consequences. Adversaries generally have success criteria (e.g., adequate or desired consequences and thresholds for likelihood of success), and choose among alternative strategies that meet these criteria while considering their degree of difficulty in achieving their successful outcome. Investments reduce security risk as they reduce the severity of consequences available and/or increase the difficulty for an adversary to successfully accomplish their most advantageous attack

  19. reputation Risks through Information Security Incidents

    Directory of Open Access Journals (Sweden)

    Vitaly Eduardovich Dorokhov

    2014-05-01

    Full Text Available The article deals with accounting reputational risks arising through information security breaches in the management of a business entity. Security breach incidents which results to the loss of reputation are identified. Based on this analysis the definition of reputational risk in information security is given.

  20. Designing a Physical Security System for Risk Reduction in a Hypothetical Nuclear Facility

    International Nuclear Information System (INIS)

    Saleh, A.A.; Abd Elaziz, M.

    2017-01-01

    Physical security in a nuclear facility means detection, prevention and response to threat, the ft, sabotage, unauthorized access and illegal transfer involving radioactive and nuclear material. This paper proposes a physical security system designing concepts to reduce the risk associated with variant threats to a nuclear facility. This paper presents a study of the unauthorized removal and sabotage in a hypothetical nuclear facility considering deter, delay and response layers. More over, the study involves performing any required upgrading to the security system by investigating the nuclear facility layout and considering all physical security layers design to enhance the weakness for risk reduction

  1. Risk assessment techniques for civil aviation security

    Energy Technology Data Exchange (ETDEWEB)

    Tamasi, Galileo, E-mail: g.tamasi@enac.rupa.i [Ente Nazionale per l' Aviazione Civile-Direzione Progetti, Studi e Ricerche, Via di Villa Ricotti, 42, 00161 Roma (Italy); Demichela, Micaela, E-mail: micaela.demichela@polito.i [SAfeR-Centro Studi su Sicurezza, Affidabilita e Rischi, Dipartimento di Scienza dei Materiali e Ingegneria Chimica, Politecnico di Torino, Corso Duca degli Abruzzi, 24, 10129 Torino (Italy)

    2011-08-15

    Following the 9/11 terrorists attacks in New York a strong economical effort was made to improve and adapt aviation security, both in infrastructures as in airplanes. National and international guidelines were promptly developed with the objective of creating a security management system able to supervise the identification of risks and the definition and optimization of control measures. Risk assessment techniques are thus crucial in the above process, since an incorrect risk identification and quantification can strongly affect both the security level as the investments needed to reach it. The paper proposes a set of methodologies to qualitatively and quantitatively assess the risk in the security of civil aviation and the risk assessment process based on the threats, criticality and vulnerabilities concepts, highlighting their correlation in determining the level of risk. RAMS techniques are applied to the airport security system in order to analyze the protection equipment for critical facilities located in air-side, allowing also the estimation of the importance of the security improving measures vs. their effectiveness.

  2. Risk assessment techniques for civil aviation security

    International Nuclear Information System (INIS)

    Tamasi, Galileo; Demichela, Micaela

    2011-01-01

    Following the 9/11 terrorists attacks in New York a strong economical effort was made to improve and adapt aviation security, both in infrastructures as in airplanes. National and international guidelines were promptly developed with the objective of creating a security management system able to supervise the identification of risks and the definition and optimization of control measures. Risk assessment techniques are thus crucial in the above process, since an incorrect risk identification and quantification can strongly affect both the security level as the investments needed to reach it. The paper proposes a set of methodologies to qualitatively and quantitatively assess the risk in the security of civil aviation and the risk assessment process based on the threats, criticality and vulnerabilities concepts, highlighting their correlation in determining the level of risk. RAMS techniques are applied to the airport security system in order to analyze the protection equipment for critical facilities located in air-side, allowing also the estimation of the importance of the security improving measures vs. their effectiveness.

  3. Data security and risk assessment in cloud computing

    Directory of Open Access Journals (Sweden)

    Li Jing

    2018-01-01

    Full Text Available Cloud computing has attracted more and more attention as it reduces the cost of IT infrastructure of organizations. In our country, business Cloud services, such as Alibaba Cloud, Huawei Cloud, QingCloud, UCloud and so on are gaining more and more uses, especially small or median organizations. In the cloud service scenario, the program and data are migrating into cloud, resulting the lack of trust between customers and cloud service providers. However, the recent study on Cloud computing is mainly focused on the service side, while the data security and trust have not been sufficiently studied yet. This paper investigates into the data security issues from data life cycle which includes five steps when an organization uses Cloud computing. A data management framework is given out, including not only the data classification but also the risk management framework. Concretely, the data is divided into two varieties, business and personal information. And then, four classification levels (high, medium, low, normal according to the different extent of the potential adverse effect is introduced. With the help of classification, the administrators can identify the application or data to implement corresponding security controls. At last, the administrators conduct the risk assessment to alleviate the risk of data security. The trust between customers and cloud service providers will be strengthen through this way.

  4. Risk management and security services interaction--a must in today's health care environment.

    Science.gov (United States)

    Stultz, M S

    1990-01-01

    The author shows why risk managers and security directors are natural partners in the effort of a hospital to reduce risks from such occurrences as baby kidnappings, serial killers, thefts, and rapes/sexual assaults.

  5. Information Security Risk Assessment in Hospitals.

    Science.gov (United States)

    Ayatollahi, Haleh; Shagerdi, Ghazal

    2017-01-01

    To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies.

  6. Improving organisational resilience through enterprise security risk management.

    Science.gov (United States)

    Petruzzi, John; Loyear, Rachelle

    Enterprise Security Risk Management (ESRM) is a new philosophy and method of managing security programmes through the use of traditional risk principles. As a philosophy and life cycle, ESRM is focused on creating a business partnership between security practitioners and business leaders to more effectively provide protection against security risks in line with acceptable risk tolerances as defined by business asset owners and stakeholders. This paper explores the basics of the ESRM philosophy and life cycle and also shows how embracing the ESRM philosophy and implementing a risk-based security management model in the business organisation can lead to higher levels of organisational resilience as desired by organisation leaders, executives and the board of directors.

  7. Competition, Speculative Risks, and IT Security Outsourcing

    Science.gov (United States)

    Cezar, Asunur; Cavusoglu, Huseyin; Raghunathan, Srinivasan

    Information security management is becoming a more critical and, simultaneously, a challenging function for many firms. Even though many security managers are skeptical about outsourcing of IT security, others have cited reasons that are used for outsourcing of traditional IT functions for why security outsourcing is likely to increase. Our research offers a novel explanation, based on competitive externalities associated with IT security, for firms' decisions to outsource IT security. We show that if competitive externalities are ignored, then a firm will outsource security if and only if the MSSP offers a quality (or a cost) advantage over in-house operations, which is consistent with the traditional explanation for security outsourcing. However, a higher quality is neither a prerequisite nor a guarantee for a firm to outsource security. The competitive risk environment and the nature of the security function outsourced, in addition to quality, determine firms' outsourcing decisions. If the reward from the competitor's breach is higher than the loss from own breach, then even if the likelihood of a breach is higher under the MSSP the expected benefit from the competitive demand externality may offset the loss from the higher likelihood of breaches, resulting in one or both firms outsourcing security. The incentive to outsource security monitoring is higher than that of infrastructure management because the MSSP can reduce the likelihood of breach on both firms and thus enhance the demand externality effect. The incentive to outsource security monitoring (infrastructure management) is higher (lower) if either the likelihood of breach on both firms is lower (higher) when security is outsourced or the benefit (relative to loss) from the externality is higher (lower). The benefit from the demand externality arising out of a security breach is higher when more of the customers that leave the breached firm switch to the non-breached firm.

  8. Security risks arising from portable storage devices

    CSIR Research Space (South Africa)

    Molotsi, K

    2012-10-01

    Full Text Available of the security risks arising from the use of PSDs, and further provides possible security countermeasures to help organisations and users to protect their digital assets. APPROACH Literature review: ? To investigate security risks posed by PSDs... technology in the workplace. International Journal of Electronic Security and Digital Forensics. 3(1): 73?81 [3] Kim, K., Kim, E. & Hong S. (2009). Privacy information protection in portable device. Proceedings of International Conference on Convergence...

  9. Asset backed securities : risks, ratings and quantitative modelling

    NARCIS (Netherlands)

    Jönsson, B.H.B.; Schoutens, W.

    2009-01-01

    Asset backed securities (ABSs) are structured finance products backed by pools of assets and are created through a securitisation process. The risks in asset backed securities, such as, credit risk, prepayment risk, market risks, operational risk, and legal risks, are directly connected with the

  10. Information security risk assessment, aggregation, and mitigation

    NARCIS (Netherlands)

    Lenstra, A.K.; Voss, T.; Wang, H.; Pieprzyk, J.; Varadharajan, V.

    2004-01-01

    As part of their compliance process with the Basel 2 operational risk management requirements, banks must define how they deal with information security risk management. In this paper we describe work in progress on a new quantitative model to assess and aggregate information security risks that is

  11. Critical infrastructure cyber-security risk management

    OpenAIRE

    Spyridopoulos, T.; Maraslis, K.; Tryfonas, T.; Oikonomou, G.

    2017-01-01

    Traditional IT cyber-security risk management methods are based on the evaluation of risks calculated as the likelihood of cyber-security incidents occurring. However, these probabilities are usually estimations or guesses based on past experience and incomplete data. Incorrect estimations can lead to errors in the evaluation of risks that can ultimately affect the protection of the system. This issue is also transferred to methods used in Industrial Control Systems (ICSs), as they are mainly...

  12. Priorities for technology development and policy to reduce the risk from radioactive materials

    International Nuclear Information System (INIS)

    Duggan, Ruth Ann

    2010-01-01

    The Standing Committee on International Security of Radioactive and Nuclear Materials in the Nonproliferation and Arms Control Division conducted its fourth annual workshop in February 2010 on Reducing the Risk from Radioactive and Nuclear Materials. This workshop examined new technologies in real-time tracking of radioactive materials, new risks and policy issues in transportation security, the best practices and challenges found in addressing illicit radioactive materials trafficking, industry leadership in reducing proliferation risk, and verification of the Nuclear Nonproliferation Treaty, Article VI. Technology gaps, policy gaps, and prioritization for addressing the identified gaps were discussed. Participants included academia, policy makers, radioactive materials users, physical security and safeguards specialists, and vendors of radioactive sources and transportation services. This paper summarizes the results of this workshop with the recommendations and calls to action for the Institute of Nuclear Materials Management (INMM) membership community.

  13. National security risks? Uncertainty, austerity and other logics of risk in the UK government’s National Security Strategy

    NARCIS (Netherlands)

    Hammerstad, A.; Boas, I.J.C.

    2015-01-01

    Risk scholars within Security Studies have argued that the concept of security has gone through a fundamental transformation away from a threat-based conceptualisation of defence, urgency
    and exceptionality to one of preparedness, precautions and prevention of future risks, some of which are

  14. Applications of nuclear safety probabilistic risk assessment to nuclear security for optimized risk mitigation

    Energy Technology Data Exchange (ETDEWEB)

    Donnelly, S.K.; Harvey, S.B. [Amec Foster Wheeler, Toronto, Ontario (Canada)

    2016-06-15

    Critical infrastructure assets such as nuclear power generating stations are potential targets for malevolent acts. Probabilistic methodologies can be applied to evaluate the real-time security risk based upon intelligence and threat levels. By employing this approach, the application of security forces and other protective measures can be optimized. Existing probabilistic safety analysis (PSA) methodologies and tools employed. in the nuclear industry can be adapted to security applications for this purpose. Existing PSA models can also be adapted and enhanced to consider total plant risk, due to nuclear safety risks as well as security risks. By creating a Probabilistic Security Model (PSM), safety and security practitioners can maximize the safety and security of the plant while minimizing the significant costs associated with security upgrades and security forces. (author)

  15. Reducing security risk using data loss prevention technology.

    Science.gov (United States)

    Beeskow, John

    2015-11-01

    Data loss/leakage protection (DLP) technology seeks to improve data security by answering three fundamental questions: > Where are confidential data stored? > Who is accessing the information? > How are data being handled?

  16. Improving Information Security Risk Management

    Science.gov (United States)

    Singh, Anand

    2009-01-01

    manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…

  17. Climate Change and Risks to National Security

    Science.gov (United States)

    Titley, D.

    2017-12-01

    Climate change impacts national security in three ways: through changes in the operating environments of the military; by increasing risks to security infrastructure, specifically bases and training ranges; and by exacerbating and accelerating the risks of state collapse and conflict in regions that are already fragile and unstable. Additionally there will be unique security challenges in the Arctic as sea-ice melts out and human activities increase across multiple dimensions. Military forces will also likely see increased demand for Humanitarian Assistance and Disaster Relief resulting from a combination of increased human population, rising sea-level, and potentially stronger and wetter storms. The talk will explore some of the lesser known aspects of these changes, examine selected climate-driven 'wild cards' that have the potential to disrupt regional and global security, and explore how migration in the face of a changing climate may heighten security issues. I will assess the positions U.S. executive and legislative branches with respect to climate & security, and how those positions have evolved since the November 2016 election, sometimes in counter-intuitive ways. The talk will close with some recommended courses of action the security enterprise can take to manage this climate risk.

  18. Risk to Water Security on Small Islands

    Science.gov (United States)

    Holding, S. T.; Allen, D. M.

    2013-12-01

    The majority of fresh water available on small islands is shallow groundwater that forms a freshwater lens. Freshwater lenses are generally limited in extent and as such are vulnerable to many stressors that impact water security. These include stressors related to climate change, such as sea level rise, as well as those related to human impacts, such as contamination. Traditionally, water security assessments have focussed on indicators that provide a snapshot of the current condition. However, recent work suggests that in order to effectively manage the water system, it is also important to consider uncertain future impacts to the system by evaluating how different stressors might impact water security. In this study, a framework for assessing risk to water security was developed and tested on Andros Island in The Bahamas. The assessment comprises two main components that characterise the water system: numerical modelling studies and a hazard survey. A baseline numerical model of the freshwater lens throughout Andros Island was developed to simulate the morphology of the freshwater lens and estimate the freshwater resources currently available. The model was prepared using SEAWAT, a density-dependent flow and solute transport code. Various stressors were simulated in the model to evaluate the response of the freshwater lens to predicted future shifts in climate patterns, sea level rise, and changes in water use. A hazard survey was also conducted on the island to collect information related to the storage of contaminants, sanitation infrastructure, waste disposal practices and groundwater abstraction rates. The results of the survey form a geo-spatial database of the location and associated hazards to the freshwater lens. The resulting risk framework provides a ranking of overall risk to water security based on information from the numerical modelling and hazard survey. The risk framework is implemented in a Geographic Information System (GIS) and provides a map

  19. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization (extended version)

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.

    2010-01-01

    Today, companies are required to be in control of the security of their IT assets. This is especially challenging in the presence of limited budgets and conflicting requirements. Here, we present Risk-Based Requirements Elicitation and Prioritization (RiskREP), a method for managing IT security

  20. Towards Agile Security Risk Management in RE and Beyond

    NARCIS (Netherlands)

    Nunes Leal Franqueira, V.; Bakalova, Z.; Tun, Thein Tan; Daneva, Maia

    Little attention has been given so far to the process of security risk management at the early stages of system development. Security has been addressed by isolated security assurance practices, some of which consider risks and mitigations but they do not provide an overview of the overall security

  1. Security Risk Assessment in Software Development Projects

    OpenAIRE

    Svendsen, Heidi

    2017-01-01

    Software security is increasing in importance, linearly with vulnerabilities caused by software flaws. It is not possible to spend all the project s resources on software security. To spend the resources given to security in an effective way, one should know what is most important to protect. By performing a risk analysis the project know which vulnerabilities they face. A risk analysis will prioritise the vulnerabilities, and when the vulnerabilities are prioritised the project know where th...

  2. Security engineering: systems engineering of security through the adaptation and application of risk management

    Science.gov (United States)

    Gilliam, David P.; Feather, Martin S.

    2004-01-01

    Information Technology (IT) Security Risk Management is a critical task in the organization, which must protect its resources and data against the loss of confidentiality, integrity, and availability. As systems become more complex and diverse, and more vulnerabilities are discovered while attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security. This paper describes an approach to address IT security risk through risk management and mitigation in both the institution and in the project life cycle.

  3. Health Security and Risk Aversion.

    Science.gov (United States)

    Herington, Jonathan

    2016-09-01

    Health security has become a popular way of justifying efforts to control catastrophic threats to public health. Unfortunately, there has been little analysis of the concept of health security, nor the relationship between health security and other potential aims of public health policy. In this paper I develop an account of health security as an aversion to risky policy options. I explore three reasons for thinking risk avoidance is a distinctly worthwhile aim of public health policy: (i) that security is intrinsically valuable, (ii) that it is necessary for social planning and (iii) that it is an appropriate response to decision-making in contexts of very limited information. Striking the right balance between securing and maximizing population health thus requires a substantive, and hitherto unrecognized, value judgment. Finally, I critically evaluate the current health security agenda in light of this new account of the concept and its relationship to the other aims of public health policy. © 2016 John Wiley & Sons Ltd.

  4. Safety and security risk assessments--now demystified!

    Science.gov (United States)

    White, Donald E

    2011-01-01

    Safety/security risk assessments no longer need to spook nor baffle healthcare safety/security managers. This grid template provides at-at-glance quick lookup of the possible threats, the affected people and things, a priority ranking of these risks, and a workable solution for each risk. Using the standard document, spreadsheet, or graphics software already available on your computer, you can easily use a scientific method to produce professional looking risk assessments that get quickly understood by both senior managers and first responders alike!

  5. A comprehensive Network Security Risk Model for process control networks.

    Science.gov (United States)

    Henry, Matthew H; Haimes, Yacov Y

    2009-02-01

    The risk of cyber attacks on process control networks (PCN) is receiving significant attention due to the potentially catastrophic extent to which PCN failures can damage the infrastructures and commodity flows that they support. Risk management addresses the coupled problems of (1) reducing the likelihood that cyber attacks would succeed in disrupting PCN operation and (2) reducing the severity of consequences in the event of PCN failure or manipulation. The Network Security Risk Model (NSRM) developed in this article provides a means of evaluating the efficacy of candidate risk management policies by modeling the baseline risk and assessing expectations of risk after the implementation of candidate measures. Where existing risk models fall short of providing adequate insight into the efficacy of candidate risk management policies due to shortcomings in their structure or formulation, the NSRM provides model structure and an associated modeling methodology that captures the relevant dynamics of cyber attacks on PCN for risk analysis. This article develops the NSRM in detail in the context of an illustrative example.

  6. THE MODEL FOR RISK ASSESSMENT ERP-SYSTEMS INFORMATION SECURITY

    Directory of Open Access Journals (Sweden)

    V. S. Oladko

    2016-12-01

    Full Text Available The article deals with the problem assessment of information security risks in the ERP-system. ERP-system functions and architecture are studied. The model malicious impacts on levels of ERP-system architecture are composed. Model-based risk assessment, which is the quantitative and qualitative approach to risk assessment, built on the partial unification 3 methods for studying the risks of information security - security models with full overlapping technique CRAMM and FRAP techniques developed.

  7. Security Risks: Management and Mitigation in the Software Life Cycle

    Science.gov (United States)

    Gilliam, David P.

    2004-01-01

    A formal approach to managing and mitigating security risks in the software life cycle is requisite to developing software that has a higher degree of assurance that it is free of security defects which pose risk to the computing environment and the organization. Due to its criticality, security should be integrated as a formal approach in the software life cycle. Both a software security checklist and assessment tools should be incorporated into this life cycle process and integrated with a security risk assessment and mitigation tool. The current research at JPL addresses these areas through the development of a Sotfware Security Assessment Instrument (SSAI) and integrating it with a Defect Detection and Prevention (DDP) risk management tool.

  8. Reducing the risk of cyber threats in utilities through log management

    Energy Technology Data Exchange (ETDEWEB)

    Patnaik, A. [ArcSight, Cupertino, CA (United States)

    2010-01-15

    Electrical blackouts caused by terrorists hacking into targeted control systems have already occurred in Brazil. A patchwork of security tools is needed to reduce potential threats. The continuous collection and analysis of data is also needed to detect cyber threats. The real time correlation of logs across all systems, applications and users is needed to ensure the reliability and security of the power grid. Solutions must also integrate well with identity management sources in order to prevent remote access account hijacking. Effective log management can be used to detect threats and reduce the risk of power outages. 1 fig.

  9. Optimal security investments and extreme risk.

    Science.gov (United States)

    Mohtadi, Hamid; Agiwal, Swati

    2012-08-01

    In the aftermath of 9/11, concern over security increased dramatically in both the public and the private sector. Yet, no clear algorithm exists to inform firms on the amount and the timing of security investments to mitigate the impact of catastrophic risks. The goal of this article is to devise an optimum investment strategy for firms to mitigate exposure to catastrophic risks, focusing on how much to invest and when to invest. The latter question addresses the issue of whether postponing a risk mitigating decision is an optimal strategy or not. Accordingly, we develop and estimate both a one-period model and a multiperiod model within the framework of extreme value theory (EVT). We calibrate these models using probability measures for catastrophic terrorism risks associated with attacks on the food sector. We then compare our findings with the purchase of catastrophic risk insurance. © 2012 Society for Risk Analysis.

  10. RiskREP : risk-based security requirements elicitation and prioritization

    NARCIS (Netherlands)

    Herrmann, A.; Morali, A.; Etalle, S.; Wieringa, R.J.

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement "good-enough security" but need to be able to justify their security investment plans. In this paper, we present a Risk-Based

  11. Remodeling Strategic Staff Safety and Security Risks Management in Nigerian Tertiary Institutions

    Directory of Open Access Journals (Sweden)

    Sunday S. AKPAN

    2015-10-01

    Full Text Available This paper examined safety and security risk management in tertiary institutions in Nigeria. The frequent attacks at workplace, especially schools, have placed safety and security in the front burner of discussion in both business and political circles. This therefore, forms the imperative for the conduct of this study. The work adopted a cross sectional survey research design and collected data from respondents who are security personnel of the University of Uyo. Analysis of data was done with simple percentage statistics while the research hypotheses were tested with mean and simple regression and correlation statistics. The findings of the study revealed that assassination, kidnappings and bombings were principal risk incidents threatening the safety and security of staff in University of Uyo. A significant positive relationship was found between the funding of security management and workers’ performance. It was discovered specifically that employment screening, regular training of security personnel, regular safety and security meetings and strategic security policy formation were the main strategies for managing safety and security in University of Uyo. The paper concluded that safety and security management and control involves every worker (management and staff of University of Uyo. It was recommended, among others, that management should be more committed to safety and security management in the University by means of making safety and security issues an integral part of University’s strategic plan and also by adopting the management line model – one form of management structure-where safety and security are located, with other general management responsibilities. This way, the resurgent cases of kidnapping, hired assassination, etc. would be reduced if not completely eradicated in the University.

  12. Using Financial Instruments to Transfer the Information Security Risks

    Directory of Open Access Journals (Sweden)

    Pankaj Pandey

    2016-05-01

    Full Text Available For many individuals and organizations, cyber-insurance is the most practical and only way of handling a major financial impact of an information security event. However, the cyber-insurance market suffers from the problem of information asymmetry, lack of product diversity, illiquidity, high transaction cost, and so on. On the other hand, in theory, capital market-based financial instruments can provide a risk transfer mechanism with the ability to absorb the adverse impact of an information security event. Thus, this article addresses the limitations in the cyber-(reinsurance markets with a set of capital market-based financial instruments. This article presents a set of information security derivatives, namely options, vanilla options, swap, and futures that can be traded at an information security prediction market. Furthermore, this article demonstrates the usefulness of information security derivatives in a given scenario and presents an evaluation of the same in comparison with cyber-insurance. In our analysis, we found that the information security derivatives can at least be a partial solution to the problems in the cyber-insurance markets. The information security derivatives can be used as an effective tool for information elicitation and aggregation, cyber risk pricing, risk hedging, and strategic decision making for information security risk management.

  13. Development of a cyber security risk model using Bayesian networks

    International Nuclear Information System (INIS)

    Shin, Jinsoo; Son, Hanseong; Khalil ur, Rahman; Heo, Gyunyoung

    2015-01-01

    Cyber security is an emerging safety issue in the nuclear industry, especially in the instrumentation and control (I and C) field. To address the cyber security issue systematically, a model that can be used for cyber security evaluation is required. In this work, a cyber security risk model based on a Bayesian network is suggested for evaluating cyber security for nuclear facilities in an integrated manner. The suggested model enables the evaluation of both the procedural and technical aspects of cyber security, which are related to compliance with regulatory guides and system architectures, respectively. The activity-quality analysis model was developed to evaluate how well people and/or organizations comply with the regulatory guidance associated with cyber security. The architecture analysis model was created to evaluate vulnerabilities and mitigation measures with respect to their effect on cyber security. The two models are integrated into a single model, which is called the cyber security risk model, so that cyber security can be evaluated from procedural and technical viewpoints at the same time. The model was applied to evaluate the cyber security risk of the reactor protection system (RPS) of a research reactor and to demonstrate its usefulness and feasibility. - Highlights: • We developed the cyber security risk model can be find the weak point of cyber security integrated two cyber analysis models by using Bayesian Network. • One is the activity-quality model signifies how people and/or organization comply with the cyber security regulatory guide. • Other is the architecture model represents the probability of cyber-attack on RPS architecture. • The cyber security risk model can provide evidence that is able to determine the key element for cyber security for RPS of a research reactor

  14. Risk assessment for sustainable food security in China according to integrated food security--taking Dongting Lake area for example.

    Science.gov (United States)

    Qi, Xiaoxing; Liu, Liming; Liu, Yabin; Yao, Lan

    2013-06-01

    Integrated food security covers three aspects: food quantity security, food quality security, and sustainable food security. Because sustainable food security requires that food security must be compatible with sustainable development, the risk assessment of sustainable food security is becoming one of the most important issues. This paper mainly focuses on the characteristics of sustainable food security problems in the major grain-producing areas in China. We establish an index system based on land resources and eco-environmental conditions and apply a dynamic assessment method based on status assessments and trend analysis models to overcome the shortcomings of the static evaluation method. Using fuzzy mathematics, the risks are categorized into four grades: negligible risk, low risk, medium risk, and high risk. A case study was conducted in one of China's major grain-producing areas: Dongting Lake area. The results predict that the status of the sustainable food security in the Dongting Lake area is unsatisfactory for the foreseeable future. The number of districts at the medium-risk range will increase from six to ten by 2015 due to increasing population pressure, a decrease in the cultivated area, and a decrease in the effective irrigation area. Therefore, appropriate policies and measures should be put forward to improve it. The results could also provide direct support for an early warning system-which could be used to monitor food security trends or nutritional status so to inform policy makers of impending food shortages-to prevent sustainable food security risk based on some classical systematic methods. This is the first research of sustainable food security in terms of risk assessment, from the perspective of resources and the environment, at the regional scale.

  15. Reducing the risk from radioactive sources

    International Nuclear Information System (INIS)

    MacKenzie, C.

    2006-01-01

    Each year the IAEA receives reports of serious injuries or deaths due to misuse or accidents involving sealed radioactive sources. Sealed radioactive sources are used widely in medicine, industry, and agriculture - by doctors to treat cancer, by radiographers to check welds in pipelines, or by specialists to irradiate food to prevent it from spoiling, for example. If these sources are lost or improperly discarded, a serious accident may result. In addition, the security of sealed sources has become a growing concern, particularly the potential that such a source could be used as a radioactive dispersal device or 'dirty bomb'. Preventing the loss or theft of sealed radioactive sources reduces both the risk of accidents and the risk that such sources could become an instrument of misuse. In most countries, radioactive materials and activities that produce radiation are regulated. Those working with sealed radioactive sources are required not just to have proper credentials, but also the needed training and support to deal with unexpected circumstances that may arise when a source is used. Despite these measures, accidents involving sealed sources continue to be reported to the IAEA. Among its many activities to improve the safety and security of sealed sources, the IAEA has been investigating the root causes of major accidents since the 1980s and publishing the findings so that others can learn from them. This information needs to be in the hands of those whose actions and decisions can reduce accidents by preventing a lost source from making it's way into scrap metal. The IAEA has also developed an international catalogue of sealed radioactive sources, and provides assistance to countries to safely contain sources no longer in use. To raise awareness, a Sealed Radioactive Sources Toolkit was issued that focuses on the long-term issues in safely and securely managing radioactive sealed sources. The target audiences are government agencies, radioactive sealed source

  16. The Concepts of Risk, Safety, and Security: Applications in Everyday Language.

    Science.gov (United States)

    Boholm, Max; Möller, Niklas; Hansson, Sven Ove

    2016-02-01

    The concepts of risk, safety, and security have received substantial academic interest. Several assumptions exist about their nature and relation. Besides academic use, the words risk, safety, and security are frequent in ordinary language, for example, in media reporting. In this article, we analyze the concepts of risk, safety, and security, and their relation, based on empirical observation of their actual everyday use. The "behavioral profiles" of the nouns risk, safety, and security and the adjectives risky, safe, and secure are coded and compared regarding lexical and grammatical contexts. The main findings are: (1) the three nouns risk, safety, and security, and the two adjectives safe and secure, have widespread use in different senses, which will make any attempt to define them in a single unified manner extremely difficult; (2) the relationship between the central risk terms is complex and only partially confirms the distinctions commonly made between the terms in specialized terminology; (3) whereas most attempts to define risk in specialized terminology have taken the term to have a quantitative meaning, nonquantitative meanings dominate in everyday language, and numerical meanings are rare; and (4) the three adjectives safe, secure, and risky are frequently used in comparative form. This speaks against interpretations that would take them as absolute, all-or-nothing concepts. © 2015 Society for Risk Analysis.

  17. Predictors of mother-child interaction quality and child attachment security in at-risk families.

    Science.gov (United States)

    De Falco, Simona; Emer, Alessandra; Martini, Laura; Rigo, Paola; Pruner, Sonia; Venuti, Paola

    2014-01-01

    Child healthy development is largely influenced by parent-child interaction and a secure parent-child attachment is predictively associated with positive outcomes in numerous domains of child development. However, the parent-child relationship can be affected by several psychosocial and socio-demographic risk factors that undermine its quality and in turn play a negative role in short and long term child psychological health. Prevention and intervention programs that support parenting skills in at-risk families can efficiently reduce the impact of risk factors on mother and child psychological health. This study examines predictors of mother-child interaction quality and child attachment security in a sample of first-time mothers with psychosocial and/or socio-demographic risk factors. Forty primiparous women satisfying specific risk criteria participated in a longitudinal study with their children from pregnancy until 18 month of child age. A multiple psychological and socioeconomic assessment was performed. The Emotional Availability Scales were used to measure the quality of emotional exchanges between mother and child at 12 months and the Attachment Q-Sort served as a measure of child attachment security at 18 months. Results highlight both the effect of specific single factors, considered at a continuous level, and the cumulative risk effect of different co-occurring factors, considered at binary level, on mother-child interaction quality and child attachment security. Implication for the selection of inclusion criteria of intervention programs that support parenting skills in at-risk families are discussed.

  18. Predictors of mother-child interaction quality and child attachment security in at-risk families

    Directory of Open Access Journals (Sweden)

    Simona eDe Falco

    2014-08-01

    Full Text Available Child healthy development is largely influenced by parent-child interaction and a secure parent-child attachment is predictively associated with positive outcomes in numerous domains of child development. However, the parent-child relationship can be affected by several psychosocial and socio-demographic risk factors that undermine its quality and in turn play a negative role in short and long term child psychological health. Prevention and intervention programs that support parenting skills in at-risk families can efficiently reduce the impact of risk factors on mother and child psychological health. This study examines predictors of mother-child interaction quality and child attachment security in a sample of first-time mothers with psychosocial and/or socio-demographic risk factors. Forty primiparous women satisfying specific risk criteria participated in a longitudinal study with their children from pregnancy until 18 month of child age. A multiple psychological and socioeconomic assessment was performed. The Emotional Availability Scales were used to measure the quality of emotional exchanges between mother and child at 12 months and the Attachment Q-Sort served as a measure of child attachment security at 18 months. Results highlight both the effect of specific single factors, considered at a continuous level, and the cumulative risk effect of different co-occurring factors, considered at binary level, on mother-child interaction quality and child attachment security. Implication for the selection of inclusion criteria of intervention programs that support parenting skills in at-risk families are discussed.

  19. Securing the energy industry : perspectives in security risk management

    Energy Technology Data Exchange (ETDEWEB)

    Hurd, G.L. [Anadarko Canada Corp., Calgary, AB (Canada)

    2003-07-01

    This presentation offered some perspectives in security risk management as it relates to the energy sector. Since the events of September 11, 2001 much attention has been given to terrorism and the business is reviewing protection strategies. The paper made reference to each of the following vulnerabilities in the energy sector: information technology, globalization, business restructuring, interdependencies, political/regulatory change, and physical/human factors. The vulnerability of information technology is that it can be subject to cyber and virus attacks. Dangers of globalization lie in privacy and information security, forced nationalization, organized crime, and anti-globalization efforts. It was noted that the Y2K phenomenon provided valuable lessons regarding interdependencies and the effects of power outages, water availability, transportation disruption, common utility corridor accidents, and compounding incidents. The paper also noted the conflict between the government's desire to have a resilient infrastructure that can withstand and recover from attacks versus a company's ability to afford this capability. The physical/human factors that need to be considered in risk management include crime, domestic terrorism, and disasters such as natural disasters, industrial disasters and crisis. The energy industry has geographically dispersed vulnerable systems. It has done a fair job of physical security and has good emergency management practices, but it was noted that the industry cannot protect against all threats. A strategy of vigilance and awareness is needed to deal with threats. Other strategies include contingency planning, physical security, employee communication, and emergency response plans. tabs., figs.

  20. A cooperative model for IS security risk management in distributed environment.

    Science.gov (United States)

    Feng, Nan; Zheng, Chundong

    2014-01-01

    Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively.

  1. A surety engineering framework to reduce cognitive systems risks.

    Energy Technology Data Exchange (ETDEWEB)

    Caudell, Thomas P. (University of New Mexico, Albuquerque, NM); Peercy, David Eugene; Caldera, Eva O. (University of New Mexico, Albuquerque, NM); Shaneyfelt, Wendy L.

    2008-12-01

    Cognitive science research investigates the advancement of human cognition and neuroscience capabilities. Addressing risks associated with these advancements can counter potential program failures, legal and ethical issues, constraints to scientific research, and product vulnerabilities. Survey results, focus group discussions, cognitive science experts, and surety researchers concur technical risks exist that could impact cognitive science research in areas such as medicine, privacy, human enhancement, law and policy, military applications, and national security (SAND2006-6895). This SAND report documents a surety engineering framework and a process for identifying cognitive system technical, ethical, legal and societal risks and applying appropriate surety methods to reduce such risks. The framework consists of several models: Specification, Design, Evaluation, Risk, and Maturity. Two detailed case studies are included to illustrate the use of the process and framework. Several Appendices provide detailed information on existing cognitive system architectures; ethical, legal, and societal risk research; surety methods and technologies; and educing information research with a case study vignette. The process and framework provide a model for how cognitive systems research and full-scale product development can apply surety engineering to reduce perceived and actual risks.

  2. 6 CFR 27.200 - Information regarding security risk for a chemical facility.

    Science.gov (United States)

    2010-01-01

    ... chemical facility. 27.200 Section 27.200 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.200 Information regarding security risk for a chemical facility. (a) Information to determine security risk. In order to...

  3. Microsoft Azure security

    CERN Document Server

    Freato, Roberto

    2015-01-01

    This book is intended for Azure administrators who want to understand the application of security principles in distributed environments and how to use Azure to its full capability to reduce the risks of security breaches. Only basic knowledge of the security processes and services of Microsoft Azure is required.

  4. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization

    OpenAIRE

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. In this paper, we present a Risk-Based Requirements Prioritization method (RiskREP) that extends misuse case-based methods with IT architecture based risk assessment and countermeasure definition and prioritization. Countermeasure prioritizati...

  5. Integrating a flexible modeling framework (FMF) with the network security assessment instrument to reduce software security risk

    Science.gov (United States)

    Gilliam, D. P.; Powell, J. D.

    2002-01-01

    This paper presents a portion of an overall research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

  6. Communicating Uncertainty about Climate Change for Application to Security Risk Management

    Science.gov (United States)

    Gulledge, J. M.

    2011-12-01

    The science of climate change has convincingly demonstrated that human activities, including the release of greenhouse gases, land-surface changes, particle emissions, and redistribution of water, are changing global and regional climates. Consequently, key institutions are now concerned about the potential social impacts of climate change. For example, the 2010 Quadrennial Defense Review Report from the U.S. Department of Defense states that "climate change, energy security, and economic stability are inextricably linked." Meanwhile, insured losses from climate and weather-related natural disasters have risen dramatically over the past thirty years. Although these losses stem largely from socioeconomic trends, insurers are concerned that climate change could exacerbate this trend and render certain types of climate risk non-diversifiable. Meanwhile, the climate science community-broadly defined as physical, biological, and social scientists focused on some aspect of climate change-remains largely focused scholarly activities that are valued in the academy but not especially useful to decision makers. On the other hand, climate scientists who engage in policy discussions have generally permitted vested interests who support or oppose climate policies to frame the discussion of climate science within the policy arena. Such discussions focus on whether scientific uncertainties are sufficiently resolved to justify policy and the vested interests overstate or understate key uncertainties to support their own agendas. Consequently, the scientific community has become absorbed defending scientific findings to the near exclusion of developing novel tools to aid in risk-based decision-making. For example, the Intergovernmental Panel on Climate Change (IPCC), established expressly for the purpose of informing governments, has largely been engaged in attempts to reduce unavoidable uncertainties rather than helping the world's governments define a science-based risk

  7. Development of an Automated Security Risk Assessment Methodology Tool for Critical Infrastructures.

    Energy Technology Data Exchange (ETDEWEB)

    Jaeger, Calvin Dell; Roehrig, Nathaniel S.; Torres, Teresa M.

    2008-12-01

    This document presents the security automated Risk Assessment Methodology (RAM) prototype tool developed by Sandia National Laboratories (SNL). This work leverages SNL's capabilities and skills in security risk analysis and the development of vulnerability assessment/risk assessment methodologies to develop an automated prototype security RAM tool for critical infrastructures (RAM-CITM). The prototype automated RAM tool provides a user-friendly, systematic, and comprehensive risk-based tool to assist CI sector and security professionals in assessing and managing security risk from malevolent threats. The current tool is structured on the basic RAM framework developed by SNL. It is envisioned that this prototype tool will be adapted to meet the requirements of different CI sectors and thereby provide additional capabilities.

  8. Hydrocomplexity: Addressing water security and emergent environmental risks

    Science.gov (United States)

    Kumar, Praveen

    2015-07-01

    Water security and emergent environmental risks are among the most significant societal concerns. They are highly interlinked to other global risks such as those related to climate, human health, food, human migration, biodiversity loss, urban sustainability, etc. Emergent risks result from the confluence of unanticipated interactions from evolving interdependencies between complex systems, such as those embedded in the water cycle. They are associated with the novelty of dynamical possibilities that have significant potential consequences to human and ecological systems, and not with probabilities based on historical precedence. To ensure water security we need to be able to anticipate the likelihood of risk possibilities as they present the prospect of the most impact through cascade of vulnerabilities. They arise due to a confluence of nonstationary drivers that include growing population, climate change, demographic shifts, urban growth, and economic expansion, among others, which create novel interdependencies leading to a potential of cascading network effects. Hydrocomplexity aims to address water security and emergent risks through the development of science, methods, and practices with the potential to foster a "Blue Revolution" akin to the Green revolution for food security. It blends both hard infrastructure based solution with soft knowledge driven solutions to increase the range of planning and design, management, mitigation and adaptation strategies. It provides a conceptual and synthetic framework to enable us to integrate discovery science and engineering, observational and information science, computational and communication systems, and social and institutional approaches to address consequential water and environmental challenges.

  9. Interdependent Risk and Cyber Security: An Analysis of Security Investment and Cyber Insurance

    Science.gov (United States)

    Shim, Woohyun

    2010-01-01

    An increasing number of firms rely on highly interconnected information networks. In such environments, defense against cyber attacks is complicated by residual risks caused by the interdependence of information security decisions of firms. IT security is affected not only by a firm's own management strategies but also by those of others. This…

  10. Security breaches: tips for assessing and limiting your risks.

    Science.gov (United States)

    Coons, Leeanne R

    2011-01-01

    As part of their compliance planning, medical practices should undergo a risk assessment to determine any vulnerability within the practice relative to security breaches. Practices should also implement safeguards to limit their risks. Such safeguards include facility access controls, information and electronic media management, use of business associate agreements, and education and enforcement. Implementation of specific policies and procedures to address security incidents is another critical step that medical practices should take as part of their security incident prevention plan. Medical practices should not only develop policies and procedures to prevent, detect, contain, and correct security violations, but should make sure that such policies and procedures are actually implemented in their everyday operations.

  11. DLP: REDUCED RISK OF LEAKAGE OF CONFIDENTIAL INFORMATION OF THE BANK

    Directory of Open Access Journals (Sweden)

    T. A. Andryianava

    2017-01-01

    Full Text Available Research application of DLP-system for protection of confidential information, a methodology for adapting the DLP-system to the specific activities of the organization, comparative analysis of the results of standard and adapted DLP-systems in the Bank. Developed: a technique for analyzing information security events, algorithm for responding to identified events, methodology and procedures for adapting the standard DLP-system to the specifics of the Bank’s activities. The methodology for adapting a standard DLP-system to the specifics of the Bank’s work consists of the following activities: identification of critical corporate information categories, audit of information systems, description of current risks and their assessment, introduction of rules for Bank’s critical information and setting up a DLP system in accordance with the specifics of the Bank’s work. Modernization of the configuration of a standard DLP-system includes the following procedures: selection of confidential information of the Bank based on membership criteria, setting up detection, creating perimeters and developing an algorithm for responding to identified information security events in the Bank. The algorithm is designed to improve the efficiency of the response of information security officers in cases of incident detection and describes the stages of the subsequent actions. The results of the research prove that using an adapted DLP-system significantly reduces the number of false positives, increasing the accuracy of detecting confidential information and reducing the risk of leakage of critical information outside the corporate network. The application of the adapted DLP-system in the Bank allowed to increase the speed of response of information security specialists to the information security events detected by the DLP-system adapted to the Bank, and also allowed the DLP-system to transition from the copy mode to the blocking mode of illegitimate transfer

  12. Risk factors and visual fatigue of baggage X-ray security screeners: a structural equation modelling analysis.

    Science.gov (United States)

    Yu, Rui-Feng; Yang, Lin-Dong; Wu, Xin

    2017-05-01

    This study identified the risk factors influencing visual fatigue in baggage X-ray security screeners and estimated the strength of correlations between those factors and visual fatigue using structural equation modelling approach. Two hundred and five X-ray security screeners participated in a questionnaire survey. The result showed that satisfaction with the VDT's physical features and the work environment conditions were negatively correlated with the intensity of visual fatigue, whereas job stress and job burnout had direct positive influences. The path coefficient between the image quality of VDT and visual fatigue was not significant. The total effects of job burnout, job stress, the VDT's physical features and the work environment conditions on visual fatigue were 0.471, 0.469, -0.268 and -0.251 respectively. These findings indicated that both extrinsic factors relating to VDT and workplace environment and psychological factors including job burnout and job stress should be considered in the workplace design and work organisation of security screening tasks to reduce screeners' visual fatigue. Practitioner Summary: This study identified the risk factors influencing visual fatigue in baggage X-ray security screeners and estimated the strength of correlations between those factors and visual fatigue. The findings were of great importance to the workplace design and the work organisation of security screening tasks to reduce screeners' visual fatigue.

  13. Security Risks Management in Selected Academic Libraries in Osun ...

    African Journals Online (AJOL)

    The survival of a library depends to a large extent on how secured its collections are. Security of collections constitutes a critical challenge facing academic libraries in Nigeria. It is against this background that this study investigated the security risks management in selected academic libraries in Osun State, Nigeria.

  14. The new risk paradigm for chemical process security and safety.

    Science.gov (United States)

    Moore, David A

    2004-11-11

    The world of safety and security in the chemical process industries has certainly changed since 11 September, but the biggest challenges may be yet to come. This paper will explain that there is a new risk management paradigm for chemical security, discuss the differences in interpreting this risk versus accidental risk, and identify the challenges we can anticipate will occur in the future on this issue. Companies need to be ready to manage the new chemical security responsibilities and to exceed the expectations of the public and regulators. This paper will outline the challenge and a suggested course of action.

  15. Information Uncertainty to Compare Qualitative Reasoning Security Risk Assessment Results

    Energy Technology Data Exchange (ETDEWEB)

    Chavez, Gregory M [Los Alamos National Laboratory; Key, Brian P [Los Alamos National Laboratory; Zerkle, David K [Los Alamos National Laboratory; Shevitz, Daniel W [Los Alamos National Laboratory

    2009-01-01

    The security risk associated with malevolent acts such as those of terrorism are often void of the historical data required for a traditional PRA. Most information available to conduct security risk assessments for these malevolent acts is obtained from subject matter experts as subjective judgements. Qualitative reasoning approaches such as approximate reasoning and evidential reasoning are useful for modeling the predicted risk from information provided by subject matter experts. Absent from these approaches is a consistent means to compare the security risk assessment results. Associated with each predicted risk reasoning result is a quantifiable amount of information uncertainty which can be measured and used to compare the results. This paper explores using entropy measures to quantify the information uncertainty associated with conflict and non-specificity in the predicted reasoning results. The measured quantities of conflict and non-specificity can ultimately be used to compare qualitative reasoning results which are important in triage studies and ultimately resource allocation. Straight forward extensions of previous entropy measures are presented here to quantify the non-specificity and conflict associated with security risk assessment results obtained from qualitative reasoning models.

  16. Risks and threats of tax state security and methods of their neutralization

    Directory of Open Access Journals (Sweden)

    Y.V. Lebedzevych

    2016-12-01

    Full Text Available The article substantiates the relevance of the study to ensure security of the state tax. Scientists studied different approaches to defining the essence of the concept of "security tax" on the key features that would satisfy the interests of all subjects of tax relations and the necessity of legal consolidation of this concept. Analyzed the economic, social and legal nature of the existence of the security tax, identified key indicators of fiscal security of Ukraine. To determine the effectiveness of the tax administration in the interests of the tax security highlights the main threats, tax security risks caused by external and internal factors, and propose measures for their elimination and prevent the possibility of their occurrence. The stages of tax risk management with effective building security tax, designed structurally-logic of the tax risk management security.

  17. Global water risks and national security: Building resilience (Invited)

    Science.gov (United States)

    Pulwarty, R. S.

    2013-12-01

    The UN defines water security as the capacity of a population to safeguard sustainable access to adequate quantities of acceptable quality water for sustaining livelihoods, human well-being, and socio-economic development, for ensuring protection against water-borne pollution and water-related disasters, and for preserving ecosystems in a climate of peace and political stability. This definition highlights complex and interconnected challenges and underscores the centrality of water for environmental services and human aactivities. Global risks are expressed at the national level. The 2010 Quadrennial Defense Review and the 2010 National Security Strategy identify climate change as likely to trigger outcomes that will threaten U.S. security including how freshwater resources can become a security issue. Impacts will be felt on the National Security interest through water, food and energy security, and critical infrastructure. This recognition focuses the need to consider the rates of change in climate extremes, in the context of more traditional political, economic, and social indicators that inform security analyses. There is a long-standing academic debate over the extent to which resource constraints and environmental challenges lead to inter-state conflict. It is generally recognized that water resources as a security issue to date exists mainly at the substate level and has not led to physical conflict between nation states. In conflict and disaster zones, threats to water security increase through inequitable and difficult access to water supply and related services, which may aggravate existing social fragility, tensions, violence, and conflict. This paper will (1) Outline the dimensions of water security and its links to national security (2) Analyze water footprints and management risks for key basins in the US and around the world, (3) map the link between global water security and national concerns, drawing lessons from the drought of 2012 and elsewhere

  18. OpenDBDDAS Toolkit: Secure MapReduce and Hadoop-like Systems

    KAUST Repository

    Fabiano, Enrico

    2015-06-01

    The OpenDBDDAS Toolkit is a software framework to provide support for more easily creating and expanding dynamic big data-driven application systems (DBDDAS) that are common in environmental systems, many engineering applications, disaster management, traffic management, and manufacturing. In this paper, we describe key features needed to implement a secure MapReduce and Hadoop-like system for high performance clusters that guarantees a certain level of privacy of data from other concurrent users of the system. We also provide examples of a secure MapReduce prototype and compare it to another high performance MapReduce, MR-MPI.

  19. ArgueSecure: Out-of-the-box Risk Assessment

    NARCIS (Netherlands)

    Ionita, Dan; Kegel, Roeland Hendrik,Pieter; Wieringa, Roelf J.; Baltuta, Andrei

    Most established security risk assessment methodologies aim to produce ranked lists of risks. But ranking requires quantification of risks, which in turn relies on data which may not be available or estimations which might not be accurate. As an alternative, we have previously proposed

  20. A Security Risk Measurement for the RAdAC Model

    National Research Council Canada - National Science Library

    Britton, David W; Brown, Ian A

    2007-01-01

    .... The intent is to quantify the risk involved in a single information transaction. Additionally, this thesis will attempt to identify the risk factors involved when calculating the total security risk measurement...

  1. Risk assessment of security systems based on entropy theory and the Neyman–Pearson criterion

    International Nuclear Information System (INIS)

    Lv, Haitao; Yin, Chao; Cui, Zongmin; Zhan, Qin; Zhou, Hongbo

    2015-01-01

    For a security system, the risk assessment is an important method to verdict whether its protection effectiveness is good or not. In this paper, a security system is regarded abstractly as a network by the name of a security network. A security network is made up of security nodes that are abstract functional units with the ability of detecting, delaying and responding. By the use of risk entropy and the Neyman–Pearson criterion, we construct a model to computer the protection probability of any position in the area where a security network is deployed. We provide a solution to find the most vulnerable path of a security network and the protection probability on the path is considered as the risk measure. Finally, we study the effect of some parameters on the risk and the breach protection probability of a security network. Ultimately, we can gain insight about the risk assessment of a security system. - Highlights: • A security system is regarded abstractly as a network made up of security nodes. • We construct a model to computer the protection probability provided by a security network. • We provide a better solution to find the most vulnerable path of a security network. • We build a risk assessment model for a security network based on the most vulnerable path

  2. Guidelines for developing NASA (National Aeronautics and Space Administration) ADP security risk management plans

    Science.gov (United States)

    Tompkins, F. G.

    1983-01-01

    This report presents guidance to NASA Computer security officials for developing ADP security risk management plans. The six components of the risk management process are identified and discussed. Guidance is presented on how to manage security risks that have been identified during a risk analysis performed at a data processing facility or during the security evaluation of an application system.

  3. A review of game theory approach to cyber security risk management

    African Journals Online (AJOL)

    A review of game theory approach to cyber security risk management. ... This paper presents a review of game theoretic-based model for cyber security risk management. Specifically, issues on ... AJOL African Journals Online. HOW TO USE ...

  4. Vulnerability Identification Errors in Security Risk Assessments

    OpenAIRE

    Taubenberger, Stefan

    2014-01-01

    At present, companies rely on information technology systems to achieve their business objectives, making them vulnerable to cybersecurity threats. Information security risk assessments help organisations to identify their risks and vulnerabilities. An accurate identification of risks and vulnerabilities is a challenge, because the input data is uncertain. So-called ’vulnerability identification errors‘ can occur if false positive vulnerabilities are identified, or if vulnerabilities remain u...

  5. Risk assessment of climate systems for national security.

    Energy Technology Data Exchange (ETDEWEB)

    Backus, George A.; Boslough, Mark Bruce Elrick; Brown, Theresa Jean; Cai, Ximing; Conrad, Stephen Hamilton; Constantine, Paul G; Dalbey, Keith R.; Debusschere, Bert J.; Fields, Richard; Hart, David Blaine; Kalinina, Elena Arkadievna; Kerstein, Alan R.; Levy, Michael; Lowry, Thomas Stephen; Malczynski, Leonard A.; Najm, Habib N.; Overfelt, James Robert; Parks, Mancel Jordan; Peplinski, William J.; Safta, Cosmin; Sargsyan, Khachik; Stubblefield, William Anthony; Taylor, Mark A.; Tidwell, Vincent Carroll; Trucano, Timothy Guy; Villa, Daniel L.

    2012-10-01

    Climate change, through drought, flooding, storms, heat waves, and melting Arctic ice, affects the production and flow of resource within and among geographical regions. The interactions among governments, populations, and sectors of the economy require integrated assessment based on risk, through uncertainty quantification (UQ). This project evaluated the capabilities with Sandia National Laboratories to perform such integrated analyses, as they relate to (inter)national security. The combining of the UQ results from climate models with hydrological and economic/infrastructure impact modeling appears to offer the best capability for national security risk assessments.

  6. Network Security Risk Assessment System Based on Attack Graph and Markov Chain

    Science.gov (United States)

    Sun, Fuxiong; Pi, Juntao; Lv, Jin; Cao, Tian

    2017-10-01

    Network security risk assessment technology can be found in advance of the network problems and related vulnerabilities, it has become an important means to solve the problem of network security. Based on attack graph and Markov chain, this paper provides a Network Security Risk Assessment Model (NSRAM). Based on the network infiltration tests, NSRAM generates the attack graph by the breadth traversal algorithm. Combines with the international standard CVSS, the attack probability of atomic nodes are counted, and then the attack transition probabilities of ones are calculated by Markov chain. NSRAM selects the optimal attack path after comprehensive measurement to assessment network security risk. The simulation results show that NSRAM can reflect the actual situation of network security objectively.

  7. FlySec: a risk-based airport security management system based on security as a service concept

    Science.gov (United States)

    Kyriazanos, Dimitris M.; Segou, Olga E.; Zalonis, Andreas; Thomopoulos, Stelios C. A.

    2016-05-01

    Complementing the ACI/IATA efforts, the FLYSEC European H2020 Research and Innovation project (http://www.fly-sec.eu/) aims to develop and demonstrate an innovative, integrated and end-to-end airport security process for passengers, enabling a guided and streamlined procedure from the landside to airside and into the boarding gates, and offering for an operationally validated innovative concept for end-to-end aviation security. FLYSEC ambition turns through a well-structured work plan into: (i) innovative processes facilitating risk-based screening; (ii) deployment and integration of new technologies and repurposing existing solutions towards a risk-based Security paradigm shift; (iii) improvement of passenger facilitation and customer service, bringing security as a real service in the airport of tomorrow;(iv) achievement of measurable throughput improvement and a whole new level of Quality of Service; and (v) validation of the results through advanced "in-vitro" simulation and "in-vivo" pilots. On the technical side, FLYSEC achieves its ambitious goals by integrating new technologies on video surveillance, intelligent remote image processing and biometrics combined with big data analysis, open-source intelligence and crowdsourcing. Repurposing existing technologies is also in the FLYSEC objectives, such as mobile application technologies for improved passenger experience and positive boarding applications (i.e. services to facilitate boarding and landside/airside way finding) as well as RFID for carry-on luggage tracking and quick unattended luggage handling. In this paper, the authors will describe the risk based airport security management system which powers FLYSEC intelligence and serves as the backend on top of which FLYSEC's front end technologies reside for security services management, behaviour and risk analysis.

  8. Security of Energy Supply - Indicators for Measuring Vulnerability and Risk

    International Nuclear Information System (INIS)

    Heinrich, C.

    2010-01-01

    In an era of increasing globalization, secure and affordable energy supplies are an essential requirement for economies to work, much less develop and grow in the long term. The present study, Energy security of supply - indicators for measuring vulnerability and risk, develops a broad methodical assessment concept to raise awareness among policy makers and the public regarding the vulnerability of energy supplies to potential energy crises. It explores the different aspects of vulnerability, from the primary energy level to energy infrastructure (storage, networks, power plant parks) to the efficiency and cost of energy consumption for end users. The individual characteristics of the formal concept were quantitatively evaluated for several OECD regions (Germany, UK, Sweden, Poland, Italy, France and the US) using a comprehensive empirical database and reduced to a single indicator for assessing energy supply vulnerability. Part of the database comprises historical observations for the period between 1978 and 2007.(author).

  9. Risk Analysis and Security Countermeasure Selection

    CERN Document Server

    Norman, Thomas L

    2009-01-01

    Explains how to evaluate the appropriateness of security countermeasures, from a cost-effectiveness perspective. This title guides readers from basic principles to complex processes in a step-by-step fashion, evaluating DHS-approved risk assessment methods, including CARVER, API/NPRA, RAMCAP, and various Sandia methodologies

  10. INFORMATION SECURITY RISK ASSESSMENT USING EXISTING LEGAL AND METHODOLOGICAL BASE

    Directory of Open Access Journals (Sweden)

    A. I. Trubei

    2015-01-01

    Full Text Available The article provides a survey of the existing regulatory framework for information security riskmanagement. Practical methods for information security risk and vulnerability assessment are proposed.

  11. Practical Methods for Information Security Risk Management

    Directory of Open Access Journals (Sweden)

    Cristian AMANCEI

    2011-01-01

    Full Text Available The purpose of this paper is to present some directions to perform the risk man-agement for information security. The article follows to practical methods through question-naire that asses the internal control, and through evaluation based on existing controls as part of vulnerability assessment. The methods presented contains all the key elements that concurs in risk management, through the elements proposed for evaluation questionnaire, list of threats, resource classification and evaluation, correlation between risks and controls and residual risk computation.

  12. Information Security Risks on a University Campus

    Directory of Open Access Journals (Sweden)

    Amer A. Al-Rawas

    2002-06-01

    Full Text Available This paper is concerned with issues relating to security in the provision of information systems (IS services within a campus environment. It is based on experiences with a specific known environment; namely Sultan Qaboos University. In considering the risks and challenges that face us in the provision of IS services we need to consider a number of interwoven subject areas.  These are: the importance of information to campus communities, the types of information utilised, and the risk factors that relate to the provision of IS services. Based on our discussion of the risk factors identified within this paper, we make a number of recommendations for improving security within any environment that wishes to take the matter seriously. These recommendations are classified into three main groups: general, which are applicable to the entire institution; social, aimed at the work attitudes of staff and students; and technical, addressing the skills and technologies required.

  13. Context-sensitive Information security Risk identification and evaluation techniques

    NARCIS (Netherlands)

    Ionita, Dan

    2014-01-01

    The objective of my research is to improve and support the process of Information security Risk Assessment by designing a scalable Risk argumentation framework for socio-digital-technical Risk. Due to the various types of IT systems, diversity of architectures and dynamic nature of Risk, there is no

  14. Climate change, nuclear risks and nuclear disarmament. From security threats to sustainable peace

    Energy Technology Data Exchange (ETDEWEB)

    Scheffran, Juergen [Hamburg Univ. (Germany). Research Group Climate Change and Security

    2009-07-01

    In the future, nuclear and climate risks may interfere with each other in a mutually enforcing way. Con-flicts induced by climate change could contribute to global insecurity and create more incentives for states to rely on military force, including nuclear weapons. Rather than being a direct cause of war, cli-mate change significantly affects the delicate balance between social and environmental systems in a way that could undermine human security and societal stability with potentially grave consequences for international security. Increased reliance on nuclear energy to reduce carbon emissions will contribute to the risks of nuclear proliferation. A renewed nuclear arms race would consume considerable resources and undermine the conditions for tackling the problem of climate change in a cooperative manner. Nuclear war itself would severely destabilize human societies and the environment, not to speak of the possibility of a nuclear winter that would disrupt the atmosphere. On the other hand, finding solutions to one problem area could help to find solutions in the other. Pre-venting the dangers of climate change and nuclear war requires an integrated set of strategies that ad-dress the causes as well as the impacts on the natural and social environment. Institutions are needed to strengthen common, ecological and human security, build and reinforce conflict-resolution mechanisms and low-carbon energy alternatives, and create sustainable lifecycles that respect the capabilities of the living world. This article examines the linkages between nuclear and climate risks, identifies areas where both threats converge, and offers an approach to move from living under these security threats to building sustain-able peace. By bringing to light the multidimensional interplay between climate change, nuclear risks and nuclear disarmament, this study aims to help the reader grasp their interconnectedness and recognize its critical implications for the strategic security

  15. Climate change, nuclear risks and nuclear disarmament. From security threats to sustainable peace

    International Nuclear Information System (INIS)

    Scheffran, Juergen

    2009-01-01

    In the future, nuclear and climate risks may interfere with each other in a mutually enforcing way. Con-flicts induced by climate change could contribute to global insecurity and create more incentives for states to rely on military force, including nuclear weapons. Rather than being a direct cause of war, cli-mate change significantly affects the delicate balance between social and environmental systems in a way that could undermine human security and societal stability with potentially grave consequences for international security. Increased reliance on nuclear energy to reduce carbon emissions will contribute to the risks of nuclear proliferation. A renewed nuclear arms race would consume considerable resources and undermine the conditions for tackling the problem of climate change in a cooperative manner. Nuclear war itself would severely destabilize human societies and the environment, not to speak of the possibility of a nuclear winter that would disrupt the atmosphere. On the other hand, finding solutions to one problem area could help to find solutions in the other. Pre-venting the dangers of climate change and nuclear war requires an integrated set of strategies that ad-dress the causes as well as the impacts on the natural and social environment. Institutions are needed to strengthen common, ecological and human security, build and reinforce conflict-resolution mechanisms and low-carbon energy alternatives, and create sustainable lifecycles that respect the capabilities of the living world. This article examines the linkages between nuclear and climate risks, identifies areas where both threats converge, and offers an approach to move from living under these security threats to building sustain-able peace. By bringing to light the multidimensional interplay between climate change, nuclear risks and nuclear disarmament, this study aims to help the reader grasp their interconnectedness and recognize its critical implications for the strategic security

  16. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. In this paper, we present a Risk-Based

  17. Work-related violence against security guards--who is most at risk?

    Science.gov (United States)

    Leino, Tuula; Selin, Risto; Summala, Heikki; Virtanen, Marianna

    2011-01-01

    Studies on violence in the work of security guards are largely lacking. This study is unique in that it focuses on security guards (n=1,010) in Finland, and assesses the different forms, prevalence, and risk factors of the work-related violence they often face. Information to a survey instrument was obtained by first interviewing 30 volunteers. Then we made a cross-sectional mailed survey that was sent to a randomized group of 2,000 security guards. The response rate was 52. We found the prevalence of verbal aggression, threats of assault, and physical acts against security guards at least once a month to be 39%, 19%, and 15% respectively. As regards risk factors and who is most at risk, our results show that male gender, young age, low work experience, late working hours, and time pressure were associated with all three forms of work-related violence. Unlike other forms of violence, verbal aggression was highly prevalent outside the metropolitan area and directed towards both more and less experienced security guards. In prevention policies for violence, it is important to identify high-risk groups such as those who have less work experience.

  18. 28 CFR 105.11 - Individuals not requiring a security risk assessment.

    Science.gov (United States)

    2010-07-01

    ... requiring a security risk assessment. (a) Citizens and nationals of the United States. A citizen or national... 28 Judicial Administration 2 2010-07-01 2010-07-01 false Individuals not requiring a security risk assessment. 105.11 Section 105.11 Judicial Administration DEPARTMENT OF JUSTICE (CONTINUED) CRIMINAL HISTORY...

  19. 78 FR 48029 - Improving Chemical Facility Safety and Security

    Science.gov (United States)

    2013-08-07

    ... Improving Chemical Facility Safety and Security By the authority vested in me as President by the... at reducing the safety risks and security risks associated with hazardous chemicals. However... to further improve chemical facility safety and security in coordination with owners and operators...

  20. Nuclear power: energy security and supply assurances

    International Nuclear Information System (INIS)

    Rogner, H.H.; McDonald, A.

    2008-01-01

    Expectations are high for nuclear power. This paper first summarizes recent global and regional projections for the medium-term, including the 2007 updates of IAEA projections plus International Energy Agency and World Energy Technology Outlook projections to 2030 and 2050. One driving force for nuclear power is concern about energy supply security. Two potential obstacles are concerns about increased nuclear weapon proliferation risks, and concerns by some countries about potential politically motivated nuclear fuel supply interruptions. Concerning supply security, the paper reviews different definitions, strategies and costs. Supply security is not free; nor does nuclear power categorically increase energy supply security in all situations. Concerning proliferation and nuclear fuel cut-off risks, the IAEA and others are exploring possible 'assurance of supply' mechanisms with 2 motivations. First, the possibility of a political fuel supply interruption is a non-market disincentive discouraging investment in nuclear power. Fuel supply assurance mechanisms could reduce this disincentive. Second, the risk of interruption creates an incentive for a country to insure against that risk by developing a national enrichment capability. Assurance mechanisms could reduce this incentive, thereby reducing the possible spread of new national enrichment capabilities and any associated weapon proliferation risks. (orig.)

  1. Failing States as Epidemiologic Risk Zones: Implications for Global Health Security.

    Science.gov (United States)

    Hirschfeld, Katherine

    Failed states commonly experience health and mortality crises that include outbreaks of infectious disease, violent conflict, reductions in life expectancy, and increased infant and maternal mortality. This article draws from recent research in political science, security studies, and international relations to explore how the process of state failure generates health declines and outbreaks of infectious disease. The key innovation of this model is a revised definition of "the state" as a geographically dynamic rather than static political space. This makes it easier to understand how phases of territorial contraction, collapse, and regeneration interrupt public health programs, destabilize the natural environment, reduce human security, and increase risks of epidemic infectious disease and other humanitarian crises. Better understanding of these dynamics will help international health agencies predict and prepare for future health and mortality crises created by failing states.

  2. Lethal stakes: rig-hand killings show rising security risks abroad

    Energy Technology Data Exchange (ETDEWEB)

    Lorenz, A

    1999-05-03

    The increasing demands for protection money from foreign exploration and pipeline construction companies by left-wing guerrilla groups in various South American countries led to greater attention being focused on security services. This paper discusses the various alternatives to consider when choosing a security service. The experience of a Canadian pipeline company with projects in South America, and in need of security services, is described. The company felt that it was important that the security firm have a Calgary presence. It ended up hiring Calgary Protection Concepts Corporation, which is run by former Canadian police and intelligence officers, who provide a wide range of security services. Staff spend time in the country involved to look over the local security situation, develop contacts with local intelligence officers, and contract overseas agents who arrange for bodyguards, escorts and armored cars. ProCon also helps companies develop crisis management plans, guiding senior personnel through scenarios such as kidnapping, extortion and civil strife. ProCon also has a 24-hour emergency assistance call centre to provide immediate advice, to notify personnel and family members and to monitor the situation. Trust is key to hiring an outside security service since the security firm becomes party to extremely confidential information. Top security firms usually specialize in either security work or political risk analysis, but not both. The reason for this is that there are big differences in mentality, training and capabilities between studying risks and actively guarding against hazards.

  3. Lethal stakes: rig-hand killings show rising security risks abroad

    International Nuclear Information System (INIS)

    Lorenz, A.

    1999-01-01

    The increasing demands for protection money from foreign exploration and pipeline construction companies by left-wing guerrilla groups in various South American countries led to greater attention being focused on security services. This paper discusses the various alternatives to consider when choosing a security service. The experience of a Canadian pipeline company with projects in South America, and in need of security services, is described. The company felt that it was important that the security firm have a Calgary presence. It ended up hiring Calgary Protection Concepts Corporation, which is run by former Canadian police and intelligence officers, who provide a wide range of security services. Staff spend time in the country involved to look over the local security situation, develop contacts with local intelligence officers, and contract overseas agents who arrange for bodyguards, escorts and armored cars. ProCon also helps companies develop crisis management plans, guiding senior personnel through scenarios such as kidnapping, extortion and civil strife. ProCon also has a 24-hour emergency assistance call centre to provide immediate advice, to notify personnel and family members and to monitor the situation. Trust is key to hiring an outside security service since the security firm becomes party to extremely confidential information. Top security firms usually specialize in either security work or political risk analysis, but not both. The reason for this is that there are big differences in mentality, training and capabilities between studying risks and actively guarding against hazards

  4. Water security, risk, and economic growth: Insights from a dynamical systems model

    Science.gov (United States)

    Dadson, Simon; Hall, Jim W.; Garrick, Dustin; Sadoff, Claudia; Grey, David; Whittington, Dale

    2017-08-01

    Investments in the physical infrastructure, human capital, and institutions needed for water resources management have been noteworthy in the development of most civilizations. These investments affect the economy in two distinct ways: (i) by improving the factor productivity of water in multiple economic sectors, especially those that are water intensive such as agriculture and energy and (ii) by reducing acute and chronic harmful effects of water-related hazards like floods, droughts, and water-related diseases. The need for capital investment to mitigate risks and promote economic growth is widely acknowledged, but prior conceptual work on the relationship between water-related investments and economic growth has focused on the productive and harmful roles of water in the economy independently. Here the two influences are combined using a simple, dynamical systems model of water-related investment, risk, and growth. In cases where initial water security is low, initial investment in water-related assets enables growth. Without such investment, losses due to water-related hazards exert a drag on economic growth and may create a poverty trap. The presence and location of the poverty trap is context-specific and depends on the exposure of productive water-related assets to water-related risk. Exogenous changes in water-related risk can potentially push an economy away from a growth path toward a poverty trap. Our investigation shows that an inverted-U-shaped investment relation between the level of investment in water security and the current level of water security leads to faster rates of growth than the alternatives that we consider here, and that this relation is responsible for the "S"-curve that is posited in the literature. These results illustrate the importance of accounting for environmental and health risks in economic models and offer insights for the design of robust policies for investment in water-related productive assets to manage risk, in the face

  5. Flood Risk Assessment Based On Security Deficit Analysis

    Science.gov (United States)

    Beck, J.; Metzger, R.; Hingray, B.; Musy, A.

    Risk is a human perception: a given risk may be considered as acceptable or unac- ceptable depending on the group that has to face that risk. Flood risk analysis of- ten estimates economic losses from damages, but neglects the question of accept- able/unacceptable risk. With input from land use managers, politicians and other stakeholders, risk assessment based on security deficit analysis determines objects with unacceptable risk and their degree of security deficit. Such a risk assessment methodology, initially developed by the Swiss federal authorities, is illustrated by its application on a reach of the Alzette River (Luxembourg) in the framework of the IRMA-SPONGE FRHYMAP project. Flood risk assessment always involves a flood hazard analysis, an exposed object vulnerability analysis, and an analysis combing the results of these two previous analyses. The flood hazard analysis was done with the quasi-2D hydraulic model FldPln to produce flood intensity maps. Flood intensity was determined by the water height and velocity. Object data for the vulnerability analysis, provided by the Luxembourg government, were classified according to their potential damage. Potential damage is expressed in terms of direct, human life and secondary losses. A thematic map was produced to show the object classification. Protection goals were then attributed to the object classes. Protection goals are assigned in terms of an acceptable flood intensity for a certain flood frequency. This is where input from land use managers and politicians comes into play. The perception of risk in the re- gion or country influences the protection goal assignment. Protection goals as used in Switzerland were used in this project. Thematic maps showing the protection goals of each object in the case study area for a given flood frequency were produced. Com- parison between an object's protection goal and the intensity of the flood that touched the object determine the acceptability of the risk and the

  6. Agent-Based Modelling for Security Risk Assessment

    NARCIS (Netherlands)

    Janssen, S.A.M.; Sharpans'kykh, Alexei; Bajo, J.; Vale, Z.; Hallenborg, K.; Rocha, A.P.; Mathieu, P.; Pawlewski, P.; Del Val, E.; Novais, P.; Lopes, F.; Duque Méndez, N.D.; Julián, V.; Holmgren, J.

    2017-01-01

    Security Risk Assessment is commonly performed by using traditional methods based on linear probabilistic tools and informal expert judgements. These methods lack the capability to take the inherent dynamic and intelligent nature of attackers into account. To partially address the limitations,

  7. INFORMATION SECURITY RISKS OPTIMIZATION IN CLOUDY SERVICES ON THE BASIS OF LINEAR PROGRAMMING

    Directory of Open Access Journals (Sweden)

    I. A. Zikratov

    2013-01-01

    Full Text Available The paper discusses theoretical aspects of secure cloud services creation for information processing of various confidentiality degrees. A new approach to the reasoning of information security composition in distributed computing structures is suggested, presenting the problem of risk assessment as an extreme problem of decisionmaking. Linear programming method application is proved to minimize the risk of information security for given performance security in compliance with the economic balance for the maintenance of security facilities and cost of services. An example is given to illustrate the obtained theoretical results.

  8. Aviation Security, Risk Assessment, and Risk Aversion for Public Decisionmaking

    Science.gov (United States)

    Stewart, Mark G.; Mueller, John

    2013-01-01

    This paper estimates risk reductions for each layer of security designed to prevent commercial passenger airliners from being commandeered by terrorists, kept under control for some time, and then crashed into specific targets. Probabilistic methods are used to characterize the uncertainty of rates of deterrence, detection, and disruption, as well…

  9. Managing the risks of legacy radioactive sources from a security perspective

    International Nuclear Information System (INIS)

    Alexander, Mark; Murray, Allan

    2008-01-01

    The safety and security risk posed by highly radioactive, long-lived sources at the end of their normal use has not been consistently well-managed in previous decades. The Brazilian Cs-137 accident in 1986 and the Thailand Co-60 accident in 2000 are prime examples of the consequences that ensue from the loss of control of highly dangerous sources after their normal use. With the new international emphasis on security of radioactive sources throughout their life cycle, there is now further incentive to address the management of risks posed by legacy, highly dangerous radioactive sources. The ANSTO South-East Asia Regional Security of Radioactive Sources (RSRS) Project has identified, and is addressing, a number of legacy situations that have arisen as a result of inadequate management practices in the past. Specific examples are provided of these legacy situations and the lessons learned for managing the consequent safety and security risk, and for future complete life-cycle management of highly radioactive sources. (author)

  10. Cyber Security Risk Evaluation of a Nuclear I&C Using BN and ET

    OpenAIRE

    Jinsoo Shin; Hanseong Son; Gyunyoung Heo

    2017-01-01

    Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluatio...

  11. Strengthening the Security of ESA Ground Data Systems

    Science.gov (United States)

    Flentge, Felix; Eggleston, James; Garcia Mateos, Marc

    2013-08-01

    A common approach to address information security has been implemented in ESA's Mission Operations (MOI) Infrastructure during the last years. This paper reports on the specific challenges to the Data Systems domain within the MOI and how security can be properly managed with an Information Security Management System (ISMS) according to ISO 27001. Results of an initial security risk assessment are reported and the different types of security controls that are being implemented in order to reduce the risks are briefly described.

  12. RISK MANAGEMENT FROM THE INFORMATION SECURITY PERSPECTIVE

    Directory of Open Access Journals (Sweden)

    Riza Ionuț

    2017-11-01

    Full Text Available Risk management has emerged ever since the appearance of human communities and it has developed at a slow rate. Over time, a significant improvement was made, from accepting hazards to the identification, evaluation and control of unwanted events, threat prevention and exploitation of opportunities through scientific risk management actions. The fundamental role of research in cyber security is to concentrate the efforts on those contexts and conditions which determine the way in which key players reach a common understanding of the way to conceive and eventually answer to certain challenges in cyber security. In order to build a clear perception of these effects, this work presents the main elements which define cyber space, to come to the aid of turning the management process into an efficient one, especially when talking about cyber space as a space for conflicts, both economic and political.

  13. Information security risk management for ISO27001/ISO27002

    CERN Document Server

    Calder, A; Watkins, S

    2010-01-01

    Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software.

  14. Information security risk management and incompatible parts of organization

    Energy Technology Data Exchange (ETDEWEB)

    Talabeigi, E.; Naeeini, S.G.J.

    2016-07-01

    Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value: The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.

  15. Information security risk management and incompatible parts of organization

    International Nuclear Information System (INIS)

    Talabeigi, E.; Naeeini, S.G.J.

    2016-01-01

    Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value: The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.

  16. Management of information security risks in a federal public institution: a case study

    Directory of Open Access Journals (Sweden)

    Jackson Gomes Soares Souza

    2016-11-01

    Full Text Available Public institutions bound to the Brazilian federal public sector must apply security measures, policies, procedures and guidelines as information assets protection measures. This case study sought to determine whether the management of information security risks is applied in a federal public institution according to Information Technology (I.T. managers perceptions and the results expose the importance of the roles played by people, responsibilities, policies, standards, procedures and their implementation aiming greater control of information security risks and opportunities related to information technology security.

  17. Information security risk management for computerized health information systems in hospitals: a case study of Iran.

    Science.gov (United States)

    Zarei, Javad; Sadoughi, Farahnaz

    2016-01-01

    In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

  18. Physical security in multinational nuclear-fuel-cycle operations

    International Nuclear Information System (INIS)

    Willrich, M.

    1977-01-01

    Whether or not multinationalization will reduce or increase risks of theft or sabotage will depend on the form and location of the enterprise, the precise nature of the physical security arrangements applied to the enterprise, and the future course of crime and terrorism in the nuclear age. If nuclear operations are multinationalized, the host government is likely to insist on physical security measures that are at least as stringent as those for a national or private enterprise subject to its jurisdiction. At the same time, the other participants will want to be sure the host government, as well as criminal groups, do not steal nuclear material from the facility. If designed to be reasonably effective, the physical security arrangements at a multinational nuclear enterprise seem likely to reduce the risk that any participating government will seek to divert material from the facility for use in a nuclear weapons program. Hence, multinationalization and physical security will both contribute to reducing the risks of nuclear weapons proliferation to additional governments. If economic considerations dominate the timing, scale and location of fuel-cycle facilities, the worldwide nuclear power industry is likely to develop along lines where the problems of physical security will be manageable. If, however, nuclear nationalism prevails, and numerous small-scale facilities become widely dispersed, the problem of security against theft and sabotage may prove to be unmanageable. It is ironic, although true, that in attempting to strengthen its security by pursuing self-sufficiency in nuclear power, a nation may be reducing its internal security against criminal terrorists

  19. Professional Autonomy and Security Risks of Journalists in Colombia

    Directory of Open Access Journals (Sweden)

    Miguel E. Garcés Prettel

    2017-01-01

    Full Text Available This paper analyzes the relationship between professional autonomy and security risks of journalists in Colombia. A correlational-transversal research was conducted with a sample of 751 journalists who filled out the questionnaire “Worlds of Journalism Study”. The results show significant differences on the attacks received by the journalists depending on gender, news beat, region, news media, years of experience, capacity and educational level of journalists. Attacks on journalists correlates positively with the autonomy to publish and write news on governments, armed forces, criminal gangs and structural social problems (poverty, status of ethnic minorities, socioeconomic inequality, environmental damage the latter being a predictor of high risk security.

  20. Bio-Security Proficiencies Project for Beginning Producers in 4-H

    Science.gov (United States)

    Smith, Martin H.; Meehan, Cheryl L.; Borba, John A.

    2014-01-01

    Improving bio-security practices among 4-H members who raise and show project animals is important. Bio-security measures can reduce the risk of disease spread and mitigate potential health and economic risks of disease outbreaks involving animal and zoonotic pathogens. Survey data provided statistical evidence that the Bio-Security Proficiencies…

  1. MAVEN Information Security Governance, Risk Management, and Compliance (GRC): Lessons Learned

    Science.gov (United States)

    Takamura, Eduardo; Gomez-Rosa, Carlos A.; Mangum, Kevin; Wasiak, Fran

    2014-01-01

    As the first interplanetary mission managed by the NASA Goddard Space Flight Center, the Mars Atmosphere and Volatile EvolutioN (MAVEN) had three IT security goals for its ground system: COMPLIANCE, (IT) RISK REDUCTION, and COST REDUCTION. In a multiorganizational environment in which government, industry and academia work together in support of the ground system and mission operations, information security governance, risk management, and compliance (GRC) becomes a challenge as each component of the ground system has and follows its own set of IT security requirements. These requirements are not necessarily the same or even similar to each other's, making the auditing of the ground system security a challenging feat. A combination of standards-based information security management based on the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), due diligence by the Mission's leadership, and effective collaboration among all elements of the ground system enabled MAVEN to successfully meet NASA's requirements for IT security, and therefore meet Federal Information Security Management Act (FISMA) mandate on the Agency. Throughout the implementation of GRC on MAVEN during the early stages of the mission development, the Project faced many challenges some of which have been identified in this paper. The purpose of this paper is to document these challenges, and provide a brief analysis of the lessons MAVEN learned. The historical information documented herein, derived from an internal pre-launch lessons learned analysis, can be used by current and future missions and organizations implementing and auditing GRC.

  2. Evaluating the Security Risks of System Using Hidden Markov Models

    African Journals Online (AJOL)

    System security assessment tools are either restricted to manual risk evaluation methodologies that are not appropriate for real-time application or used to determine the impact of certain events on the security status of networked systems. In this paper, we determine the strength of computer systems from the perspective of ...

  3. Information security risk management and incompatible parts of organization

    Directory of Open Access Journals (Sweden)

    Elham Talabeigi

    2016-11-01

    Full Text Available Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value:  The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.

  4. Information security risk management for computerized health information systems in hospitals: a case study of Iran

    Science.gov (United States)

    Zarei, Javad; Sadoughi, Farahnaz

    2016-01-01

    Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

  5. Security risk assessment and protection in the chemical and process industry

    OpenAIRE

    Reniers, Genserik; van Lerberghe, Paul; van Gulijk, Coen

    2014-01-01

    This article describes a security risk assessment and protection methodology that was developed for use in the chemical- and process industry in Belgium. The approach of the method follows a risk-based approach that follows desing principles for chemical safety. That approach is beneficial for workers in the chemical industry because they recognize the steps in this model from familiar safety models .The model combines the rings-of-protection approach with generic security practices including...

  6. Cyber Security Risk Evaluation of a Nuclear I&C Using BN and ET

    Directory of Open Access Journals (Sweden)

    Jinsoo Shin

    2017-04-01

    Full Text Available Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks.

  7. Asset Identification for Security Risk Assessment in Web Applications

    OpenAIRE

    Hisham M. Haddad; Brunil D. Romero

    2009-01-01

    As software applications become more complex they require more security, allowing them to reach an appropriate level of quality to manage information, and therefore achieving business objectives. Web applications represent one segment of software industry where security risk assessment is essential. Web engineering must address new challenges to provide new techniques and tools that guarantee high quality application development. This work focuses asset identification, the initial step in sec...

  8. Examination of State-Level Nuclear Security Evaluation Methods

    International Nuclear Information System (INIS)

    Kim, Chan Kim; Yim, Man-Sung

    2015-01-01

    An effective global system for nuclear materials security needs to cover all materials, employing international standards and best practices, to reduce risks by reducing weapons-usable nuclear material stocks and the number of locations where they are found. Such a system must also encourage states to accept peer reviews by outside experts in order to demonstrate that effective security is in place. It is thus critically important to perform state-level evaluation of nuclear security based on an integrative framework of risk assessment. Such evaluation provides a basis of measuring the level and progress of international effort to secure and control all nuclear materials. sensitivity test by differentiating weight factors of each of the indicators and categories will be performed in the future as well

  9. Overseas Risks to China’s Energy Security and Potential Countermeasures

    Directory of Open Access Journals (Sweden)

    Chi Zhang

    2014-12-01

    Full Text Available This article discusses the overseas risks to China’s energy security and provides suggestions for how to safeguard China’s energy security. The key to China’s energy security is supply security. This means obtaining enough and continued energy supply at affordable prices which can be divided into two factors: one is purchasing energy at reasonable prices; the other is having uninterrupted energy import. Accordingly, the major overseas challenges to China’s energy security are the surging international oil prices and the problem of safeguarding energy imports. There are both merits and shortcomings to the energy security concept of realism and that of neo-liberalism. Suggestions for how to secure China’s energy supply should be based on China’s conditions as well as a critique of the two theoretical perspectives and should include three aspects: energy diplomacy, military development and strategic oil reserves.

  10. Security Risk Assessment Process for UAS in the NAS CNPC Architecture

    Science.gov (United States)

    Iannicca, Dennis Christopher; Young, Daniel Paul; Suresh, Thadhani; Winter, Gilbert A.

    2013-01-01

    This informational paper discusses the risk assessment process conducted to analyze Control and Non-Payload Communications (CNPC) architectures for integrating civil Unmanned Aircraft Systems (UAS) into the National Airspace System (NAS). The assessment employs the National Institute of Standards and Technology (NIST) Risk Management framework to identify threats, vulnerabilities, and risks to these architectures and recommends corresponding mitigating security controls. This process builds upon earlier work performed by RTCA Special Committee (SC) 203 and the Federal Aviation Administration (FAA) to roadmap the risk assessment methodology and to identify categories of information security risks that pose a significant impact to aeronautical communications systems. A description of the deviations from the typical process is described in regards to this aeronautical communications system. Due to the sensitive nature of the information, data resulting from the risk assessment pertaining to threats, vulnerabilities, and risks is beyond the scope of this paper

  11. The Role of Secure Access to Sustainable Energy in Reducing ...

    African Journals Online (AJOL)

    The Role of Secure Access to Sustainable Energy in Reducing Women's ... of poverty, such as low education levels, inadequate health care and limited ... women in relation to energy will help governments promote overall development goals ...

  12. Spatio-temporal dynamics of security investments in an interdependent risk environment

    Science.gov (United States)

    Shafi, Kamran; Bender, Axel; Zhong, Weicai; Abbass, Hussein A.

    2012-10-01

    In a globalised world where risks spread through contagion, the decision of an entity to invest in securing its premises from stochastic risks no longer depends solely on its own actions but also on the actions of other interacting entities in the system. This phenomenon is commonly seen in many domains including airline, logistics and computer security and is referred to as Interdependent Security (IDS). An IDS game models this decision problem from a game-theoretic perspective and deals with the behavioural dynamics of risk-reduction investments in such settings. This paper enhances this model and investigates the spatio-temporal aspects of the IDS games. The spatio-temporal dynamics are studied using simple replicator dynamics on a variety of network structures and for various security cost tradeoffs that lead to different Nash equilibria in an IDS game. The simulation results show that the neighbourhood configuration has a greater effect on the IDS game dynamics than network structure. An in-depth empirical analysis of game dynamics is carried out on regular graphs, which leads to the articulation of necessary and sufficient conditions for dominance in IDS games under spatial constraints.

  13. OpenDBDDAS Toolkit: Secure MapReduce and Hadoop-like Systems

    KAUST Repository

    Fabiano, Enrico; Seo, Mookwon; Wu, Xiaoban; Douglas, Craig

    2015-01-01

    management, traffic management, and manufacturing. In this paper, we describe key features needed to implement a secure MapReduce and Hadoop-like system for high performance clusters that guarantees a certain level of privacy of data from other concurrent

  14. Security engineering: Phisical security measures for high-risk personnel

    Directory of Open Access Journals (Sweden)

    Jelena S. Cice

    2013-06-01

    Full Text Available The design of physical security measures is a specialized technical area that does not fall in the normal skill record and resume of commanders, architects, engineers, and project managers. This document provides guidance to those parties tasked with implementing existing and emerging physical protection system requirements: -    Creation of a single-source reference for the design and construction of physical security measures for high-risk personnel (HRP. -    Promulgation of multi-service standard recommendations and considerations. -    Potential increase of productivity of HRP and reduced temporary housing costs through clarification of considerations, guidance on planning, and provision of design solutions. -    Reduction of facility project costs. -    Better performance of modernized facilities, in terms of force protection, than original facilities. Throughout this process you must ensure: confidentiality, appropriate Public Relations, sustainability, compliance with all industrial guidelines and legal and regulatory requirement, constant review and revision to accommodate new circumstances or threats. Introduction Physical security is an extremely broad topic. It encompasses access control devices such as smart cards, air filtration and fireproofing. It is also heavily reliant on infrastructure. This means that many of the ideal physical security measures may not be economically or physically feasible for existing sites. Many businesses do not have the option of building their own facility from the ground up; thus physical security often must be integrated into an existing structure. This limits the overall set of security measures that can be installed. There is an aspect of physical security that is often overlooked; the humans that interact with it. Humans commit crime for a number of reasons. The document focuses on two building types: the HRP office and the HRP residence. HRP are personnel who are likely to be

  15. Breach Risk Magnitude: A Quantitative Measure of Database Security.

    Science.gov (United States)

    Yasnoff, William A

    2016-01-01

    A quantitative methodology is described that provides objective evaluation of the potential for health record system breaches. It assumes that breach risk increases with the number of potential records that could be exposed, while it decreases when more authentication steps are required for access. The breach risk magnitude (BRM) is the maximum value for any system user of the common logarithm of the number of accessible database records divided by the number of authentication steps needed to achieve such access. For a one million record relational database, the BRM varies from 5.52 to 6 depending on authentication protocols. For an alternative data architecture designed specifically to increase security by separately storing and encrypting each patient record, the BRM ranges from 1.3 to 2.6. While the BRM only provides a limited quantitative assessment of breach risk, it may be useful to objectively evaluate the security implications of alternative database organization approaches.

  16. An exploratory risk perception study of attitudes toward homeland security systems.

    Science.gov (United States)

    Sanquist, Thomas F; Mahy, Heidi; Morris, Frederic

    2008-08-01

    Understanding the issues surrounding public acceptance of homeland security systems is important for balancing security needs and potential civil liberties infringements. A psychometric survey was used in an exploratory study of attitudes regarding homeland security systems. Psychometric rating data were obtained from 182 respondents on psychological attributes associated with 12 distinct types of homeland security systems. An inverse relationship was observed for the overall rating attributes of acceptability and risk of civil liberties infringement. Principal components analysis (PCA) yielded a two-factor solution with the rating scale loading pattern suggesting factors of perceived effectiveness and perceived intrusiveness. These factors also showed an inverse relationship. The 12 different homeland security systems showed significantly different scores on the rating scales and PCA factors. Of the 12 systems studied, airport screening, canine detectors, and radiation monitoring at borders were found to be the most acceptable, while email monitoring, data mining, and global positioning satellite (GPS) tracking were found to be least acceptable. Students rated several systems as more effective than professionals, but the overall pattern of results for both types of subjects was similar. The data suggest that risk perception research and the psychometric paradigm are useful approaches for quantifying attitudes regarding homeland security systems and policies and can be used to anticipate potentially significant public acceptance issues.

  17. AUSERA: Large-Scale Automated Security Risk Assessment of Global Mobile Banking Apps

    OpenAIRE

    Chen, Sen; Meng, Guozhu; Su, Ting; Fan, Lingling; Xue, Yinxing; Liu, Yang; Xu, Lihua; Xue, Minhui; Li, Bo; Hao, Shuang

    2018-01-01

    Contemporary financial technology (FinTech) that enables cashless mobile payment has been widely adopted by financial institutions, such as banks, due to its convenience and efficiency. However, FinTech has also made massive and dynamic transactions susceptible to security risks. Given large financial losses caused by such vulnerabilities, regulatory technology (RegTech) has been developed, but more comprehensive security risk assessment is specifically desired to develop robust, scalable, an...

  18. Airports at Risk: The Impact of Information Sources on Security Decisions

    OpenAIRE

    Kirschenbaum, Avi; Mariani, Michele; Van Gulijk, Coen; Rapaport, Carmit; Lubasz, Sharon

    2012-01-01

    Security decisions in high risk organizations such as airports involve obtaining ongoing and frequent information about potential threats. Utilizing questionnaire survey data from a sample of airport\\ud employees in European Airports across the continent, we analyzed \\ud how both formal and informal sources of security information affect employee's decisions to comply with the security rules and\\ud directives. This led us to trace information network flows to assess its impact on the degree e...

  19. [Occupational risks among public safety and security forces].

    Science.gov (United States)

    Candura, S M; Verni, P; Minelli, C M; Rosso, G L; Cappelli, M I; Strambi, S; Martellosio, V

    2006-01-01

    The present paper tries to identify the occupational risk factors (physical, chemical, biological, psychological), variable depending on jobs and tasks, to which the heterogeneous public safety/security workers are exposed. The fight against criminality and public order maintenance imply (sometimes fatal) traumatic risks, and expose to psychophysical and sensorial tiring, unfavourable macro- and microclimatic conditions, the risk of baropathy (air navigation, underwater activities), noise (generated by firearms and several other sources), vibrations and shakings (automatic weapons, transport vehicles), the risk of electric injury, ionizing (X and gamma rays) and non-inonizing (ultraviolet rays, microwaves and radiofrequencies, electromagnetic fields) radiations. Chemical hazards include carbon monoxide and other combustion products (fires, urban traffic), substances released in chemical accidents, tear gases, lead (firing grounds, metal works, environmental pollution), solvents, lubrificants and cutting oils (mechanic repair and maintenance), laboratory materials and reagents, irritant and/or sensitizing agents contained in gloves. The main biological risks are tetanus, blood-borne diseases (viral hepatitis, AIDS), aerogenous diseases (e.g., tuberculosis, Legionnaire's disease, epidemic cerebrospinal meningitis), dog- or horse-transmitted zoonosis. Finally, emotional, psychosomatic and behavioural stress-related disorders (e.g., burn-out syndrome, post-traumatic stress disorder) are typically frequent. The presence of numerous and diversified hazards among public safety/security forces imposes the adoption of occupational medicine measures, including risk assessment, health education, technical and environmental prevention, personal protective devices, sanitary surveillance and biological monitoring, clinical interventions (diagnosis, therapy and rehabilitation of occupational accidents and illnesses), prompt medico-legal evaluation of occupational

  20. Computer Security: Improvements Needed to Reduce Risk to Critical Federal Operations and Assets

    National Research Council Canada - National Science Library

    Dacey, Robert

    2001-01-01

    .... Accordingly, the security of these systems and data is essential to avoiding disruptions in critical operations, as well as to helping prevent data tampering, fraud, and inappropriate disclosure...

  1. Cyber security risk evaluation of a nuclear I and C using BN and ET

    Energy Technology Data Exchange (ETDEWEB)

    Shin, Jin Soo; Heo, Gyun Young [Dept. of Nuclear Engineering, Kyung Hee University, Yongin (Korea, Republic of); Son, Han Seong [Computer and Game Science, Joongbu University, Geumsan (Korea, Republic of)

    2017-04-15

    Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks.

  2. Cyber security risk evaluation of a nuclear I and C using BN and ET

    International Nuclear Information System (INIS)

    Shin, Jin Soo; Heo, Gyun Young; Son, Han Seong

    2017-01-01

    Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks

  3. Automated procedure for performing computer security risk analysis

    International Nuclear Information System (INIS)

    Smith, S.T.; Lim, J.J.

    1984-05-01

    Computers, the invisible backbone of nuclear safeguards, monitor and control plant operations and support many materials accounting systems. Our automated procedure to assess computer security effectiveness differs from traditional risk analysis methods. The system is modeled as an interactive questionnaire, fully automated on a portable microcomputer. A set of modular event trees links the questionnaire to the risk assessment. Qualitative scores are obtained for target vulnerability, and qualitative impact measures are evaluated for a spectrum of threat-target pairs. These are then combined by a linguistic algebra to provide an accurate and meaningful risk measure. 12 references, 7 figures

  4. Reconciling Malicious and Accidental Risk in Cyber Security

    NARCIS (Netherlands)

    Pieters, Wolter; Lukszo, Zofia; Hadziosmanovic, D.; van den Berg, Jan

    Consider the question whether a cyber security investment is cost-effective. The result will depend on the expected frequency of attacks. Contrary to what is referred to as threat event frequencies or hazard rates in safety risk management, frequencies of targeted attacks are not independent from

  5. Risk evaluation system for facility safeguards and security planning

    International Nuclear Information System (INIS)

    Udell, C.J.; Carlson, R.L.

    1987-01-01

    The Risk Evaluation System (RES) is an integrated approach to determining safeguards and security effectiveness and risk. RES combines the planning and technical analysis into a format that promotes an orderly development of protection strategies, planing assumptions, facility targets, vulnerability and risk determination, enhancement planning, and implementation. In addition, the RES computer database program enhances the capability of the analyst to perform a risk evaluation of the facility. The computer database is menu driven using data input screens and contains an algorithm for determining the probability of adversary defeat and risk. Also, base case and adjusted risk data records can be maintained and accessed easily

  6. Risk evaluation system for facility safeguards and security planning

    International Nuclear Information System (INIS)

    Udell, C.J.; Carlson, R.L.

    1987-01-01

    The Risk Evaluation System (RES) is an integrated approach to determining safeguards and security effectiveness and risk. RES combines the planning and technical analysis into a format that promotes an orderly development of protection strategies, planning assumptions, facility targets, vulnerability and risk determination, enhancement planning, and implementation. In addition, the RES computer database program enhances the capability of the analyst to perform a risk evaluation of the facility. The computer database is menu driven using data input screens and contains an algorithm for determining the probability of adversary defeat and risk. Also, base case and adjusted risk data records can be maintained and accessed easily

  7. Regional disaster risk management strategies for food security: Probing Southern African Development Community channels for influencing national policy

    Directory of Open Access Journals (Sweden)

    Happy M. Tirivangasi

    2018-05-01

    Full Text Available Natural disasters and food insecurity are directly interconnected. Climate change related hazards such as floods, hurricanes, tsunamis, droughts and other risks can weaken food security and severely impact agricultural activities. Consequently, this has an impact on market access, trade, food supply, reduced income, increased food prices, decreased farm income and employment. Natural disasters create poverty, which in turn increases the prevalence of food insecurity and malnutrition. It is clear that disasters put food security at risk. The poorest people in the community are affected by food insecurity and disasters; hence, there is a need to be prepared as well as be in a position to manage disasters. Without serious efforts to address them, the risks of disasters will become an increasingly serious obstacle to sustainable development and the achievement of sustainable development goals, particularly goal number 2 ‘end hunger, achieve food security and improved nutrition and promote sustainable agriculture’. In recent years, countries in southern Africa have experienced an increase in the frequency, magnitude and impact of climate change–related hazards such as droughts, veld fire, depleting water resources and flood events. This research aims to reveal Southern African Development Community disaster risk management strategies for food security to see how they an influence and shape policy at the national level in southern Africa. Sustainable Livelihood approach was adopted as the main theoretical framework for the study. The qualitative Analysis is based largely on data from databases such as national reports, regional reports and empirical findings on the disaster management–sustainable development nexus.

  8. Cyber security risk assessment for SCADA and DCS networks.

    Science.gov (United States)

    Ralston, P A S; Graham, J H; Hieb, J L

    2007-10-01

    The growing dependence of critical infrastructures and industrial automation on interconnected physical and cyber-based control systems has resulted in a growing and previously unforeseen cyber security threat to supervisory control and data acquisition (SCADA) and distributed control systems (DCSs). It is critical that engineers and managers understand these issues and know how to locate the information they need. This paper provides a broad overview of cyber security and risk assessment for SCADA and DCS, introduces the main industry organizations and government groups working in this area, and gives a comprehensive review of the literature to date. Major concepts related to the risk assessment methods are introduced with references cited for more detail. Included are risk assessment methods such as HHM, IIM, and RFRM which have been applied successfully to SCADA systems with many interdependencies and have highlighted the need for quantifiable metrics. Presented in broad terms is probability risk analysis (PRA) which includes methods such as FTA, ETA, and FEMA. The paper concludes with a general discussion of two recent methods (one based on compromise graphs and one on augmented vulnerability trees) that quantitatively determine the probability of an attack, the impact of the attack, and the reduction in risk associated with a particular countermeasure.

  9. a review of game theory approach to cyber security risk management

    African Journals Online (AJOL)

    HOD

    Keywords: Cyber Security, Risk Management, Game Theory, Model. 1. INTRODUCTION. Risk is ... behaviors. This implies they are triggered by self- motivated goal .... embrace diligence verification of the recipient of the email as well as lack of ...

  10. Risk Management in Agriculture for Food Security in Latin America and the Caribbean

    Science.gov (United States)

    Martinez, A.; National Research CouncilScientific; Technological Research (Conicet)

    2013-05-01

    The Americas are extremely important as a unique contributor to Food Security. It provides from tropical to temperate crops. Not only they are able to feed their own population, but contribute significantly to the food supply of the population in developed, emergent and underdeveloped countries. This fact has given the region a unique responsibility to develop a regional risk-management strategy to manage food insecurity at a local, national, regional and global level. Although international agencies such as UN Food and Agriculture Organization (FAO), Instituto Interamericano para la Cooperación en Agricultura (IICA) and the regional centres of the Consultative Group for International Agriculture Research (CGIAR) and the World Bank (WB), are engaged in actions for Risk Management in Agriculture for reducing Food Insecurity. However there is a need to build a framework and/or comprehensive regional strategy for the Americas. It would identify areas for promoting research projects where natural and social science work together for producing relevant scientific information and tools i.e. maps, indicators, models and scenarios, early warning systems, etc. to cooperate with both policy and decision makers in the public and private sectors. This would eventually lead to a comprehensive regional programme for reducing food insecurity. The purpose of International Council for Science-International Research and the International Research for Disaster Risk programme (ICSU-IRDR) and ICSU Regional Office for Latinamerica and the Caribbean (ICSU-ROLAC) is to promote the cooperation of the relevant scientific fields in both natural science and social science in a multi and trans-disciplinary approach on risk management to reduce food insecurity. Also both ICSU-IRDR and ICSU-ROLAC are building a case for the inclusion of the scientific community in the revision of the Hjogo Framework for Action for Disaster Reduction to be held in 2015 as risk management for reducing food

  11. A protect solution for data security in mobile cloud storage

    Science.gov (United States)

    Yu, Xiaojun; Wen, Qiaoyan

    2013-03-01

    It is popular to access the cloud storage by mobile devices. However, this application suffer data security risk, especial the data leakage and privacy violate problem. This risk exists not only in cloud storage system, but also in mobile client platform. To reduce the security risk, this paper proposed a new security solution. It makes full use of the searchable encryption and trusted computing technology. Given the performance limit of the mobile devices, it proposes the trusted proxy based protection architecture. The design basic idea, deploy model and key flows are detailed. The analysis from the security and performance shows the advantage.

  12. Data Security Risk Estimation for Information-Telecommunication Systems on the basis of Cloud Computing

    Directory of Open Access Journals (Sweden)

    Anatoly Valeryevich Tsaregorodtsev

    2014-02-01

    Full Text Available Cloud computing will be one of the most common IT technologies to deploy applications, due to its key features: on-demand network access to a shared pool of configurable computing resources, flexibility and good quality/price ratio. Migrating to cloud architecture enables organizations to reduce the overall cost of implementing and maintaining the infrastructure and reduce development time for new business applications. There are many factors that influence the information security environment of cloud, as its multitenant architecture brings new and more complex problems and vulnerabilities. And the approach to risk estimation used in making decisions about the migration of critical data in the cloud infrastructure of the organization are proposed in the paper.

  13. For telehealth to succeed, privacy and security risks must be identified and addressed.

    Science.gov (United States)

    Hall, Joseph L; McGraw, Deven

    2014-02-01

    The success of telehealth could be undermined if serious privacy and security risks are not addressed. For example, sensors that are located in a patient's home or that interface with the patient's body to detect safety issues or medical emergencies may inadvertently transmit sensitive information about household activities. Similarly, routine data transmissions from an app or medical device, such as an insulin pump, may be shared with third-party advertisers. Without adequate security and privacy protections for underlying telehealth data and systems, providers and patients will lack trust in the use of telehealth solutions. Although some federal and state guidelines for telehealth security and privacy have been established, many gaps remain. No federal agency currently has authority to enact privacy and security requirements to cover the telehealth ecosystem. This article examines privacy risks and security threats to telehealth applications and summarizes the extent to which technical controls and federal law adequately address these risks. We argue for a comprehensive federal regulatory framework for telehealth, developed and enforced by a single federal entity, the Federal Trade Commission, to bolster trust and fully realize the benefits of telehealth.

  14. Cyber Safety and Security for Reduced Crew Operations (RCO)

    Science.gov (United States)

    Driscoll, Kevin

    2017-01-01

    NASA and the Aviation Industry is looking into reduced crew operations (RCO) that would cut today's required two-person flight crews down to a single pilot with support from ground-based crews. Shared responsibility across air and ground personnel will require highly reliable and secure data communication and supporting automation, which will be safety-critical for passenger and cargo aircraft. This paper looks at the different types and degrees of authority delegation given from the air to the ground and the ramifications of each, including the safety and security hazards introduced, the mitigation mechanisms for these hazards, and other demands on an RCO system architecture which would be highly invasive into (almost) all safety-critical avionics. The adjacent fields of unmanned aerial systems and autonomous ground vehicles are viewed to find problems that RCO may face and related aviation accident scenarios are described. The paper explores possible data communication architectures to meet stringent performance and information security (INFOSEC) requirements of RCO. Subsequently, potential challenges for RCO data communication authentication, encryption and non-repudiation are identified. The approach includes a comprehensive safety-hazard analysis of the RCO system to determine top level INFOSEC requirements for RCO and proposes an option for effective RCO implementation. This paper concludes with questioning the economic viability of RCO in light of the expense of overcoming the operational safety and security hazards it would introduce.

  15. Building Psychological Contracts in Security-Risk Environments

    DEFF Research Database (Denmark)

    Ramirez, Jacobo; Madero, Sergio; Vélez-Zapata, Claudia

    2015-01-01

    This paper examines the reciprocal obligations between employers and employees that are framed as psychological contracts in security-risk environments. A total of 30 interviews based on psychological contract frameworks, duty-of-care strategies in terms of human resource management (HRM) systems...... and the impacts of narcoterrorism on firms were conducted with human resources (HR) personnel, line managers and subordinates at eight national and multinational corporations (MNCs) with subsidiaries in Colombia and Mexico. Our findings generally support the existence of a relational psychological contract in our...... sample. Duty-of-care strategies based on both HRM systems and the sensitivities of HR personnel and line managers to the narcoterrorism context, in combination with both explicit and implicit security policies, tend to be the sources of the content of psychological contracts. We propose a psychological...

  16. Security, Privacy, Threats and Risks in Cloud Computing ― A Vital Review

    OpenAIRE

    Goyal, Sumit

    2016-01-01

    Cloud computing is a multi million dollar business. As more and more enterprises are adopting cloud services for their businesses, threat of security has become a big concern for these enterprises and cloud users. This review describes the latest threats and risks associated with cloud computing and suggests techniques for better privacy and security of data in cloud environment. Threats and risks associated with cloud service models (SaaS, PaaS and IaaS) along with cloud deployment models (p...

  17. Enterprise Architecture-Based Risk and Security Modelling and Analysis

    NARCIS (Netherlands)

    Jonkers, Henk; Quartel, Dick; Kordy, Barbara; Ekstedt, Mathias; Seong Kim, Deng

    2016-01-01

    The growing complexity of organizations and the increasing number of sophisticated cyber attacks asks for a systematic and integral approach to Enterprise Risk and Security Management (ERSM). As enterprise architecture offers the necessary integral perspective, including the business and IT aspects

  18. Perspectives on Energy Security

    International Nuclear Information System (INIS)

    Carlsson-Kanyama, Annika; Holmgren, Aake J.; Joensson, Thomas; Larsson, Robert L.

    2007-05-01

    A common notion of 'Energy Security' is that it includes access to energy resources without risking the the survival of the state. 'Security of supply' is most often the concept emphasized in the political discourse on energy security and it includes both production as well as secure and safe delivery of energy to the end consumers. Another aspect of energy security is the need for reducing energy consumption by improving energy efficiency. In this report, eight chapters covering these and other perspectives on energy security are presented. Six of the chapters deal with the supply perspective. Included topics cover power politics and geopolitical perspectives regarding large infrastructure projects and the ambitions of the EU in this regard. Further, methods and approaches for conducting risk analyses of electricity supply systems as well as for improving the security of digital control systems are discussed. As climate change will affect the supply and distribution of energy, one chapter presents an overview of this topic. The consumption perspective is discussed against the backdrop of research about household consumption practices and the role of climate change for future consumption levels. Finally, the role of armed forces as a large energy users is touched upon, as well as how so-called 'future studies' have dealt with energy as a topic

  19. Quantitative Security Risk Assessment of Android Permissions and Applications

    OpenAIRE

    Wang , Yang; Zheng , Jun; Sun , Chen; Mukkamala , Srinivas

    2013-01-01

    Part 6: Mobile Computing; International audience; The booming of the Android platform in recent years has attracted the attention of malware developers. However, the permissions-based model used in Android system to prevent the spread of malware, has shown to be ineffective. In this paper, we propose DroidRisk, a framework for quantitative security risk assessment of both Android permissions and applications (apps) based on permission request patterns from benign apps and malware, which aims ...

  20. Communicating Health Risks under Pressure: Homeland Security Applications

    International Nuclear Information System (INIS)

    Garrahan, K.G.; Collie, S.L.

    2006-01-01

    The U.S. Environmental Protection Agency's (EPA) Office of Research and Development (ORD) Threat and Consequence Assessment Division (TCAD) within the National Homeland Security Research Center (NHSRC) has developed a tool for rapid communication of health risks and likelihood of exposure in preparation for terrorist incidents. The Emergency Consequence Assessment Tool (ECAT) is a secure web-based tool designed to make risk assessment and consequence management faster and easier for high priority terrorist threat scenarios. ECAT has been designed to function as 'defensive play-book' for health advisors, first responders, and decision-makers by presenting a series of evaluation templates for priority scenarios that can be modified for site-specific applications. Perhaps most importantly, the risk communication aspect is considered prior to an actual release event, so that management or legal advisors can concur on general risk communication content in preparation for press releases that can be anticipated in case of an actual emergency. ECAT serves as a one-stop source of information for retrieving toxicological properties for agents of concern, estimating exposure to these agents, characterizing health risks, and determining what actions need to be undertaken to mitigate the risks. ECAT has the capability to be used at a command post where inputs can be checked and communicated while the response continues in real time. This front-end planning is intended to fill the gap most commonly identified during tabletop exercises: a need for concise, timely, and informative risk communication to all parties. Training and customization of existing chemical and biological release scenarios with modeling of exposure to air and water, along with custom risk communication 'messages' intended for public, press, shareholders, and other partners enable more effective communication during times of crisis. For DOE, the ECAT could serve as a prototype that would be amenable to

  1. Cyber Security Risk Assessment for the KNICS Safety Systems

    International Nuclear Information System (INIS)

    Lee, C. K.; Park, G. Y.; Lee, Y. J.; Choi, J. G.; Kim, D. H.; Lee, D. Y.; Kwon, K. C.

    2008-01-01

    In the Korea Nuclear I and C Systems Development (KNICS) project the platforms for plant protection systems are developed, which function as a reactor shutdown, actuation of engineered safety features and a control of the related equipment. Those are fully digitalized through the use of safety-grade programmable logic controllers (PLCs) and communication networks. In 2006 the Regulatory Guide 1.152 (Rev. 02) was published by the U.S. NRC and it describes the application of a cyber security to the safety systems in the Nuclear Power Plant (NPP). Therefore it is required that the new requirements are incorporated into the developed platforms to apply to NPP, and a cyber security risk assessment is performed. The results of the assessment were input for establishing the cyber security policies and planning the work breakdown to incorporate them

  2. Security and Risk Analysis of Nuclear Safeguards Instruments Using Attack Trees

    International Nuclear Information System (INIS)

    Naumann, I.; Wishard, B.

    2015-01-01

    The IAEA's nuclear safeguards instruments must be frequently evaluated against attack vectors, which are extremely varied and, at first approximation, may seem inconsequential, but are not. To accurately analyze the impact of attacks on a multi-component system requires a highly structured and well-documented assessment. Tree structures, such as fault trees, have long been used to assess the consequences of selecting potential solutions and their impact on risk. When applied to security threats by introducing threat agents (adversaries) and vulnerabilities, this approach can be extremely valuable in uncovering previously unidentified risks and identifying mitigation steps. This paper discusses how attack trees can be used for the security analysis of nuclear safeguards instruments. The root node of such a tree represents an objective that negatively impacts security such as disclosing and/or falsifying instrument data or circumventing safeguards methods. Usually, this objective is rather complex and attaining it requires a combination of several security breaches which may vary on how much funding or what capabilities are required in order to execute them. Thus, it is necessary to break the root objective into smaller, less complex units. Once a leaf node describes a reasonably comprehensible action, it is the security experts' task to allocate levels of difficulty and funding to this node. Eventually, the paths from the leaf nodes to the root node describe all possible combinations of actions necessary to carry out a successful attack. The use of a well-structured attack tree facilitates the developer in thinking like the adversary providing more effective security solutions. (author)

  3. AUTOCHTHONOUS APPROACHING IN THE MANAGEMENT OF THE SECURITY RISK

    Directory of Open Access Journals (Sweden)

    Burtescu Emil

    2008-05-01

    Full Text Available An optimal management for a corporation, no matter what size the corporation is, it must contain the management of the security risk. On the importance that is given to the risk management can depend the well functioning of the corporation. An important role in this process has the owner of the business and the way that this one understands the risk. A good understanding of the risk by the owner will have as effect the allocation of sufficient funds to implement controls meant to bring the risk level in order to be an acceptable one. The autochthonous corporations, in a great part even because of the inexistence of reglementations in this domain, have an empiric approach of the phenomena.

  4. Cryptographic Combinatorial Securities Exchanges

    Science.gov (United States)

    Thorpe, Christopher; Parkes, David C.

    We present a useful new mechanism that facilitates the atomic exchange of many large baskets of securities in a combinatorial exchange. Cryptography prevents information about the securities in the baskets from being exploited, enhancing trust. Our exchange offers institutions who wish to trade large positions a new alternative to existing methods of block trading: they can reduce transaction costs by taking advantage of other institutions’ available liquidity, while third party liquidity providers guarantee execution—preserving their desired portfolio composition at all times. In our exchange, institutions submit encrypted orders which are crossed, leaving a “remainder”. The exchange proves facts about the portfolio risk of this remainder to third party liquidity providers without revealing the securities in the remainder, the knowledge of which could also be exploited. The third parties learn either (depending on the setting) the portfolio risk parameters of the remainder itself, or how their own portfolio risk would change if they were to incorporate the remainder into a portfolio they submit. In one setting, these third parties submit bids on the commission, and the winner supplies necessary liquidity for the entire exchange to clear. This guaranteed clearing, coupled with external price discovery from the primary markets for the securities, sidesteps difficult combinatorial optimization problems. This latter method of proving how taking on the remainder would change risk parameters of one’s own portfolio, without revealing the remainder’s contents or its own risk parameters, is a useful protocol of independent interest.

  5. Coping with global environmental change, disasters and security: threats, challenges, vulnerabilities and risks

    NARCIS (Netherlands)

    Brauch, H.G.; Oswald Spring, Ú.; Mesjasz, C.; Grin, J.; Kameri-Mbote, P.; Chourou, B.; Dunay, P.; Birkmann, J.

    2011-01-01

    This policy-focused Global Environmental and Human Security Handbook for the Anthropo-cene (GEHSHA) addresses new security threats, challenges, vulnerabilities and risks posed by global environmental change and disasters. In 6 forewords, 5 preface essays 95 peer reviewed chapcountries analyse in 10

  6. A review of cyber security risk assessment methods for SCADA systems

    OpenAIRE

    Cherdantseva, Yulia; Burnap, Peter; Blyth, Andrew; Eden, Peter; Jones, Kevin; Soulsby, Hugh; Stoddart, Kristan

    2016-01-01

    This paper reviews the state of the art in cyber security risk assessment of Supervisory Control and Data Acquisition (SCADA) systems. We select and in-detail examine twenty-four risk assessment methods developed for or applied in the context of a SCADA system. We describe the essence of the methods and then analyse them in terms of aim; application domain; the stages of risk management addressed; key risk management concepts covered; impact measurement; sources of probabilistic data; evaluat...

  7. An analysis of security price risk and return among publicly traded pharmacy corporations.

    Science.gov (United States)

    Gilligan, Adrienne M; Skrepnek, Grant H

    2013-01-01

    Community pharmacies have been subject to intense and increasing competition in the past several decades. To determine the security price risk and rate of return of publicly traded pharmacy corporations present on the major U.S. stock exchanges from 1930 to 2009. The Center of Research in Security Prices (CRSP) database was used to examine monthly security-level stock market prices in this observational retrospective study. The primary outcome of interest was the equity risk premium, with analyses focusing upon financial metrics associated with risk and return based upon modern portfolio theory (MPT) including: abnormal returns (i.e., alpha), volatility (i.e., beta), and percentage of returns explained (i.e., adjusted R(2)). Three equilibrium models were estimated using random-effects generalized least squares (GLS): 1) the Capital Asset Pricing Model (CAPM); 2) Fama-French Three-Factor Model; and 3) Carhart Four-Factor Model. Seventy-five companies were examined from 1930 to 2009, with overall adjusted R(2) values ranging from 0.13 with the CAPM to 0.16 with the Four-Factor model. Alpha was not significant within any of the equilibrium models across the entire 80-year time period, though was found from 1999 to 2009 in the Three- and Four-Factor models to be associated with a large, significant, and negative risk-adjusted abnormal returns of -33.84%. Volatility varied across specific time periods based upon the financial model employed. This investigation of risk and return within publicly listed pharmacy corporations from 1930 to 2009 found that substantial losses were incurred particularly from 1999 to 2009, with risk-adjusted security valuations decreasing by one-third. Copyright © 2013 Elsevier Inc. All rights reserved.

  8. A 3S Risk ?3SR? Assessment Approach for Nuclear Power: Safety Security and Safeguards.

    Energy Technology Data Exchange (ETDEWEB)

    Forrest, Robert; Reinhardt, Jason Christian; Wheeler, Timothy A.; Williams, Adam David

    2017-11-01

    Safety-focused risk analysis and assessment approaches struggle to adequately include malicious, deliberate acts against the nuclear power industry's fissile and waste material, infrastructure, and facilities. Further, existing methods do not adequately address non- proliferation issues. Treating safety, security, and safeguards concerns independently is inefficient because, at best, it may not take explicit advantage of measures that provide benefits against multiple risk domains, and, at worst, it may lead to implementations that increase overall risk due to incompatibilities. What is needed is an integrated safety, security and safeguards risk (or "3SR") framework for describing and assessing nuclear power risks that can enable direct trade-offs and interactions in order to inform risk management processes -- a potential paradigm shift in risk analysis and management. These proceedings of the Sandia ePRA Workshop (held August 22-23, 2017) are an attempt to begin the discussions and deliberations to extend and augment safety focused risk assessment approaches to include security concerns and begin moving towards a 3S Risk approach. Safeguards concerns were not included in this initial workshop and are left to future efforts. This workshop focused on four themes in order to begin building out a the safety and security portions of the 3S Risk toolkit: 1. Historical Approaches and Tools 2. Current Challenges 3. Modern Approaches 4. Paths Forward and Next Steps This report is organized along the four areas described above, and concludes with a summary of key points. 2 Contact: rforres@sandia.gov; +1 (925) 294-2728

  9. Design concept of CSRAS (Cyber Security Risk Analysis and Assessment System) for digital I and C systems

    International Nuclear Information System (INIS)

    Song, J. G.; Lee, J. W.; Lee, D. Y.; Lee, C. K.

    2012-01-01

    The instrumentation and control (I and C) systems in nuclear power plants (NPPs) have been digitalized recently. Hence, cyber security becomes an important feature to be incorporated into the I and C systems. The Regulatory Guide 5.71 published by U.C NRC in 2010 presents a comprehensive set of security controls for the cyber security of I and C systems in NPPs. However, the application of security controls specified in the RG 5.71 in a specific I and C system still requires many analysis efforts based on the understanding of the security controls, since the guideline does not provide the details to system designers or developers regarding what, where, and how to apply the security controls. To apply security controls to I and C systems, cyber security requirements should be identified based on the cyber security policy and program, then the design and implementation of security controls should be performed along with the I and C system development life cycle. It can be assumed that cyber security requirements are identified during the system design(SD) phase and the design and implementation of security controls is performed during the component design(CD) phase. When identifying security requirements and performing the design and implementation of security controls, cyber security risk assessments should be processed with the understanding of the characteristics of target systems. In this study, the Cyber Security Risk Analysis and Assessment System (CSRAS) has been developed as a tool for analyzing security requirements and technical security controls considering based on a general cyber security risk assessment procedure with the consideration of the characteristics of I and C systems and the development phases

  10. Design concept of CSRAS (Cyber Security Risk Analysis and Assessment System) for digital I and C systems

    Energy Technology Data Exchange (ETDEWEB)

    Song, J. G.; Lee, J. W.; Lee, D. Y.; Lee, C. K. [KAERI, Daejeon (Korea, Republic of)

    2012-10-15

    The instrumentation and control (I and C) systems in nuclear power plants (NPPs) have been digitalized recently. Hence, cyber security becomes an important feature to be incorporated into the I and C systems. The Regulatory Guide 5.71 published by U.C NRC in 2010 presents a comprehensive set of security controls for the cyber security of I and C systems in NPPs. However, the application of security controls specified in the RG 5.71 in a specific I and C system still requires many analysis efforts based on the understanding of the security controls, since the guideline does not provide the details to system designers or developers regarding what, where, and how to apply the security controls. To apply security controls to I and C systems, cyber security requirements should be identified based on the cyber security policy and program, then the design and implementation of security controls should be performed along with the I and C system development life cycle. It can be assumed that cyber security requirements are identified during the system design(SD) phase and the design and implementation of security controls is performed during the component design(CD) phase. When identifying security requirements and performing the design and implementation of security controls, cyber security risk assessments should be processed with the understanding of the characteristics of target systems. In this study, the Cyber Security Risk Analysis and Assessment System (CSRAS) has been developed as a tool for analyzing security requirements and technical security controls considering based on a general cyber security risk assessment procedure with the consideration of the characteristics of I and C systems and the development phases.

  11. A hybridised variable neighbourhood tabu search heuristic to increase security in a utility network

    International Nuclear Information System (INIS)

    Janssens, Jochen; Talarico, Luca; Sörensen, Kenneth

    2016-01-01

    We propose a decision model aimed at increasing security in a utility network (e.g., electricity, gas, water or communication network). The network is modelled as a graph, the edges of which are unreliable. We assume that all edges (e.g., pipes, cables) have a certain, not necessarily equal, probability of failure, which can be reduced by selecting edge-specific security strategies. We develop a mathematical programming model and a metaheuristic approach that uses a greedy random adaptive search procedure to find an initial solution and uses tabu search hybridised with iterated local search and a variable neighbourhood descend heuristic to improve this solution. The main goal is to reduce the risk of service failure between an origin and a destination node by selecting the right combination of security measures for each network edge given a limited security budget. - Highlights: • A decision model aimed at increasing security in a utility network is proposed. • The goal is to reduce the risk of service failure given a limited security budget. • An exact approach and a variable neighbourhood tabu search heuristic are developed. • A generator for realistic networks is built and used to test the solution methods. • The hybridised heuristic reduces the total risk on average with 32%.

  12. Threats and risks to information security: a practical analysis of free access wireless networks

    Science.gov (United States)

    Quirumbay, Daniel I.; Coronel, Iván. A.; Bayas, Marcia M.; Rovira, Ronald H.; Gromaszek, Konrad; Tleshova, Akmaral; Kozbekova, Ainur

    2017-08-01

    Nowadays, there is an ever-growing need to investigate, consult and communicate through the internet. This need leads to the intensification of free access to the web in strategic and functional points for the benefit of the community. However, this open access is also related to the increase of information insecurity. The existing works on computer security primarily focus on the development of techniques to reduce cyber-attacks. However, these approaches do not address the sector of inexperienced users who have difficulty understanding browser settings. Two methods can solve this problem: first the development of friendly browsers with intuitive setups for new users and on the other hand, by implementing awareness programs on essential security without deepening on technical information. This article addresses an analysis of the vulnerabilities of wireless equipment that provides internet service in the open access zones and the potential risks that could be found when using these means.

  13. Internet security technologies

    CERN Multimedia

    CERN. Geneva

    2003-01-01

    The three pillars of Internet Security are Infrastructure, Applications and People. In this series of lectures we will examine those three pillars and how vital it is for individuals to understand the vulnerabilities of this technology so they can made informed decisions about risks and how they can reduce those risks for themselves and their colleagues.First we will focus on the infrastructure: network; servers; operating systems and all those things that are mostly invisible. Moving up a level, into the visible realm, we discuss the application and see things like buffer overflows, viruses and how as application developers and users we can protect ourselves. Finally, it's all about people. The strongest security technology in the world is easily defeated if people don't understand their role in the whole system.

  14. Security Risks and Protection in Online Learning: A Survey

    Science.gov (United States)

    Chen, Yong; He, Wu

    2013-01-01

    This paper describes a survey of online learning which attempts to determine online learning providers' awareness of potential security risks and the protection measures that will diminish them. The authors use a combination of two methods: blog mining and a traditional literature search. The findings indicate that, while scholars have…

  15. A Risk Management Process for Consumers: The Next Step in Information Security

    NARCIS (Netherlands)

    van Cleeff, A.

    2010-01-01

    Simply by using information technology, consumers expose themselves to considerable security risks. Because no technical or legal solutions are readily available, and awareness programs have limited impact, the only remedy is to develop a risk management process for consumers. Consumers need to

  16. Development of Risk Assessment Methodology for State's Nuclear Security Regime

    International Nuclear Information System (INIS)

    Jang, Sung Soon; Seo, Hyung Min; Lee, Jung Ho; Kwak, Sung Woo

    2011-01-01

    Threats of nuclear terrorism are increasing after 9/11 terrorist attack. Treats include nuclear explosive device (NED) made by terrorist groups, radiological damage caused by a sabotage aiming nuclear facilities, and radiological dispersion device (RDD), which is also called 'dirty bomb'. In 9/11, Al Qaeda planed to cause radiological consequences by the crash of a nuclear power plant and the captured airplane. The evidence of a dirty bomb experiment was found in Afganistan by the UK intelligence agency. Thus, the international communities including the IAEA work substantial efforts. The leaders of 47 nations attended the 2010 nuclear security summit hosted by President Obama, while the next global nuclear summit will be held in Seoul, 2012. Most states established and are maintaining state's nuclear security regime because of the increasing threat and the international obligations. However, each state's nuclear security regime is different and depends on the state's environment. The methodology for the assessment of state's nuclear security regime is necessary to design and implement an efficient nuclear security regime, and to figure out weak points. The IAEA's INPRO project suggests a checklist method for State's nuclear security regime. The IAEA is now researching more quantitative methods cooperatively with several countries including Korea. In this abstract, methodologies to evaluate state's nuclear security regime by risk assessment are addressed

  17. Integrating Security Risk Management into Business Process Management for the Cloud

    OpenAIRE

    Goettelmann , Elio; Mayer , Nicolas; Godart , Claude

    2014-01-01

    International audience; Security issues are still preventing wider adoption of cloud computing, especially for businesses which are handling sensitive information. Indeed, by outsourcing its information system (IS), a company can lose control over its infrastructure, its software or even its data. Therefore, new methods and tools need to be defined to respond to this challenge. In this paper we propose to integrate Security Risk Management approaches into Business Process Management to effect...

  18. Statistical security for Social Security.

    Science.gov (United States)

    Soneji, Samir; King, Gary

    2012-08-01

    The financial viability of Social Security, the single largest U.S. government program, depends on accurate forecasts of the solvency of its intergenerational trust fund. We begin by detailing information necessary for replicating the Social Security Administration's (SSA's) forecasting procedures, which until now has been unavailable in the public domain. We then offer a way to improve the quality of these procedures via age- and sex-specific mortality forecasts. The most recent SSA mortality forecasts were based on the best available technology at the time, which was a combination of linear extrapolation and qualitative judgments. Unfortunately, linear extrapolation excludes known risk factors and is inconsistent with long-standing demographic patterns, such as the smoothness of age profiles. Modern statistical methods typically outperform even the best qualitative judgments in these contexts. We show how to use such methods, enabling researchers to forecast using far more information, such as the known risk factors of smoking and obesity and known demographic patterns. Including this extra information makes a substantial difference. For example, by improving only mortality forecasting methods, we predict three fewer years of net surplus, $730 billion less in Social Security Trust Funds, and program costs that are 0.66% greater for projected taxable payroll by 2031 compared with SSA projections. More important than specific numerical estimates are the advantages of transparency, replicability, reduction of uncertainty, and what may be the resulting lower vulnerability to the politicization of program forecasts. In addition, by offering with this article software and detailed replication information, we hope to marshal the efforts of the research community to include ever more informative inputs and to continue to reduce uncertainties in Social Security forecasts.

  19. Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

    OpenAIRE

    Chockalingam, Sabarathinam; Hadziosmanovic, Dina; Pieters, Wolter; Teixeira, Andre; van Gelder, Pieter

    2017-01-01

    Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However, an overarching overview of these methods, systematizing the characteristics of such methods, is missing. In this paper, we conduct a systematic l...

  20. L-Band Digital Aeronautical Communications System Engineering - Initial Safety and Security Risk Assessment and Mitigation

    Science.gov (United States)

    Zelkin, Natalie; Henriksen, Stephen

    2011-01-01

    This document is being provided as part of ITT's NASA Glenn Research Center Aerospace Communication Systems Technical Support (ACSTS) contract NNC05CA85C, Task 7: "New ATM Requirements--Future Communications, C-Band and L-Band Communications Standard Development." ITT has completed a safety hazard analysis providing a preliminary safety assessment for the proposed L-band (960 to 1164 MHz) terrestrial en route communications system. The assessment was performed following the guidelines outlined in the Federal Aviation Administration Safety Risk Management Guidance for System Acquisitions document. The safety analysis did not identify any hazards with an unacceptable risk, though a number of hazards with a medium risk were documented. This effort represents a preliminary safety hazard analysis and notes the triggers for risk reassessment. A detailed safety hazards analysis is recommended as a follow-on activity to assess particular components of the L-band communication system after the technology is chosen and system rollout timing is determined. The security risk analysis resulted in identifying main security threats to the proposed system as well as noting additional threats recommended for a future security analysis conducted at a later stage in the system development process. The document discusses various security controls, including those suggested in the COCR Version 2.0.

  1. Security risks in nuclear waste management: Exceptionalism, opaqueness and vulnerability.

    Science.gov (United States)

    Vander Beken, Tom; Dorn, Nicholas; Van Daele, Stijn

    2010-01-01

    This paper analyses some potential security risks, concerning terrorism or more mundane forms of crime, such as fraud, in management of nuclear waste using a PEST scan (of political, economic, social and technical issues) and some insights of criminologists on crime prevention. Nuclear waste arises as spent fuel from ongoing energy generation or other nuclear operations, operational contamination or emissions, and decommissioning of obsolescent facilities. In international and EU political contexts, nuclear waste management is a sensitive issue, regulated specifically as part of the nuclear industry as well as in terms of hazardous waste policies. The industry involves state, commercial and mixed public-private bodies. The social and cultural dimensions--risk, uncertainty, and future generations--resonate more deeply here than in any other aspect of waste management. The paper argues that certain tendencies in regulation of the industry, claimed to be justified on security grounds, are decreasing transparency and veracity of reporting, opening up invisible spaces for management frauds, and in doing allowing a culture of impunity in which more serious criminal or terrorist risks could arise. What is needed is analysis of this 'exceptional' industry in terms of the normal cannons of risk assessment - a task that this paper begins. Copyright 2009 Elsevier Ltd. All rights reserved.

  2. Safety and security in transportation of radioactive material- the perception of risk

    Energy Technology Data Exchange (ETDEWEB)

    Ericsson, A.M.; Jaernry, C. [AMC Konsult AB, Bromma (Sweden)

    2004-07-01

    Since the event of September 11, 2001, the way most people look at transportation risk has changed. There is now a lot more focusing on the security concerns related to the transportation of radioactive material. Most people are now more concerned about the risk of terrorist actions or sabotage than of accidents. This is probably due to the fact that the safety record for transportation of radioactive material has so far been very good and that most people experience terrorism and sabotage more scaring and less controllable than general accidents. This paper will compare the safety and the security regulations and discuss synergies and contradictions between the sets of regulations.

  3. Safety and security in transportation of radioactive material- the perception of risk

    International Nuclear Information System (INIS)

    Ericsson, A.M.; Jaernry, C.

    2004-01-01

    Since the event of September 11, 2001, the way most people look at transportation risk has changed. There is now a lot more focusing on the security concerns related to the transportation of radioactive material. Most people are now more concerned about the risk of terrorist actions or sabotage than of accidents. This is probably due to the fact that the safety record for transportation of radioactive material has so far been very good and that most people experience terrorism and sabotage more scaring and less controllable than general accidents. This paper will compare the safety and the security regulations and discuss synergies and contradictions between the sets of regulations

  4. Risk, security and technology: governing football supporters in the twenty-first century

    NARCIS (Netherlands)

    Spaaij, R.

    2013-01-01

    This paper critically examines the security and risk management technologies that are being used to conduct and pre-empt the behaviour of football supporters. It is shown how, in the Netherlands, pre-emptive risk management in the governing of football supporters involves a dispersed and fragmented

  5. Optimisation of the securities portfolio as a part of the risk management process

    Directory of Open Access Journals (Sweden)

    Srečko Devjak

    2004-01-01

    Full Text Available Securities of Slovene companies are listed at the Ljubljana Stock Exchange. Market capitalisation at the Ljubljana Stock Exchange has been growing since 1996 due to new listings of equities. On the basis of financial data time series for listed equities, the financial investor can calculate a risk for each individual security with a selected risk measure and can determine an optimal portfolio, subject to selected constraints. In this paper, we shall consequently determine an optimal portfolio of equities for the financial investor, investing his assets only in selected equities listed at the Ljubljana Stock Exchange. Selecting an appropriate risk measure is especially important for a commercial bank in a risk management process. Commercial banks can use internal models in the risk management process and for the purpose of capital charges as well. An optimal portfolio will be calculated, using a non-linear mathematical model.

  6. Assessing Community Readiness to Reduce Childhood Diarrheal Disease and Improve Food Security in Dioro, Mali

    Directory of Open Access Journals (Sweden)

    Erica C. Borresen

    2016-06-01

    Full Text Available Diarrhea and malnutrition represent leading causes of death for children in Mali. Understanding a community’s needs and ideas are critical to ensure the success of prevention and treatment interventions for diarrheal disease, as well as to improve food security to help reduce malnutrition. The objective of this study was to incorporate the Community Readiness Model (CRM for the issues of childhood diarrheal disease and food security in Mali to measure baseline community readiness prior to any program implementation. Thirteen key respondents residing in Dioro, Mali were selected based on varied social roles and demographics and completed two questionnaires on these public health issues. The overall readiness score to reduce childhood diarrheal disease was 5.75 ± 1.0 standard deviation (preparation stage. The overall readiness score to improve food security was 5.5 ± 0.5 standard deviation (preparation stage. The preparation stage indicates that at least some of the community have basic knowledge regarding these issues, and want to act locally to reduce childhood diarrhea and improve food security and nutrition. Proposed activities to increase community readiness on these issues are provided and are broad enough to allow opportunities to implement community- and culturally-specific activities by the Dioro community.

  7. Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education.

    Science.gov (United States)

    Henriksen, Eva; Burkow, Tatjana M; Johnsen, Elin; Vognild, Lars K

    2013-08-09

    Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient's TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform. Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO's standard for information security risk management. A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring. Most of the identified threats are applicable for healthcare services intended for patients or citizens in their own homes. Confidentiality

  8. Financial Risk Ratios and Earnings Management: Reducing Uncertainties in Shariah-compliant Companies

    Directory of Open Access Journals (Sweden)

    Soheil Kazemian

    2018-01-01

    Full Text Available This study examines whether Shariah-compliant companies practice earnings management by investigating the relationship among the risk of financial distress, leverage, and free cash flow in discretionary accruals, which function as a substitute for earnings management. This empirical research is conducted on a sample of Malaysian Shariah-compliant companies from all industries in Bursa Malaysia from 2012 to 2014. Results show that Shariah-compliant companies are highly influenced by the risk of financial distress, leverage, and free cash flow. This study argues that working as either Shariah-compliant or non-Shariah-compliant does not affect the level of earnings management through financial distress, high leverage, and free cash flow by managers. Results should be of interest to stakeholders, shareholders, and regulatory bodies (i.e., the Shariah Advisory Council and the Securities Commission that oversee the accountability of corporate financial reporting to prevent earnings management in Shariah-compliant companies. Findings can also aid relevant authorities (i.e., the Shariah Advisory Council and the Security Commission in Malaysia in overcoming or reducing problems related to earnings management. This study is one of the most significant works in Malaysia in terms of sample size and methodology. It argues that the three elements of earnings management (i.e., financial distress, high leverage, and free cash flow influence better disclosure of reported earnings.

  9. Analyzing State Security Risks in South China Sea Conflict

    Directory of Open Access Journals (Sweden)

    Дмитрий Владимирович Пивоваров

    2009-09-01

    Full Text Available The article is devoted to the regional security issues in South East Asia. The author analyses the international relations that go closely to the foreign policy and foreign policy strategy problems. The author proposes risk analysis as a new and promising method in political science to generate foreign policy plans and analyze international conflicts and problems.

  10. Managing climatic risks for enhanced food security: Key information capabilities

    NARCIS (Netherlands)

    Balaghi, R.; Badjeck, M.C.; Bakari, D.; Pauw, de E.D.; Wit, de A.J.W.; Defourny, P.; Donato, S.; Gommes, R.; Jlibene, M.; Ravelo, A.C.; Sivakumar, M.V.K.; Telahigue, N.; Tychon, B.

    2010-01-01

    Food security is expected to face increasing challenges from climatic risks that are more and more exacerbated by climate change, especially in the developing world. This document lists some of the main capabilities that have been recently developed, especially in the area of operational

  11. Effectiveness of Taxicab Security Equipment in Reducing Driver Homicide Rates

    Science.gov (United States)

    Menéndez, Cammie K.C.; Amandus, Harlan E.; Damadi, Parisa; Wu, Nan; Konda, Srinivas; Hendricks, Scott A.

    2015-01-01

    Background Taxicab drivers historically have had one of the highest work-related homicide rates of any occupation. In 2010 the taxicab driver homicide rate was 7.4 per 100,000 drivers, compared to the overall rate of 0.37 per 100,000 workers. Purpose Evaluate the effectiveness of taxicab security cameras and partitions on citywide taxicab driver homicide rates. Methods Taxicab driver homicide rates were compared in 26 major cities in the U.S. licensing taxicabs with security cameras (n=8); bullet-resistant partitions (n=7); and cities where taxicabs were not equipped with either security cameras or partitions (n=11). News clippings of taxicab driver homicides and the number of licensed taxicabs by city were used to construct taxicab driver homicide rates spanning 15 years (1996–2010). Generalized estimating equations were constructed to model the Poisson-distributed homicide rates on city-specific safety equipment installation status, controlling for city homicide rate and the concurrent decline of homicide rates over time. Data were analyzed in 2012. Results Cities with cameras experienced a threefold reduction in taxicab driver homicides compared with control cities (RR=0.27; 95% CI=0.12, 0.61; p=0.002). There was no difference in homicide rates for cities with partitions compared with control cities (RR=1.15; 95% CI=0.80, 1.64; p=0.575). Conclusions Municipal ordinances and company policies mandating security cameras appear to be highly effective in reducing taxicab driver deaths due to workplace violence. PMID:23790983

  12. Managing Sensitive Information: DOD Can More Effectively Reduce the Risk of Classification Errors

    National Research Council Canada - National Science Library

    D'Agostino, Davi M; Borseth, Ann; Fenton, Mattias; Hatton, Adam; Hills, Barbara; Keefer, David; Mayfield, David; Reid, Jim; Richardson, Terry; Schwartz, Marc

    2006-01-01

    ...) information security program are increasing the risk of misclassification. DoD's information security program is decentralized to the DoD component level, and the Office of the Under Secretary of Defense for Intelligence (OUSD...

  13. 21st Century Security Manager

    OpenAIRE

    Stelian ARION

    2010-01-01

    We live in world of uncertainty that generates major paradigms changing that affect security risk management. Modern organization’s security risks management can’t be done without a profound knowlegde and daily practice for security governance, security risk management and resilience. 21st Century security manager need to deal with several areas of konwledge in order to succesfully manage security risks. The document presents the advantages, disadvantages and challenges for security managers ...

  14. Risk Reducing Effect of AIS Implementation on Collision Risk

    DEFF Research Database (Denmark)

    Lützen, Marie; Friis-Hansen, Peter

    2003-01-01

    AIS (Automatic Identification System) is a transponder system developed for sea traffic purposes. The system sends and receives important ship information and other safety-related information between other ships and shore-based AIS stations. The implementation of AIS has now been initiated and......, as a result, the community will undoubtedly observe an increase in navigational safety. However, to the authors? knowledge, no study has so far rigorously quantified the risk reducing effect of using AIS as an integrated part of the navigational system. The objective of this study is to fill this gap....... The risk reducing effect of AIS is quantified by building a Bayesian network facilitating an evaluation of the effect of AIS on the navigational officer?s reaction ability in a potential, critical collision situation. The time-dependent change in the risk reducing effect on ship collisions is analysed...

  15. Solution of resource allocation problem for identification of cost-effective measures to reduce nuclear proliferation risks

    International Nuclear Information System (INIS)

    Andrianov, A.; Kuptsov, I.

    2013-01-01

    This report presents a methodology of selection of cost-effective measures to reduce nuclear proliferation risks. The methodology relies on a graded security model used in practice in different applications. The method is based on the controlled finite Markov chain approach set in combination with discrete dynamic programming and MCDM (Multi Criteria Decision Making) techniques that enables the expert to select the cost-effective measures to reduce nuclear proliferation risks depending on availability of resources. The analysis performed with different number of possible measures confirms the conclusions that the implementation of extra-large costs may not produce the required effect, and the increase in resources above a certain level does not appear sensitive. Diversification in improving the effectiveness of other measures seems more rational and efficient for the whole system than the unlimited improvement of the effectiveness of only one measure

  16. Solution of resource allocation problem for identification of cost-effective measures to reduce nuclear proliferation risks

    Energy Technology Data Exchange (ETDEWEB)

    Andrianov, A.; Kuptsov, I. [Obninsk Institute for Nuclear Power Engineering, Studgorodok 1, Obninsk, Kaluga region 249030 (Russian Federation)

    2013-07-01

    This report presents a methodology of selection of cost-effective measures to reduce nuclear proliferation risks. The methodology relies on a graded security model used in practice in different applications. The method is based on the controlled finite Markov chain approach set in combination with discrete dynamic programming and MCDM (Multi Criteria Decision Making) techniques that enables the expert to select the cost-effective measures to reduce nuclear proliferation risks depending on availability of resources. The analysis performed with different number of possible measures confirms the conclusions that the implementation of extra-large costs may not produce the required effect, and the increase in resources above a certain level does not appear sensitive. Diversification in improving the effectiveness of other measures seems more rational and efficient for the whole system than the unlimited improvement of the effectiveness of only one measure.

  17. The Risks of Strategic Decisions in the Sphere of Financial and Economic Security of Public-Private Partnership

    Directory of Open Access Journals (Sweden)

    Solodovnik Olesia O.

    2017-06-01

    Full Text Available The article is aimed at studying and substantiating the theoretical and methodological aspects of development, analysis and assessment of strategic decisions in the sphere of financial and economic security of public-private partnership (PPP in the context of the risks of their implementation. A study on the essence and characteristics of strategic decisions in the sphere of financial and economic security of PPP has led to the conclusion that each such decision should be considered and assessed in the context of the risks of its implementation, and the risk theory could be seen as the scientific basis for defining strategic alternatives and developing a criteria base for assessing them. The article proposes a list and systematization of the PPP risks that allow to: itemize the risks to the external and internal environment of PPP and to identify the prerequisites and sources of threats to the financial and economic interests of parties to the partnership; analyze and evaluate the strategic alternatives for risk distribution among partners in the context of implications for financial and economic security of PPP; determine the risks of achieving the objectives of the strategy for financial and economic security of PPP and to evaluate alternative strategies in terms of partners; account the potential occurrence and development of systemic risks and threats to the financial and economic security of PPP, as well as the use of complementary protective mechanisms; evaluate the results of a strategy to protect the financial and economic interests of parties to the PPP.

  18. Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

    NARCIS (Netherlands)

    Chockalingam, Sabarathinam; Hadziosmanovic, D.; Pieters, Wolter; Texeira, Andre; van Gelder, Pieter

    2016-01-01

    Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by

  19. Examination of the Current Approaches to State-Level Nuclear Security Evaluation

    International Nuclear Information System (INIS)

    Kim, Chan; Yim, Mansung; Kim, So Young

    2014-01-01

    An effective global nuclear materials security system will cover all materials, employ international standards and best practices, and reduce risks by reducing weapons-usable nuclear material stocks and the number of locations where they are found. Such a system must also encourage states to accept peer reviews by outside experts in order to demonstrate that effective security is in place. It is thus critically important to create an integrative framework of state-level evaluation of nuclear security as a basis for measuring the level and progress of international effort to secure and control all nuclear materials. There have been studies to represent state-level nuclear security with a quantitative metric. A prime example is the Nuclear Materials Security Index (NMSI) by the Nuclear Threat Initiative (NTI). Another comprehensive study is the State Level Risk Metric by Texas A and M University (TAMU). This paper examines the current methods with respect to their strengths and weaknesses and identifies the directions for future research to improve upon the existing approaches

  20. Reducing food wastage, improving food security? An inventory study on stakeholders’ perspectives and the current state

    NARCIS (Netherlands)

    Tielens, J.; Candel, J.J.L.

    2014-01-01

    This study is concerned with the relation between food wastage reduction and the improvement of food security. The central question of this inventory study is to what extent interventions to reduce food wastage are effective contributions for food security, in particular for local access in

  1. A cyber security risk assessment for the design of I and C system in nuclear power plants

    International Nuclear Information System (INIS)

    Song, Jae Gu; Lee, Jung Woon; Lee, Cheal Kwon; Kwon, Kee Choon; Lee, Dong Young

    2012-01-01

    The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the life cycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

  2. A cyber security risk assessment for the design of I and C system in nuclear power plants

    Energy Technology Data Exchange (ETDEWEB)

    Song, Jae Gu; Lee, Jung Woon; Lee, Cheal Kwon; Kwon, Kee Choon; Lee, Dong Young [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2012-12-15

    The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the life cycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

  3. Security Events and Vulnerability Data for Cybersecurity Risk Estimation.

    Science.gov (United States)

    Allodi, Luca; Massacci, Fabio

    2017-08-01

    Current industry standards for estimating cybersecurity risk are based on qualitative risk matrices as opposed to quantitative risk estimates. In contrast, risk assessment in most other industry sectors aims at deriving quantitative risk estimations (e.g., Basel II in Finance). This article presents a model and methodology to leverage on the large amount of data available from the IT infrastructure of an organization's security operation center to quantitatively estimate the probability of attack. Our methodology specifically addresses untargeted attacks delivered by automatic tools that make up the vast majority of attacks in the wild against users and organizations. We consider two-stage attacks whereby the attacker first breaches an Internet-facing system, and then escalates the attack to internal systems by exploiting local vulnerabilities in the target. Our methodology factors in the power of the attacker as the number of "weaponized" vulnerabilities he/she can exploit, and can be adjusted to match the risk appetite of the organization. We illustrate our methodology by using data from a large financial institution, and discuss the significant mismatch between traditional qualitative risk assessments and our quantitative approach. © 2017 Society for Risk Analysis.

  4. Improving performance of HVAC systems to reduce exposure to aerosolized infectious agents in buildings; recommendations to reduce risks posed by biological attacks.

    Science.gov (United States)

    Hitchcock, Penny J; Mair, Michael; Inglesby, Thomas V; Gross, Jonathan; Henderson, D A; O'Toole, Tara; Ahern-Seronde, Joa; Bahnfleth, William P; Brennan, Terry; Burroughs, H E Barney; Davidson, Cliff; Delp, William; Ensor, David S; Gomory, Ralph; Olsiewski, Paula; Samet, Jonathan M; Smith, William M; Streifel, Andrew J; White, Ronald H; Woods, James E

    2006-01-01

    The prospect of biological attacks is a growing strategic threat. Covert aerosol attacks inside a building are of particular concern. In the summer of 2005, the Center for Biosecurity of the University of Pittsburgh Medical Center convened a Working Group to determine what steps could be taken to reduce the risk of exposure of building occupants after an aerosol release of a biological weapon. The Working Group was composed of subject matter experts in air filtration, building ventilation and pressurization, air conditioning and air distribution, biosecurity, building design and operation, building decontamination and restoration, economics, medicine, public health, and public policy. The group focused on functions of the heating, ventilation, and air conditioning systems in commercial or public buildings that could reduce the risk of exposure to deleterious aerosols following biological attacks. The Working Group's recommendations for building owners are based on the use of currently available, off-the-shelf technologies. These recommendations are modest in expense and could be implemented immediately. It is also the Working Group's judgment that the commitment and stewardship of a lead government agency is essential to secure the necessary financial and human resources and to plan and build a comprehensive, effective program to reduce exposure to aerosolized infectious agents in buildings.

  5. Risk reducation of nuclear energy and its role in energy mix

    International Nuclear Information System (INIS)

    Tanaka, Satoru

    2013-01-01

    This article was newly written for useful discussion on energy policy based on the lecture at the Japan Science Council symposium 'How to amend energy policy after the Fukushima nuclear accident' held in July 2012. Basic standpoints of energy policy and positioning of nuclear power according to the 2010 energy basic program were reviewed. Nuclear power capacity was expected to increase from 49.5 GWe in 2007 to 68 GWe in 2030 to assure energy security. The accident forced energy policy to be amended starting with nuclear power zero base. The accident actualized the safety risks of nuclear power utilization, which were discussed from fragilities of three areas: (1) design basis, (2) emergency preparedness/response and (3) regulation system. Concrete measures to reduce risks of nuclear disaster were proposed. Role and responsibility of scientists was commented. Trend of energy policy based on basic philosophy selection for three scenarios in 2030 at the lecture time was confirmed and significance of nuclear power utilization was summarized from many-sided view points. (T. Tanaka)

  6. Carboy Security Risk Analysis Model of I and C System Using Bayesian Network

    Energy Technology Data Exchange (ETDEWEB)

    Shin, Jinsoo; Heo, Gyunyoung [Kyung Hee Univ., Yongin (Korea, Republic of); Son, Hanseong [Joongbu Univ., Geumsan (Korea, Republic of); Park, Jaekwan [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2013-05-15

    The Korea Institute of Nuclear Safety (KINS) as a regulatory agency declares the R. G 8.22 for applying cyber security in Korea in 2011. In nuclear power industrial, ShinUljin 1, 2 unit and Shingori 3, 4 unit are demonstrating the cyber security for the first time. And in terms of research, the National Security Research Institute and the Korea Atomic Energy Research Institute are developing the nuclear power plant cyber security system in Korean. Currently, these cyber securities like regulation, demonstration and research are focused on nuclear power plant. However, cyber security is also important for the nuclear research reactor like a HANARO which is in Daejeon, primarily due to its characteristic as research reactor since since people access more than power plant. Analysis of the key elements of cyber security is possible to study through the activity-quality and architecture analysis model of cyber security. It is possible to analyze the extent reflected final risk by evaluating input score for each checklist. In this way, you can see an important checklist. Further, if the cyber-attack occurs, it is possible to provide an evidentiary material that is able to determine the key check element corresponding to each situation via a reverse calculation of BN. Finally, Utilization is possible to create a simulated penetratio test scenario according to each situation. Analysis of the key elements of cyber security is possible to study through the activity-quality and architecture analysis model of cyber security. It is possible to analyze the extent reflected in the final risk by evaluating input score for each checklist, in this way, you can see an important checklist. Furthermore, if the cyber-attack occurs, it is possible to provide an evidentiary material that enables to determine the key check element corresponding to each situation via a reverse calculation of BN. Finally, Utilization is possible to create a simulated penetration test scenario according to

  7. Carboy Security Risk Analysis Model of I and C System Using Bayesian Network

    International Nuclear Information System (INIS)

    Shin, Jinsoo; Heo, Gyunyoung; Son, Hanseong; Park, Jaekwan

    2013-01-01

    The Korea Institute of Nuclear Safety (KINS) as a regulatory agency declares the R. G 8.22 for applying cyber security in Korea in 2011. In nuclear power industrial, ShinUljin 1, 2 unit and Shingori 3, 4 unit are demonstrating the cyber security for the first time. And in terms of research, the National Security Research Institute and the Korea Atomic Energy Research Institute are developing the nuclear power plant cyber security system in Korean. Currently, these cyber securities like regulation, demonstration and research are focused on nuclear power plant. However, cyber security is also important for the nuclear research reactor like a HANARO which is in Daejeon, primarily due to its characteristic as research reactor since since people access more than power plant. Analysis of the key elements of cyber security is possible to study through the activity-quality and architecture analysis model of cyber security. It is possible to analyze the extent reflected final risk by evaluating input score for each checklist. In this way, you can see an important checklist. Further, if the cyber-attack occurs, it is possible to provide an evidentiary material that is able to determine the key check element corresponding to each situation via a reverse calculation of BN. Finally, Utilization is possible to create a simulated penetratio test scenario according to each situation. Analysis of the key elements of cyber security is possible to study through the activity-quality and architecture analysis model of cyber security. It is possible to analyze the extent reflected in the final risk by evaluating input score for each checklist, in this way, you can see an important checklist. Furthermore, if the cyber-attack occurs, it is possible to provide an evidentiary material that enables to determine the key check element corresponding to each situation via a reverse calculation of BN. Finally, Utilization is possible to create a simulated penetration test scenario according to

  8. Environmental and climate security: improving scenario methodologies for science and risk assessment

    Science.gov (United States)

    Briggs, C. M.; Carlsen, H.

    2010-12-01

    Governments and popular discussions have increasingly referred to concepts of ‘climate security’, often with reference to IPCC data. Development of effective methodologies to translate complex, scientific data into risk assessments has lagged, resulting in overly simplistic political assumptions of potential impacts. Climate security scenarios have been developed for use by security and military agencies, but effective engagement by scientific communities requires an improved framework. Effective use of data requires improvement both of climate projections, and the mapping of cascading impacts across interlinked, complex systems. In this research we propose a process for systematic generation of subsets of scenarios (of arbitrary size) from a given set of variables with possible interlinkages. The variables could include climatic changes as well as other global changes of concerns in a security context. In coping with possible challenges associated with the nexus of climate change and security - where deep structural uncertainty and possible irreversible changes are of primary interest - it is important to explore the outer limits of the relevant uncertainties. Therefore the proposed process includes a novel method that will help scenario developers in generating scenario sets where the scenarios are in a quantifiable sense maximally different and therefore best ‘span’ the whole set of scenarios. When downscaled onto a regional level, this process can provide guidance to potentially significant and abrupt geophysical changes, where high uncertainty has often prevented communication of risks. Potential physical changes can then be used as starting points for mapping cascading effects across networks, including topological analysis to identify critically vulnerable nodes and fragile systems, the existence of positive or negative feedback loops, and possible intervention points. Advanced knowledge of both potential geo-physical shifts and related non

  9. 21st Century Security Manager

    Directory of Open Access Journals (Sweden)

    Stelian ARION

    2010-11-01

    Full Text Available We live in world of uncertainty that generates major paradigms changing that affect security risk management. Modern organization’s security risks management can’t be done without a profound knowlegde and daily practice for security governance, security risk management and resilience. 21st Century security manager need to deal with several areas of konwledge in order to succesfully manage security risks. The document presents the advantages, disadvantages and challenges for security managers thah have government backgroud, or IT security backgroud, or are promoted from organization’s inside leaders. There are six different areas of knowledge that successful security programs of the future must incorporate, either in the knowledge base of their leaders or in the collective knowledge of the leading staff. They are government elements, security organization, emerging issue awareness, IT security, business elements and executive leadership.

  10. Reducing the global threat of radiological terrorism in Central Asia and Caucus regions. The global threat reduction initiative approach to radioactive source security

    International Nuclear Information System (INIS)

    Smith, E.

    2010-01-01

    The security of radioactive sources is of worldwide concern, due to their wide use in civilian commerce and the potentially devastating effects of their misuse. In cooperation with host countries and international partners, the Global Threat Reduction Initiative has utilized a proven process for providing technical and financial assistance to protect radioactive sources in diverse uses and unique circumstances at hundreds of sites worldwide. The mission of the Department of Energy, National Nuclear Security Administration's program includes reducing the risk posed by vulnerable radiological materials that could be used in a Radioactive Dispersal Device). The program's objectives are to identify, consolidate, secure, and/or dispose of high-activity radiological materials to prevent their theft and malicious use. The Global Threat Reduction Initiative Program's scope is global, with projects in over 100 countries at more than 755 radiological sites, including industrial, medical and commercial facilities. In addition to working bilaterally, the Program works closely with the International Atomic Energy Agency (IAEA) and other partner countries. (author)

  11. A Risk-Sensitive Portfolio Optimization Problem with Fixed Incomes Securities

    OpenAIRE

    Goel, Mayank; Kumar, K. Suresh

    2007-01-01

    We discuss a class of risk-sensitive portfolio optimization problems. We consider the portfolio optimization model investigated by Nagai in 2003. The model by its nature can include fixed income securities as well in the portfolio. Under fairly general conditions, we prove the existence of optimal portfolio in both finite and infinite horizon problems.

  12. Information security risk management and incompatible parts of organization

    OpenAIRE

    Talabeigi, Elham; Naeeini, Seyyed Gholamreza Jalali

    2016-01-01

    Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in...

  13. The myth of secure computing.

    Science.gov (United States)

    Austin, Robert D; Darby, Christopher A

    2003-06-01

    Few senior executives pay a whole lot of attention to computer security. They either hand off responsibility to their technical people or bring in consultants. But given the stakes involved, an arm's-length approach is extremely unwise. According to industry estimates, security breaches affect 90% of all businesses every year and cost some $17 billion. Fortunately, the authors say, senior executives don't need to learn about the more arcane aspects of their company's IT systems in order to take a hands-on approach. Instead, they should focus on the familiar task of managing risk. Their role should be to assess the business value of their information assets, determine the likelihood that those assets will be compromised, and then tailor a set of risk abatement processes to their company's particular vulnerabilities. This approach, which views computer security as an operational rather than a technical challenge, is akin to a classic quality assurance program in that it attempts to avoid problems rather than fix them and involves all employees, not just IT staffers. The goal is not to make computer systems completely secure--that's impossible--but to reduce the business risk to an acceptable level. This article looks at the types of threats a company is apt to face. It also examines the processes a general manager should spearhead to lessen the likelihood of a successful attack. The authors recommend eight processes in all, ranging from deciding how much protection each digital asset deserves to insisting on secure software to rehearsing a response to a security breach. The important thing to realize, they emphasize, is that decisions about digital security are not much different from other cost-benefit decisions. The tools general managers bring to bear on other areas of the business are good models for what they need to do in this technical space.

  14. Risk Informed Approach for Nuclear Security Measures for Nuclear and Other Radioactive Material out of Regulatory Control. Implementing Guide

    International Nuclear Information System (INIS)

    2015-01-01

    This publication provides guidance to States for developing a risk informed approach and for conducting threat and risk assessments as the basis for the design and implementation of sustainable nuclear security systems and measures for prevention of, detection of, and response to criminal and intentional unauthorised acts involving nuclear and other radioactive material out of regulatory control. It describes concepts and methodologies for a risk informed approach, including identification and assessment of threats, targets, and potential consequences; threat and risk assessment methodologies, and the use of risk informed approaches as the basis for informing the development and implementation of nuclear security systems and measures. The publication is an Implementing Guide within the IAEA Nuclear Security Series and is intended for use by national policy makers, law enforcement agencies and experts from competent authorities and other relevant organizations involved in the establishment, implementation, maintenance or sustainability of nuclear security systems and measures related to nuclear and other radioactive material out of regulatory control

  15. Anticipating Interruptions. Security and risk in a liberalized electricity infrastructure

    Energy Technology Data Exchange (ETDEWEB)

    Silvast, A.

    2013-11-01

    During the past ten years, a number of social scientists have emphasized the importance of material infrastructures like electricity supply as a research topic for the social sciences. The developing of such new perspectives concerning infrastructures also includes uncertainties and risks. This research analyzes the management of uncertainties in the Finnish electricity infrastructure by posing the following research question: how are electricity interruptions, or blackouts, anticipated in Finland and how are these interruptions managed as risks? The main research methodology of the work is multi-sited field work. The empirical materials include interviews with experts and lay people (33 interviews); participant observation in two electricity control rooms; an electricity consumer survey (115 respondents); and also a number of infrastructure and security policy documents and observations from electricity security seminars. The materials were primarily gathered between 2004 and 2008. Social science research often links risks with major current social changes or socio-cultural risk perceptions. In recent international social science discussions, however, a new research topic has emerged - those styles of reasoning and techniques of governance that are deployed to manage risk as a practical matter. My study explores these themes empirically by focusing on the specific habitual practices of risk management in the Finnish electricity infrastructure. The work develops various also semi-ethnographic inquiries into infrastructure risk techniques like monitor screening of real-time risks in electricity control rooms; the management of risks in a liberalized electricity market; the emergence of Finnish reasoning about blackouts from a specific historical background; and the ways in which electricity consumers respond to blackouts in their homes. In addition, the work reflects upon the position of a risk researcher in those situations when the research subjects do not define

  16. Scenario-based approach to risk analysis in support of cyber security

    Energy Technology Data Exchange (ETDEWEB)

    Gertman, D. I.; Folkers, R.; Roberts, J. [Idaho National Laboratory, Roberts and Folkers Associates, LLC, Idaho Falls, ID 83404 (United States)

    2006-07-01

    The US infrastructure is continually challenged by hostile nation states and others who would do us harm. Cyber vulnerabilities and weaknesses are potential targets and are the result of years of construction and technological improvement in a world less concerned with security than is currently the case. As a result, cyber attack presents a class of challenges for which we are just beginning to prepare. What has been done in the nuclear, chemical and energy sectors as a means of anticipating and preparing for randomly occurring accidents and off-normal events is to develop scenarios as a means by which to prioritize and quantify risk and to take action. However, the number of scenarios risk analysts can develop is almost limitless. How do we ascertain which scenario has the greatest merit? One of the more important contributions of probabilistic risk analysis (PRA) has been to quantify the initiating event probability associated with various classes of accidents; and to quantify the occurrence of various conditions, i.e., end-states, as a function of these important accident sequences. Typically, various classes of conditions are represented by scenarios and are quantified in terms of cut sets and binned into end states. For example, the nuclear industry has a well-defined set of initiating events that are studied in assessing risk. The maturation of risk analysis for cyber security from accounting for barriers or looking at conditions statically to one of ascertaining the probability associated with certain events is, in part, dependent upon the adoption of a scenario-based approach. For example, scenarios take into account threats to personnel and public safety; economic damage, and compromises to major operational and safety functions. Scenarios reflect system, equipment, and component configurations as well as key human-system interactions related to event detection, diagnosis, mitigation and restoration of systems. As part of a cyber attack directed toward

  17. Scenario-based approach to risk analysis in support of cyber security

    International Nuclear Information System (INIS)

    Gertman, D. I.; Folkers, R.; Roberts, J.

    2006-01-01

    The US infrastructure is continually challenged by hostile nation states and others who would do us harm. Cyber vulnerabilities and weaknesses are potential targets and are the result of years of construction and technological improvement in a world less concerned with security than is currently the case. As a result, cyber attack presents a class of challenges for which we are just beginning to prepare. What has been done in the nuclear, chemical and energy sectors as a means of anticipating and preparing for randomly occurring accidents and off-normal events is to develop scenarios as a means by which to prioritize and quantify risk and to take action. However, the number of scenarios risk analysts can develop is almost limitless. How do we ascertain which scenario has the greatest merit? One of the more important contributions of probabilistic risk analysis (PRA) has been to quantify the initiating event probability associated with various classes of accidents; and to quantify the occurrence of various conditions, i.e., end-states, as a function of these important accident sequences. Typically, various classes of conditions are represented by scenarios and are quantified in terms of cut sets and binned into end states. For example, the nuclear industry has a well-defined set of initiating events that are studied in assessing risk. The maturation of risk analysis for cyber security from accounting for barriers or looking at conditions statically to one of ascertaining the probability associated with certain events is, in part, dependent upon the adoption of a scenario-based approach. For example, scenarios take into account threats to personnel and public safety; economic damage, and compromises to major operational and safety functions. Scenarios reflect system, equipment, and component configurations as well as key human-system interactions related to event detection, diagnosis, mitigation and restoration of systems. As part of a cyber attack directed toward

  18. 6 CFR 27.205 - Determination that a chemical facility “presents a high level of security risk.”

    Science.gov (United States)

    2010-01-01

    ... 6 Domestic Security 1 2010-01-01 2010-01-01 false Determination that a chemical facility âpresents... SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.205 Determination that a chemical facility “presents a high level of security risk.” (a...

  19. Risk perception and environmental health concerns in conditions of social security threat

    International Nuclear Information System (INIS)

    Kolarova, D.

    1998-01-01

    Full text of publication follows: this study explores the connection between the perception of different societal risk, health concerns and behavioral attitudes of people in condition of social security threat. Two small and two big industrial towns were chosen in order to observe the social and psychological price of the structural changes in the industry such as unemployment and its reflection on the households and the individuals' social attitudes. Key stakeholders were interviewed and questionnaire survey was carried out. The results showed high level of risk sensitivity and health concerns when people felt threatened by lack of social and economic security. The pollution was found to be important problem when it caused direct and obvious risk to human health and the environment. In the same time reverse environmental behavior like insensitiveness and neglectful attitude was observed in cases when the health consequences of the pollution were perceived to be unclear and with delayed effect. In situation of a great socio-economic threat noninvolvement helped the individuals to adapt. The research proved the influence of several risk characteristics on risk perception. It was found a connection between the risk perception and risk controllability, voluntariness of exposure and cost/benefits distribution. In the study areas respondents' judgments on these characteristics reflected directly their social status and material state. The study presented here is in progress - it i's supported by research grant from Open Society Foundation. (author)

  20. A global assessment of wildfire risks to human and environmental water security

    Science.gov (United States)

    Robinne, François-Nicolas; Parisien, Marc-André; Flannigan, Mike; Miller, Carol; Bladon, Kevin D.

    2017-04-01

    Extreme wildfire events extensively affect hydrosystem stability and generate an important threat to the reliability of the water supply for human and natural communities. While actively studied at the watershed scale, the development of a global vision of wildfire risk to water security has only been undertaken recently, pointing at potential water security concerns in an era of global changes. In order to address this concern, we propose a global-scale analysis of the wildfire risk to surface water supplies based on the Driving forces-Pressures-States-Impacts-Responses (DPSIR) framework. This framework relies on the cause-and-effect relationships existing between the five categories of the DPSIR chain. Based on the literature, we gathered an extensive set of spatial indicators relevant to fire-induced hydrological hazards and water consumption patterns by human and natural communities. Each indicator was assigned a DPSIR category. Then, we collapsed the information in each category using a principal component analysis in order to extract the most relevant pixel-based information provided by each spatial indicator. Finally, we compiled our five categories using an additive indexation process to produce a spatially-explicit index of the wildfire-water risk (WWR). For comparison purposes, we aggregated index scores by global hydrological regions, or hydrobelts, for analysis. Overall, our results show a distinct pattern of medium-to-high risk levels in areas where sizeable wildfire activity, water resources, and water consumption are concomitant, which mainly encompasses temperate and sub-tropical zones. A closer look at hydrobelts reveals differences in the factors driving the risk, with fire activity being the primary factor of risk in the circumboreal forest, and freshwater resource density being prevalent in tropical areas. We also identified major urban areas across the world whose source waters should be protected from extreme fire events, particularly when

  1. The Effect of Knowledge of Online Security Risks on Consumer Decision Making in B2C e-Commerce

    Science.gov (United States)

    Wang, Ping An

    2010-01-01

    This dissertation research studied how different degrees of knowledge of online security risks affect B2C (business-to-consumer) e-commerce consumer decision making. Online information security risks, such as identity theft, have increasingly become a major factor inhibiting the potential growth of e-commerce. On the other hand, e-commerce…

  2. An Interoperable Security Framework for Connected Healthcare

    NARCIS (Netherlands)

    Asim, M.; Petkovic, M.; Qu, M.; Wang, C.

    2011-01-01

    Connected and interoperable healthcare system promises to reduce thecost of the healthcare delivery, increase its efficiency and enableconsumers to better engage with clinicians and manage their care. However at the same time it introduces new risks towards security andprivacy of personal health

  3. ORDER SECURITY – NATIONAL SECURITY ADMINISTRATION. NATIONAL SECURITY DEFENSE AS SPECIAL ADMINISTRATION

    OpenAIRE

    Zoltán BALLA

    2009-01-01

    National security administration is the special executivedisposal activity of the national security agencies, the section of the state administration that helps the governmental work by reconnoitering and preventing with secret-servicing methods of the risks that shall harm or endanger the national security’s interests. The main operational principles of national security governing are the followings among others: - controlling the operation of national security organization belongs to the ex...

  4. Reducing greenhouse gas emissions in agriculture without compromising food security?

    Science.gov (United States)

    Frank, Stefan; Havlík, Petr; Soussana, Jean-François; Levesque, Antoine; Valin, Hugo; Wollenberg, Eva; Kleinwechter, Ulrich; Fricko, Oliver; Gusti, Mykola; Herrero, Mario; Smith, Pete; Hasegawa, Tomoko; Kraxner, Florian; Obersteiner, Michael

    2017-10-01

    To keep global warming possibly below 1.5 °C and mitigate adverse effects of climate change, agriculture, like all other sectors, will have to contribute to efforts in achieving net negative emissions by the end of the century. Cost-efficient distribution of mitigation across regions and economic sectors is typically calculated using a global uniform carbon price in climate stabilization scenarios. However, in reality such a carbon price would substantially affect food availability. Here, we assess the implications of climate change mitigation in the land use sector for agricultural production and food security using an integrated partial equilibrium modelling framework and explore ways of relaxing the competition between mitigation in agriculture and food availability. Using a scenario that limits global warming cost-efficiently across sectors to 1.5 °C, results indicate global food calorie losses ranging from 110-285 kcal per capita per day in 2050 depending on the applied demand elasticities. This could translate into a rise in undernourishment of 80-300 million people in 2050. Less ambitious greenhouse gas (GHG) mitigation in the land use sector reduces the associated food security impact significantly, however the 1.5 °C target would not be achieved without additional reductions outside the land use sector. Efficiency of GHG mitigation will also depend on the level of participation globally. Our results show that if non-Annex-I countries decide not to contribute to mitigation action while other parties pursue their mitigation efforts to reach the global climate target, food security impacts in these non-Annex-I countries will be higher than if they participate in a global agreement, as inefficient mitigation increases agricultural production costs and therefore food prices. Land-rich countries with a high proportion of emissions from land use change, such as Brazil, could reduce emissions with only a marginal effect on food availability. In contrast

  5. Financial security

    NARCIS (Netherlands)

    de Goede, M.; Burgess, J.P.

    2010-01-01

    1. Introduction J. Peter Burgess Part 1: New Security Concepts 2. Civilizational Security Brett Bowden 3. Risk Oliver Kessler 4. Small Arms Keith Krause 5. Critical Human Security Taylor Owen 6. Critical Geopolitics Simon Dalby Part 2: New Security Subjects 7. Biopolitics Michael Dillon 8. Gendered

  6. The Importance of Information Security Management in Crisis Prevention in the Company

    OpenAIRE

    Wawak, Slawomir

    2010-01-01

    Management information system can be compared to the nervous system of a company. Its malfunction may cause adverse effects in many different areas of the company. Information Security Management is understood as tool of the information confidentiality, availability and integrity assurance. An effective information security management system reduces the risk of crisis in the company. It also allows to reduce the effects of the crisis occurring outside the company.

  7. Cyber security risk management: public policy implications of correlated risk, imperfect ability to prove loss, and observability of self-protection.

    Science.gov (United States)

    Oğüt, Hulisi; Raghunathan, Srinivasan; Menon, Nirup

    2011-03-01

    The correlated nature of security breach risks, the imperfect ability to prove loss from a breach to an insurer, and the inability of insurers and external agents to observe firms' self-protection efforts have posed significant challenges to cyber security risk management. Our analysis finds that a firm invests less than the social optimal levels in self-protection and in insurance when risks are correlated and the ability to prove loss is imperfect. We find that the appropriate social intervention policy to induce a firm to invest at socially optimal levels depends on whether insurers can verify a firm's self-protection levels. If self-protection of a firm is observable to an insurer so that it can design a contract that is contingent on the self-protection level, then self-protection and insurance behave as complements. In this case, a social planner can induce a firm to choose the socially optimal self-protection and insurance levels by offering a subsidy on self-protection. We also find that providing a subsidy on insurance does not provide a similar inducement to a firm. If self-protection of a firm is not observable to an insurer, then self-protection and insurance behave as substitutes. In this case, a social planner should tax the insurance premium to achieve socially optimal results. The results of our analysis hold regardless of whether the insurance market is perfectly competitive or not, implying that solely reforming the currently imperfect insurance market is insufficient to achieve the efficient outcome in cyber security risk management. © 2010 Society for Risk Analysis.

  8. Automated Information Security Will Not Improve until Effectively Supported by IRM.

    Science.gov (United States)

    Chick, Morey J.

    1989-01-01

    The first of two articles on the nature of the growing problem of automated information systems security, especially in the federal government, this article presents a brief history of the problem and describes the need for integrating security activities into overall policies and programs to help reduce system vulnerabilities and risks. (23…

  9. Truck shipment risks for assessing hazardous materials - a new paradigm incorporating safety and security

    Energy Technology Data Exchange (ETDEWEB)

    Greenberg, A.; McSweeney, T.; Allen, J.; Lepofsky, M. [Battelle Memorial Inst., Columbus, OH (United States); Abkowitz, M. [Dept. of Civil Engineering, Vanderbilt Univ., Nashville, TN (United States)

    2004-07-01

    Recent terrorist events, most notably September 11, 2001, have taught us that transportation risk management must be performed with a different lens to accommodate terrorism scenarios that would have previously been considered unlikely to warrant serious attention. Given these circumstances, a new paradigm is needed for managing the risks associated with highway transport of hazardous materials. In particular, this paradigm must: 1) more explicitly consider security threat and vulnerability, and 2) integrate security considerations into an overall framework for addressing natural and man-made disasters, be they accidental or planned. This paper summarizes the results of a study sponsored by the U.S. Department of Transportation, Federal Motor Carrier Safety Administration for the purpose of exploring how a paradigm might evolve in which both safety and security risks can be evaluated as a systematic, integrated process. The work was directed at developing a methodology for assessing the impacts of hazardous materials safety and security incident consequences when transported by highway. This included consideration of the manner in which these materials could be involved in initiating events as well as potential outcomes under a variety of release conditions. The methodology is subsequently applied to various classes of hazardous materials to establish an economic profile of the impacts that might be expected if a major release were to occur. The paper concludes with a discussion of the findings and implications associated with this effort.

  10. Truck shipment risks for assessing hazardous materials - a new paradigm incorporating safety and security

    International Nuclear Information System (INIS)

    Greenberg, A.; McSweeney, T.; Allen, J.; Lepofsky, M.; Abkowitz, M.

    2004-01-01

    Recent terrorist events, most notably September 11, 2001, have taught us that transportation risk management must be performed with a different lens to accommodate terrorism scenarios that would have previously been considered unlikely to warrant serious attention. Given these circumstances, a new paradigm is needed for managing the risks associated with highway transport of hazardous materials. In particular, this paradigm must: 1) more explicitly consider security threat and vulnerability, and 2) integrate security considerations into an overall framework for addressing natural and man-made disasters, be they accidental or planned. This paper summarizes the results of a study sponsored by the U.S. Department of Transportation, Federal Motor Carrier Safety Administration for the purpose of exploring how a paradigm might evolve in which both safety and security risks can be evaluated as a systematic, integrated process. The work was directed at developing a methodology for assessing the impacts of hazardous materials safety and security incident consequences when transported by highway. This included consideration of the manner in which these materials could be involved in initiating events as well as potential outcomes under a variety of release conditions. The methodology is subsequently applied to various classes of hazardous materials to establish an economic profile of the impacts that might be expected if a major release were to occur. The paper concludes with a discussion of the findings and implications associated with this effort

  11. Center for computer security: Computer Security Group conference. Summary

    Energy Technology Data Exchange (ETDEWEB)

    None

    1982-06-01

    Topics covered include: computer security management; detection and prevention of computer misuse; certification and accreditation; protection of computer security, perspective from a program office; risk analysis; secure accreditation systems; data base security; implementing R and D; key notarization system; DOD computer security center; the Sandia experience; inspector general's report; and backup and contingency planning. (GHT)

  12. Security dialogues: building better relationships between security and business

    OpenAIRE

    Ashenden, Debi; Lawrence, Darren

    2016-01-01

    In the real world, there's often a discrepancy between an organization's mandated security processes and what actually happens. The social practice of security flourishes in the space between and around formal organizational security processes. By recognizing the value of risk management as a communication tool, security practitioners can tap opportunities to improve the security dialogue with staff.

  13. Discursive Overlap and Conflictive Fragmentation of Risk and Security in the Geopolitics of Energy

    Directory of Open Access Journals (Sweden)

    Julio E. Rubio

    2013-03-01

    Full Text Available As it touches all aspects of human activity and society in general, energy has become an object of discourse. Two main discourses have formed on the use of energy: risk discourse and security discourse. While environmental changes and oil depletion continue, a new application for the term security has appeared: energy security. This concept can be interpreted within the terms of risk discourse, which is oriented towards rational consensus and decision making, or as an exercise of power, sovereignty and hegemony. The boundaries between interpretations are often unclear. Thus, in an institutional framework that has fragmented principles, norms and rules, opposing discourses will overlap. Political agents and institutions deploy strategies based on these discourses. With this overlapping of discourses, the performative powers of different institutions clash, thus creating conflictive fragmentation in a governance architecture. The purpose of this investigation is to analyze the use of, replication of, and ambiguities surrounding the concept of energy security, so as to understand how and why these discourses overlap and the profound consequences that this overlap may have for present and future energy use, environmental negotiations, and political climate.

  14. Food security and cardiovascular disease risk among adults in the United States: findings from the National Health and Nutrition Examination Survey, 2003-2008.

    Science.gov (United States)

    Ford, Earl S

    2013-12-05

    Little is known about the relationship between food security status and predicted 10-year cardiovascular disease risk. The objective of this study was to examine the associations between food security status and cardiovascular disease risk factors and predicted 10-year risk in a national sample of US adults. A cross-sectional analysis using data from 10,455 adults aged 20 years or older from the National Health and Nutrition Examination Survey 2003-2008 was conducted. Four levels of food security status were defined by using 10 questions. Among all participants, 83.9% had full food security, 6.7% had marginal food security, 5.8% had low food security, and 3.6% had very low food security. After adjustment, mean hemoglobin A1c was 0.15% greater and mean concentration of C-reactive protein was 0.8 mg/L greater among participants with very low food security than among those with full food security. The adjusted mean concentration of cotinine among participants with very low food security was almost double that of participants with full food security (112.8 vs 62.0 ng/mL, P security status and systolic blood pressure or concentrations of total cholesterol, high-density lipoprotein cholesterol, or non-high-density lipoprotein cholesterol were observed. Participants aged 30 to 59 years with very low food security were more likely to have a predicted 10-year cardiovascular disease risk greater than 20% than fully food secure participants (adjusted prevalence ratio, 2.38; 95% CI, 1.31-4.31). Adults aged 30 to 59 years with very low food security showed evidence of increased predicted 10-year cardiovascular disease risk.

  15. Using Financial Instruments to Transfer the Information Security Risks

    OpenAIRE

    Pankaj Pandey; Einar Snekkenes

    2016-01-01

    For many individuals and organizations, cyber-insurance is the most practical and only way of handling a major financial impact of an information security event. However, the cyber-insurance market suffers from the problem of information asymmetry, lack of product diversity, illiquidity, high transaction cost, and so on. On the other hand, in theory, capital market-based financial instruments can provide a risk transfer mechanism with the ability to absorb the adverse impact of an information...

  16. An interoperable security framework for connected healthcare

    NARCIS (Netherlands)

    Asim, M.; Petkovic, M.; Qu, M.; Wang, Changjie

    2011-01-01

    Connected and interoperable healthcare system promises to reduce the cost of healthcare delivery, increase its efficiency and enable consumers to better engage with clinicians and manage their care. However at the same time it introduces new risks towards security and privacy of personal health

  17. Framework for generating expert systems to perform computer security risk analysis

    International Nuclear Information System (INIS)

    Smith, S.T.; Lim, J.J.

    1985-01-01

    At Los Alamos we are developing a framework to generate knowledge-based expert systems for performing automated risk analyses upon a subject system. The expert system is a computer program that models experts' knowledge about a topic, including facts, assumptions, insights, and decision rationale. The subject system, defined as the collection of information, procedures, devices, and real property upon which the risk analysis is to be performed, is a member of the class of systems that have three identifying characteristics: a set of desirable assets (or targets), a set of adversaries (or threats) desiring to obtain or to do harm to the assets, and a set of protective mechanisms to safeguard the assets from the adversaries. Risk analysis evaluates both vulnerability to and the impact of successful threats against the targets by determining the overall effectiveness of the subject system safeguards, identifying vulnerabilities in that set of safeguards, and determining cost-effective improvements to the safeguards. As a testbed, we evaluate the inherent vulnerabilities and risks in a system of computer security safeguards. The method considers safeguards protecting four generic targets (physical plant of the computer installation, its hardware, its software, and its documents and displays) against three generic threats (natural hazards, direct human actions requiring the presence of the adversary, and indirect human actions wherein the adversary is not on the premises-perhaps using such access tools as wiretaps, dialup lines, and so forth). Our automated procedure to assess the effectiveness of computer security safeguards differs from traditional risk analysis methods

  18. The 'polypill' to reduce cardiovascular risk

    DEFF Research Database (Denmark)

    Patel, Vinod; Pedersen, Oluf; Morrissey, John

    2004-01-01

    This article considers data from the Steno-2 multifactorial intervention study in type 2 diabetes to which are applied the United Kingdom Prospective Diabetes Study (UKPDS) risk engine. Mathematical analyses support the use of a 'polypill' to reduce cardiovascular risk in type 2 diabetes. It is s...

  19. Multi-risk infants: predicting attachment security from sociodemographic, psychosocial, and health risk among African-American preterm infants.

    Science.gov (United States)

    Candelaria, Margo; Teti, Douglas M; Black, Maureen M

    2011-08-01

    Ecological and transactional theories link child outcomes to accumulated risk. This study hypothesized that cumulative risk was negatively related to attachment, and that maternal sensitivity mediated linkages between risk and attachment. One hundred and twelve high-risk African-American premature infant-mother dyads participated. Psychosocial (maternal depression, stress and self-efficacy) and sociodemographic risk (poverty, maternal education, marital status) were maternal self-report (0-4 months). Infant health risk was obtained from hospital charts. Infant-mother attachment (12 months) and maternal sensitivity (4 months) were assessed with Q-sort measures. Psychosocial and sociodemographic risk, but not infant health risk, negatively related to attachment. Both were mediated by maternal sensitivity. The impact of risk domains on attachment security was mediated by maternal sensitivity. Results emphasize the need for early intervention programs targeting premature infants to identify and address environmental and personal factors that place parenting at risk. © 2011 The Authors. Journal of Child Psychology and Psychiatry © 2011 Association for Child and Adolescent Mental Health.

  20. A code inspection process for security reviews

    Science.gov (United States)

    Garzoglio, Gabriele

    2010-04-01

    In recent years, it has become more and more evident that software threat communities are taking an increasing interest in Grid infrastructures. To mitigate the security risk associated with the increased numbers of attacks, the Grid software development community needs to scale up effort to reduce software vulnerabilities. This can be achieved by introducing security review processes as a standard project management practice. The Grid Facilities Department of the Fermilab Computing Division has developed a code inspection process, tailored to reviewing security properties of software. The goal of the process is to identify technical risks associated with an application and their impact. This is achieved by focusing on the business needs of the application (what it does and protects), on understanding threats and exploit communities (what an exploiter gains), and on uncovering potential vulnerabilities (what defects can be exploited). The desired outcome of the process is an improvement of the quality of the software artifact and an enhanced understanding of possible mitigation strategies for residual risks. This paper describes the inspection process and lessons learned on applying it to Grid middleware.

  1. A code inspection process for security reviews

    International Nuclear Information System (INIS)

    Garzoglio, Gabriele

    2010-01-01

    In recent years, it has become more and more evident that software threat communities are taking an increasing interest in Grid infrastructures. To mitigate the security risk associated with the increased numbers of attacks, the Grid software development community needs to scale up effort to reduce software vulnerabilities. This can be achieved by introducing security review processes as a standard project management practice. The Grid Facilities Department of the Fermilab Computing Division has developed a code inspection process, tailored to reviewing security properties of software. The goal of the process is to identify technical risks associated with an application and their impact. This is achieved by focusing on the business needs of the application (what it does and protects), on understanding threats and exploit communities (what an exploiter gains), and on uncovering potential vulnerabilities (what defects can be exploited). The desired outcome of the process is an improvement of the quality of the software artifact and an enhanced understanding of possible mitigation strategies for residual risks. This paper describes the inspection process and lessons learned on applying it to Grid middleware.

  2. A code inspection process for security reviews

    Energy Technology Data Exchange (ETDEWEB)

    Garzoglio, Gabriele; /Fermilab

    2009-05-01

    In recent years, it has become more and more evident that software threat communities are taking an increasing interest in Grid infrastructures. To mitigate the security risk associated with the increased numbers of attacks, the Grid software development community needs to scale up effort to reduce software vulnerabilities. This can be achieved by introducing security review processes as a standard project management practice. The Grid Facilities Department of the Fermilab Computing Division has developed a code inspection process, tailored to reviewing security properties of software. The goal of the process is to identify technical risks associated with an application and their impact. This is achieved by focusing on the business needs of the application (what it does and protects), on understanding threats and exploit communities (what an exploiter gains), and on uncovering potential vulnerabilities (what defects can be exploited). The desired outcome of the process is an improvement of the quality of the software artifact and an enhanced understanding of possible mitigation strategies for residual risks. This paper describes the inspection process and lessons learned on applying it to Grid middleware.

  3. Benefits from reducing risk of death

    Energy Technology Data Exchange (ETDEWEB)

    Krupnick, A

    1994-07-01

    Of the categories of benefits to individuals, reductions in the risk of premature mortality are of central. concern to the public and environmental policy makers. These benefits can include those from reductions in own- risk, for example, an individual's valuation of reducing his or her own mortality risks; reductions in risk to an individual's family, friends, or co-workers (i.e., of people known to the individual); and reductions in risks to unknown individuals. The last type would be an example of altruistic value. The overall goal is to measure the welfare change from a change in the current and/or future probability of dying. The willingness to pay (WTP) reflects the amount of income taken from a person that would leave him or her indifferent to a decrease in risk, whenever it occurs. When this value is divided by the risk change, the resulting value is called the 'value of a statistical life'. Another relevant measure appearing in the literature is the value of life-years saved. A final issue concerns the type of premature mortality risks one is valuing when environmental pollution is at issue. While most effort has gone into estimating the welfare effects of a change in current probability of death of healthy workers on the job, this is more relevant for characterizing the benefits of reducing accidental death risks than death from environmental causes. Exposure to pollutants raises risks of developing cancer, chronic heart, respiratory, and other diseases that raise mortality risks in the future. Such exposure also may raise current death risks for the very old and the sick. But, surely the pollution effect that is analogous to occupational health risks-pollution exposures high enough to raise current risks of death for the healthy, prime-age person-is insignificant in the United States.

  4. Benefits from reducing risk of death

    International Nuclear Information System (INIS)

    Krupnick, A.

    1994-01-01

    Of the categories of benefits to individuals, reductions in the risk of premature mortality are of central. concern to the public and environmental policy makers. These benefits can include those from reductions in own- risk, for example, an individual's valuation of reducing his or her own mortality risks; reductions in risk to an individual's family, friends, or co-workers (i.e., of people known to the individual); and reductions in risks to unknown individuals. The last type would be an example of altruistic value. The overall goal is to measure the welfare change from a change in the current and/or future probability of dying. The willingness to pay (WTP) reflects the amount of income taken from a person that would leave him or her indifferent to a decrease in risk, whenever it occurs. When this value is divided by the risk change, the resulting value is called the 'value of a statistical life'. Another relevant measure appearing in the literature is the value of life-years saved. A final issue concerns the type of premature mortality risks one is valuing when environmental pollution is at issue. While most effort has gone into estimating the welfare effects of a change in current probability of death of healthy workers on the job, this is more relevant for characterizing the benefits of reducing accidental death risks than death from environmental causes. Exposure to pollutants raises risks of developing cancer, chronic heart, respiratory, and other diseases that raise mortality risks in the future. Such exposure also may raise current death risks for the very old and the sick. But, surely the pollution effect that is analogous to occupational health risks-pollution exposures high enough to raise current risks of death for the healthy, prime-age person-is insignificant in the United States

  5. Methodology for Applying Cyber Security Risk Evaluation from BN Model to PSA Model

    Energy Technology Data Exchange (ETDEWEB)

    Shin, Jin Soo; Heo, Gyun Young [Kyung Hee University, Youngin (Korea, Republic of); Kang, Hyun Gook [KAIST, Dajeon (Korea, Republic of); Son, Han Seong [Joongbu University, Chubu (Korea, Republic of)

    2014-08-15

    There are several advantages to use digital equipment such as cost, convenience, and availability. It is inevitable to use the digital I and C equipment replaced analog. Nuclear facilities have already started applying the digital system to I and C system. However, the nuclear facilities also have to change I and C system even though it is difficult to use digital equipment due to high level of safety, irradiation embrittlement, and cyber security. A cyber security which is one of important concerns to use digital equipment can affect the whole integrity of nuclear facilities. For instance, cyber-attack occurred to nuclear facilities such as the SQL slammer worm, stuxnet, DUQU, and flame. The regulatory authorities have published many regulatory requirement documents such as U.S. NRC Regulatory Guide 5.71, 1.152, IAEA guide NSS-17, IEEE Standard, and KINS Regulatory Guide. One of the important problem of cyber security research for nuclear facilities is difficulty to obtain the data through the penetration experiments. Therefore, we make cyber security risk evaluation model with Bayesian network (BN) for nuclear reactor protection system (RPS), which is one of the safety-critical systems to trip the reactor when the accident is happened to the facilities. BN can be used for overcoming these problems. We propose a method to apply BN cyber security model to probabilistic safety assessment (PSA) model, which had been used for safety assessment of system, structure and components of facility. The proposed method will be able to provide the insight of safety as well as cyber risk to the facility.

  6. Methodology for Applying Cyber Security Risk Evaluation from BN Model to PSA Model

    International Nuclear Information System (INIS)

    Shin, Jin Soo; Heo, Gyun Young; Kang, Hyun Gook; Son, Han Seong

    2014-01-01

    There are several advantages to use digital equipment such as cost, convenience, and availability. It is inevitable to use the digital I and C equipment replaced analog. Nuclear facilities have already started applying the digital system to I and C system. However, the nuclear facilities also have to change I and C system even though it is difficult to use digital equipment due to high level of safety, irradiation embrittlement, and cyber security. A cyber security which is one of important concerns to use digital equipment can affect the whole integrity of nuclear facilities. For instance, cyber-attack occurred to nuclear facilities such as the SQL slammer worm, stuxnet, DUQU, and flame. The regulatory authorities have published many regulatory requirement documents such as U.S. NRC Regulatory Guide 5.71, 1.152, IAEA guide NSS-17, IEEE Standard, and KINS Regulatory Guide. One of the important problem of cyber security research for nuclear facilities is difficulty to obtain the data through the penetration experiments. Therefore, we make cyber security risk evaluation model with Bayesian network (BN) for nuclear reactor protection system (RPS), which is one of the safety-critical systems to trip the reactor when the accident is happened to the facilities. BN can be used for overcoming these problems. We propose a method to apply BN cyber security model to probabilistic safety assessment (PSA) model, which had been used for safety assessment of system, structure and components of facility. The proposed method will be able to provide the insight of safety as well as cyber risk to the facility

  7. Risk Management for e-Business

    Directory of Open Access Journals (Sweden)

    2007-01-01

    Full Text Available In the new Internet economy, risk management plays a critical role to protect the organization and its ability to perform their business mission, not just its IT assets. Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. The risk management is an important component of a IT security program. Information and communications technology management and IT security are responsible for ensuring that technology risks are managed appropriately. These risks originate from the deployment and use of IT assets in various ways, such as configuring systems incorrectly or gaining access to restricted software.

  8. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance

    Science.gov (United States)

    Watzlaf, Valerie J.M.; Moeini, Sohrab; Firouzan, Patti

    2010-01-01

    Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR. PMID:25945172

  9. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance.

    Science.gov (United States)

    Watzlaf, Valerie J M; Moeini, Sohrab; Firouzan, Patti

    2010-01-01

    Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR.

  10. Strategic information security

    CERN Document Server

    Wylder, John

    2003-01-01

    Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

  11. Risk-informed approach for safety, safeguards, and security (3S) by design

    International Nuclear Information System (INIS)

    Suzuki, Mitsutoshi; Burr, Tom; Howell, John

    2011-01-01

    Over several decades the nuclear energy society worldwide has developed safety assessment methodology based on probabilistic risk analysis for incorporating its benefit into design and accident prevention for nuclear reactors. Although safeguards and security communities have different histories and technical aspects compared to safety, risk assessment as a supplement to their current requirements could be developed to promote synergism between Safety, Safeguards, and Security (3S) and to install effective countermeasures in the design of complex nuclear fuel cycle facilities. Since the 3S initiative was raised by G8 countries at Hokkaido Toyako-Summit in 2008, one approach to developing synergism in a 3S By Design (3SBD) process has been the application of risk-oriented assessment methodology. In the existing regulations of safeguards and security, a risk notion has already been considered for inherent threat and hazard recognition. To integrate existing metrics into a risk-oriented approach, several mathematical methods have already been surveyed, with attention to the scarcity of intentional acts in the case of safeguards and the sparseness of actual event data. A two-dimensional probability distribution composed of measurement error and incidence probabilities has been proposed to formalize inherent difficulties in the International Atomic Energy Agency (IAEA) safeguards criteria. In particular, the incidence probability that is difficult to estimate has been explained using a Markov model and game theory. In this work, a feasibility study of 3SBD is performed for an aqueous reprocessing process, and synergetic countermeasures are presented for preliminary demonstration of 3SBD. Although differences and conflicts between individual 'S' communities exist, the integrated approach would be valuable for optimization and balance between the 3S design features as well as for effective and efficient implementation under existing regulation frameworks. In addition

  12. Development of Risk Assessment Methodology for State's Nuclear Security Regime

    Energy Technology Data Exchange (ETDEWEB)

    Jang, Sung Soon; Seo, Hyung Min; Lee, Jung Ho; Kwak, Sung Woo [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2011-05-15

    Threats of nuclear terrorism are increasing after 9/11 terrorist attack. Treats include nuclear explosive device (NED) made by terrorist groups, radiological damage caused by a sabotage aiming nuclear facilities, and radiological dispersion device (RDD), which is also called 'dirty bomb'. In 9/11, Al Qaeda planed to cause radiological consequences by the crash of a nuclear power plant and the captured airplane. The evidence of a dirty bomb experiment was found in Afganistan by the UK intelligence agency. Thus, the international communities including the IAEA work substantial efforts. The leaders of 47 nations attended the 2010 nuclear security summit hosted by President Obama, while the next global nuclear summit will be held in Seoul, 2012. Most states established and are maintaining state's nuclear security regime because of the increasing threat and the international obligations. However, each state's nuclear security regime is different and depends on the state's environment. The methodology for the assessment of state's nuclear security regime is necessary to design and implement an efficient nuclear security regime, and to figure out weak points. The IAEA's INPRO project suggests a checklist method for State's nuclear security regime. The IAEA is now researching more quantitative methods cooperatively with several countries including Korea. In this abstract, methodologies to evaluate state's nuclear security regime by risk assessment are addressed

  13. A threat-vulnerability based risk analysis model for cyber physical system security

    CSIR Research Space (South Africa)

    Ledwaba, Lehlogonolo

    2017-01-01

    Full Text Available model. An analysis of the Natanz system shows that, with an actual case security-risk score at Mitigation level 5, the infested facilities barely avoided a situation worse than the one which occurred. The paper concludes with a discussion on the need...

  14. The KnowRISK project: Tools and strategies to reduce non-structural damage

    Science.gov (United States)

    Sousa Oliveira, Carlos; Lopes, Mário; Mota de Sá, Francisco; Amaral Ferreia, Mónica; Candeias, Paulo; Campos Costa, Alfredo; Rupakhety, Rajesh; Meroni, Fabrizio; Azzaro, Raffaele; D'Amico, Salvatore; Langer, Horst; Musacchio, Gemma; Sousa Silva, Delta; Falsaperla, Susanna; Scarfì, Luciano; Tusa, Giuseppina; Tuvé, Tiziana

    2016-04-01

    The project KnowRISK (Know your city, Reduce seISmic risK through non-structural elements) is financed by the European Commission to develop prevention measures that may reduce non-structural damage in urban areas. Pilot areas of the project are within the three European participating countries, namely Portugal, Iceland and Italy. Non-structural components of a building include all those components that are not part of the structural system, more specifically the architectural, mechanical, electrical, and plumbing systems, as well as furniture, fixtures, equipment, and contents. Windows, partitions, granite veneer, piping, ceilings, air conditioning ducts and equipment, elevators, computer and hospital equipment, file cabinets, and retail merchandise are all examples of non-structural components that are vulnerable to earthquake damage. We will use the experience gained during past earthquakes, which struck in particular Iceland, Italy and Portugal (Azores). Securing the non-structural elements improves the safety during an earthquake and saves lives. This paper aims at identifying non-structural seismic protection measures in the pilot areas and to develop a portfolio of good practices for the most common and serious non-structural vulnerabilities. This systematic identification and the portfolio will be achieved through a "cross-knowledge" strategy based on previous researches, evidence of non-structural damage in past earthquakes. Shake table tests of a group of non-structural elements will be performed. These tests will be filmed and, jointly with portfolio, will serve as didactic supporting tools to be used in workshops with building construction stakeholders and in risk communication activities. A Practical Guide for non-structural risk reduction will be specifically prepared for citizens on the basis of the outputs of the project, taking into account the local culture and needs of each participating country.

  15. A Cyber Security Risk Assessment of Hospital Infrastructure including TLS/SSL and other Threats

    OpenAIRE

    Millar, Stuart

    2016-01-01

    Cyber threats traditionally target governments, financial institutions and businesses. However, of growing concern is the threat to healthcare organizations. This study conducts a cyber security risk assessment of a theoretical hospital environment, to include TLS/SSL, which is an encryption protocol for network communications, plus other physical, logical and human threats. Despite significant budgets in the UK for the NHS, the spend on cyber security appears worryingly low and many hospital...

  16. Development Methodology of a Cyber Security Risk Analysis and Assessment Tool for Digital I and C Systems in Nuclear Power Plant

    International Nuclear Information System (INIS)

    Cha, K. H.; Lee, C. K.; Song, J. G.; Lee, Y. J.; Kim, J. Y.; Lee, J. W.; Lee, D. Y.

    2011-01-01

    With the use of digital computers and communication networks the hot issues on cyber security were raised about 10 years ago. The scope of cyber security application has now been extended from the safety Instrumentation and Control (I and C) system to safety important systems, plant security system, and emergency preparedness system. Therefore, cyber security should be assessed and managed systematically throughout the development life cycle of I and C systems in order for their digital assets to be protected from cyber attacks. Fig. 1 shows the concept of a cyber security risk management of digital I and C systems in nuclear power plants (NPPs). A lot of cyber security risk assessment methods, techniques, and supported tools have been developed for Information Technology (IT) systems, but they have not been utilized widely for cyber security risk assessments of the digital I and C systems in NPPs. The main reason is a difference in goals between IT systems and nuclear I and C systems. Confidentiality is important in IT systems, but availability and integrity are important in nuclear I and C systems. Last year, it was started to develop a software tool to be specialized for the development process of nuclear I and C systems. This paper presents a development methodology of the Cyber Security Risk analysis and Assessment Tool (CSRAT) for the digital I and C systems in NPP

  17. Development Methodology of a Cyber Security Risk Analysis and Assessment Tool for Digital I and C Systems in Nuclear Power Plant

    Energy Technology Data Exchange (ETDEWEB)

    Cha, K. H.; Lee, C. K.; Song, J. G.; Lee, Y. J.; Kim, J. Y.; Lee, J. W.; Lee, D. Y. [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2011-05-15

    With the use of digital computers and communication networks the hot issues on cyber security were raised about 10 years ago. The scope of cyber security application has now been extended from the safety Instrumentation and Control (I and C) system to safety important systems, plant security system, and emergency preparedness system. Therefore, cyber security should be assessed and managed systematically throughout the development life cycle of I and C systems in order for their digital assets to be protected from cyber attacks. Fig. 1 shows the concept of a cyber security risk management of digital I and C systems in nuclear power plants (NPPs). A lot of cyber security risk assessment methods, techniques, and supported tools have been developed for Information Technology (IT) systems, but they have not been utilized widely for cyber security risk assessments of the digital I and C systems in NPPs. The main reason is a difference in goals between IT systems and nuclear I and C systems. Confidentiality is important in IT systems, but availability and integrity are important in nuclear I and C systems. Last year, it was started to develop a software tool to be specialized for the development process of nuclear I and C systems. This paper presents a development methodology of the Cyber Security Risk analysis and Assessment Tool (CSRAT) for the digital I and C systems in NPP

  18. Probabilistic risk analysis and terrorism risk.

    Science.gov (United States)

    Ezell, Barry Charles; Bennett, Steven P; von Winterfeldt, Detlof; Sokolowski, John; Collins, Andrew J

    2010-04-01

    Since the terrorist attacks of September 11, 2001, and the subsequent establishment of the U.S. Department of Homeland Security (DHS), considerable efforts have been made to estimate the risks of terrorism and the cost effectiveness of security policies to reduce these risks. DHS, industry, and the academic risk analysis communities have all invested heavily in the development of tools and approaches that can assist decisionmakers in effectively allocating limited resources across the vast array of potential investments that could mitigate risks from terrorism and other threats to the homeland. Decisionmakers demand models, analyses, and decision support that are useful for this task and based on the state of the art. Since terrorism risk analysis is new, no single method is likely to meet this challenge. In this article we explore a number of existing and potential approaches for terrorism risk analysis, focusing particularly on recent discussions regarding the applicability of probabilistic and decision analytic approaches to bioterrorism risks and the Bioterrorism Risk Assessment methodology used by the DHS and criticized by the National Academies and others.

  19. Relationship Between Perceived Risk of Falling and Adoption of Precautions to Reduce Fall Risk.

    Science.gov (United States)

    Blalock, Susan J; Gildner, Paula L; Jones, Jennifer L; Bowling, James M; Casteel, Carri H

    2016-06-01

    To better understand the relationship between perceived risk of falling and awareness and adoption of four specific precautions that older adults have taken to reduce this risk. Cross-sectional. Data were collected in in-person interviews conducted in the homes of study participants. Interviews conducted between March 2011 and September 2013 and lasted an average of 60-90 minutes. A stratified sampling strategy designed to enroll an equal number of homebound and nonhomebound participants was used. All participants (N = 164) were recruited from central North Carolina. Participants were asked about 1-year fall history, perceived risk of falling, restriction of activities because of fear of falling, awareness of four recommended fall prevention behaviors (exercise, annual medication review, bathroom grab bars, safe footwear), and current practice of these behaviors. In bivariate analyses, individuals who were aware of two behaviors recommended to reduce the risk of falling (exercise, use of safe footwear) and had adopted these behaviors perceived their risk of falling as lower than individuals who were aware of the recommended behaviors but had not adopted them. Moreover, in multivariate analyses, individuals who did not know that exercise is recommended to reduce the risk of falling perceived their risk of falling as lower than those who were aware of this recommendation and had adopted it. Individuals were least likely to be aware that medication reviews and exercise are recommended to reduce fall risk. Awareness of behaviors recommended to reduce fall risk appears necessary for adoption of these behaviors to reduce perceived risk. Fall-prevention campaigns should emphasize behaviors where awareness is low. © 2016, Copyright the Authors Journal compilation © 2016, The American Geriatrics Society.

  20. Security negotiation

    OpenAIRE

    Mitrović, Miroslav M.; Ivaniš, Željko

    2013-01-01

    Contemporary security challenges, risks and threats represent a resultant of the achieved level of interaction between various entities within the paradigm of global security relations. Asymmetry and nonlinearity are main features of contemporary challenges in the field of global security. Negotiation in the area of security, namely the security negotiation, thus goes beyond just the domain of negotiation in conflicts and takes into consideration particularly asymmetric forms of possible sour...

  1. Breach of Personal Security through Applicative use of Online Social Networks

    Directory of Open Access Journals (Sweden)

    Bojan Nikolovski

    2013-11-01

    Full Text Available Throughout this article there is an attempt to indicate the threats of potential to breach of personal security through applicative use of internet as well as applicative use of online social networks. In addition to many other ways of privacy protection applicative users of social network’s sites must take into considerations the risk of distributing private data. Through a series of actions and settings users can customize the security settings with the ultimate goal of reducing the risk of attack on their privacy.

  2. Coping with global environmental change, disasters and security. Threats, challenges, vulnerabilities and risks

    Energy Technology Data Exchange (ETDEWEB)

    Brauch, Hans Guenter [Freie Univ. Berlin (Germany). Dept. of Political and Social Sciences; UNU-EHS, Bonn (DE). College of Associated Scientists and Advisors (CASA); Oswald Spring, Ursula [National Univ. of Mexico, Cuernavaca (MX). Regional Multidisciplinary Research Centre (CRIM); Mesjasz, Czeslaw [Cracow Univ. of Exonomics (Poland). Faculty of Management; Grin, John [Amsterdam Univ. (Netherlands). Dept. of Political Science; Dutch Knowledge network for Systems Innovations and Transitions (KSI), Amsterdam (Netherlands); Kameri-Mbote, Patricia [Strathmore Univ., Nairobi (Kenya). Dept. of Law; International Environmental Law Research Centre, Nairobi (Kenya); Chourou, Bechir [Univ. of Tunis-Carthage, Hammam-Chatt (Tunisia); Dunay, Pal [Geneva Centre for Security Policy (Switzerland). International Training Course in Security Policy; Birkmann, Joern (eds.) [United Nations Univ. (UNU), Bonn (DE). Inst. for Environment and Human Security (EHS)

    2011-07-01

    This policy-focused Global Environmental and Human Security Handbook for the Anthropo-cene (GEHSHA) addresses new security threats, challenges, vulnerabilities and risks posed by global environmental change and disasters. In 6 forewords, 5 preface essays 95 peer reviewed chapcountries analyse in 10 parts concepts of military and political hard security and economic, social, environmental soft security with a regional focus on the Near East, North and Sub-Sahara Africa and Asia and on hazards in urban centres. The major focus is on coping with global environmental change: climate change, desertification, water, food and health and with hazards and strategies on social vulnerability and resilience building and scientific, international, regional and national political strategies, policies and measures including early warning of conflicts and hazards. The book proposes a political geo-ecology and discusses a 'Fourth Green Revolution' for the Anthropocene era of earth history. (orig.)

  3. Functional neural correlates of reduced physiological falls risk

    Directory of Open Access Journals (Sweden)

    Hsu Chun

    2011-08-01

    Full Text Available Abstract Background It is currently unclear whether the function of brain regions associated with executive cognitive processing are independently associated with reduced physiological falls risk. If these are related, it would suggest that the development of interventions targeted at improving executive neurocognitive function would be an effective new approach for reducing physiological falls risk in seniors. Methods We performed a secondary analysis of 73 community-dwelling senior women aged 65 to 75 years old who participated in a 12-month randomized controlled trial of resistance training. Functional MRI data were acquired while participants performed a modified Eriksen Flanker Task - a task of selective attention and conflict resolution. Brain volumes were obtained using MRI. Falls risk was assessed using the Physiological Profile Assessment (PPA. Results After accounting for baseline age, experimental group, baseline PPA score, and total baseline white matter brain volume, baseline activation in the left frontal orbital cortex extending towards the insula was negatively associated with reduced physiological falls risk over the 12-month period. In contrast, baseline activation in the paracingulate gyrus extending towards the anterior cingulate gyrus was positively associated with reduced physiological falls risk. Conclusions Baseline activation levels of brain regions underlying response inhibition and selective attention were independently associated with reduced physiological falls risk. This suggests that falls prevention strategies may be facilitated by incorporating intervention components - such as aerobic exercise - that are specifically designed to induce neurocognitive plasticity. Trial Registration ClinicalTrials.gov Identifier: NCT00426881

  4. A Novel Cloud Computing Algorithm of Security and Privacy

    Directory of Open Access Journals (Sweden)

    Chih-Yung Chen

    2013-01-01

    Full Text Available The emergence of cloud computing has simplified the flow of large-scale deployment distributed system of software suppliers; when issuing respective application programs in a sharing clouds service to different user, the management of material becomes more complex. Therefore, in multitype clouds service of trust environment, when enterprises face cloud computing, what most worries is the issue of security, but individual users are worried whether the privacy material will have an outflow risk. This research has mainly analyzed several different construction patterns of cloud computing, and quite relevant case in the deployment construction security of cloud computing by fit and unfit quality, and proposed finally an optimization safe deployment construction of cloud computing and security mechanism of material protection calculating method, namely, Global Authentication Register System (GARS, to reduce cloud material outflow risk. We implemented a system simulation to test the GARS algorithm of availability, security and performance. By experimental data analysis, the solutions of cloud computing security, and privacy derived from the research can be effective protection in cloud information security. Moreover, we have proposed cloud computing in the information security-related proposals that would provide related units for the development of cloud computing security practice.

  5. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance

    Directory of Open Access Journals (Sweden)

    Valerie J.M. Watzlaf

    2010-10-01

    Full Text Available Voice over the Internet Protocol (VoIP systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR therapy that can provide voice and video teleconferencing between patients and therapists.  Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care, and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR.   

  6. Does Metformin Reduce Cancer Risks? Methodologic Considerations.

    Science.gov (United States)

    Golozar, Asieh; Liu, Shuiqing; Lin, Joeseph A; Peairs, Kimberly; Yeh, Hsin-Chieh

    2016-01-01

    The substantial burden of cancer and diabetes and the association between the two conditions has been a motivation for researchers to look for targeted strategies that can simultaneously affect both diseases and reduce their overlapping burden. In the absence of randomized clinical trials, researchers have taken advantage of the availability and richness of administrative databases and electronic medical records to investigate the effects of drugs on cancer risk among diabetic individuals. The majority of these studies suggest that metformin could potentially reduce cancer risk. However, the validity of this purported reduction in cancer risk is limited by several methodological flaws either in the study design or in the analysis. Whether metformin use decreases cancer risk relies heavily on the availability of valid data sources with complete information on confounders, accurate assessment of drug use, appropriate study design, and robust analytical techniques. The majority of the observational studies assessing the association between metformin and cancer risk suffer from methodological shortcomings and efforts to address these issues have been incomplete. Future investigations on the association between metformin and cancer risk should clearly address the methodological issues due to confounding by indication, prevalent user bias, and time-related biases. Although the proposed strategies do not guarantee a bias-free estimate for the association between metformin and cancer, they will reduce synthesis of and reporting of erroneous results.

  7. Addressing the supply security of the nuclear fuel cycle: a US merchant generator risk acceptance perspective

    International Nuclear Information System (INIS)

    Jordan, R. P.; Benavides, P.A.

    2006-01-01

    With the current rising markets across the nuclear fuel supply spectrum, understanding and managing nuclear fuel cycle supply security risk becomes an increasingly important consideration. In addressing this area, Constellation Energy is implementing an integrated multifaceted approach as consistent with a comprehensive risk profile covering the nuclear fuel supply industry. This approach is founded on use of a utility traditional procurement strategy, as dependent on the qualitative parameters of supply origination diversification, geopolitical stability, contracting duration and individual supplier financial bases. However, Constellation also adds an additional consideration into development of this nuclear fuel supply risk profile. To do such, qualitative assessments covering specific supplier risks, as based on the parameters of supplier management and organizational structure, design capacities (applicable to fabrication and enrichment only), operational history as applicable to forward-looking performance, regulatory or legal history and financial performance are also considered. Constellation overlays the risks of future availabilities, catastrophic occurrences and prices for each nuclear fuel material and service component onto a quantitative set of results. The overall focus of these assessments is the creation of a risk management perspective directed towards determining the potential loss or delay of nuclear fuel supply for our operating reactors. The conclusion of this effort is an integrated assessment of the nuclear fuel supply security as applicable to the Constellation-specific structured risk profile. Use of this assessment allows Constellation to target appropriate suppliers of interest in the marketplace and form the fundamental bases for the Constellation procurement strategy while managing risks associated with nuclear fuel cycle supply security. (authors)

  8. Security in the Asia Pacific region

    International Nuclear Information System (INIS)

    1999-01-01

    The Working Group began by discussing the meaning of security in terms of its comprehensive, cooperative and human dimensions. In doing so, the members of the Group focused on major issues which could endanger regional stability and non-proliferation. In order to identify the major problems and sources of tension, it was agreed that the Group would concentrate on two sub-regions, namely, East Asia and South East Asia and then to compare these briefly with South Asia and Latin America, the aim being to identify common security concerns. The discussion was framed in terms of: (i) evaluating the adequacy of the existing institutional framework for security cooperation; (ii) evaluating linkages between economic development and security; and (iii) seeking ways to reduce tension and to increase security in the region. Discussion was focused on the broad subject of security risks and challenges as well as opportunities for effective cooperative security in the Asia Pacific region. Attention was devoted to ways of changing Cold War mentalities, which still hinder the normalization process and the achievement of comprehensive security cooperation among the countries in the region

  9. Managing Security Risks in an Industrial Investment – Analysis Directions

    Directory of Open Access Journals (Sweden)

    Stefan Dragomir

    2016-05-01

    Full Text Available This paper achieved an analysis of some important management strategies for an investment, in correlation with index of global pollution. Environmental security assessment shall be determined taking into account the workplace security and effects on health, safety of workers in an industry investment. It is necessary to observe and collect a larger number of data generated by the development of an industrial process, so as to make a deep analysis on global pollution index and how it is affected industrial investment environment. This research shows how can the substances that infest the environment to produce much damage and influence the environmental factors (air, water, soil, landscape, fauna and flora. When we know the risks that characterize the plant equipment, we can protect the life and we can protect the environment for a sustainable development in the future.

  10. Security Risks of Cloud Computing and Its Emergence as 5th Utility Service

    Science.gov (United States)

    Ahmad, Mushtaq

    Cloud Computing is being projected by the major cloud services provider IT companies such as IBM, Google, Yahoo, Amazon and others as fifth utility where clients will have access for processing those applications and or software projects which need very high processing speed for compute intensive and huge data capacity for scientific, engineering research problems and also e- business and data content network applications. These services for different types of clients are provided under DASM-Direct Access Service Management based on virtualization of hardware, software and very high bandwidth Internet (Web 2.0) communication. The paper reviews these developments for Cloud Computing and Hardware/Software configuration of the cloud paradigm. The paper also examines the vital aspects of security risks projected by IT Industry experts, cloud clients. The paper also highlights the cloud provider's response to cloud security risks.

  11. Surviving security how to integrate people, process, and technology

    CERN Document Server

    Andress, Amanda

    2003-01-01

    WHY DO I NEED SECURITY? Introduction The Importance of an Effective Security Infrastructure People, Process, and Technology What Are You Protecting Against? Types of Attacks Types of Attackers Security as a Competitive Advantage Choosing a Solution Finding Security Employees The Layered Approach UNDERSTANDING REQUIREMENTS AND RISK What Is Risk? Embracing Risk Information Security Risk Assessment Assessing Risk Insurance SECURITY POLICIES AND PROCEDURES Internal Focus Is Key Security Awareness and Education Policy Life Cycle Developing Policies Components of a Security Policy Sample Security Po

  12. Food Security and Cardiovascular Disease Risk Among Adults in the United States: Findings From the National Health and Nutrition Examination Survey, 2003–2008

    Science.gov (United States)

    2013-01-01

    Introduction Little is known about the relationship between food security status and predicted 10-year cardiovascular disease risk. The objective of this study was to examine the associations between food security status and cardiovascular disease risk factors and predicted 10-year risk in a national sample of US adults. Methods A cross-sectional analysis using data from 10,455 adults aged 20 years or older from the National Health and Nutrition Examination Survey 2003–2008 was conducted. Four levels of food security status were defined by using 10 questions. Results Among all participants, 83.9% had full food security, 6.7% had marginal food security, 5.8% had low food security, and 3.6% had very low food security. After adjustment, mean hemoglobin A1c was 0.15% greater and mean concentration of C-reactive protein was 0.8 mg/L greater among participants with very low food security than among those with full food security. The adjusted mean concentration of cotinine among participants with very low food security was almost double that of participants with full food security (112.8 vs 62.0 ng/mL, P security status and systolic blood pressure or concentrations of total cholesterol, high-density lipoprotein cholesterol, or non-high-density lipoprotein cholesterol were observed. Participants aged 30 to 59 years with very low food security were more likely to have a predicted 10-year cardiovascular disease risk greater than 20% than fully food secure participants (adjusted prevalence ratio, 2.38; 95% CI, 1.31–4.31). Conclusion Adults aged 30 to 59 years with very low food security showed evidence of increased predicted 10-year cardiovascular disease risk. PMID:24309090

  13. AUTOMATING THE DATA SECURITY PROCESS

    Directory of Open Access Journals (Sweden)

    Florin Ogigau-Neamtiu

    2017-11-01

    Full Text Available Contemporary organizations face big data security challenges in the cyber environment due to modern threats and actual business working model which relies heavily on collaboration, data sharing, tool integration, increased mobility, etc. The nowadays data classification and data obfuscation selection processes (encryption, masking or tokenization suffer because of the human implication in the process. Organizations need to shirk data security domain by classifying information based on its importance, conduct risk assessment plans and use the most cost effective data obfuscation technique. The paper proposes a new model for data protection by using automated machine decision making procedures to classify data and to select the appropriate data obfuscation technique. The proposed system uses natural language processing capabilities to analyze input data and to select the best course of action. The system has capabilities to learn from previous experiences thus improving itself and reducing the risk of wrong data classification.

  14. Outsourcing information security

    CERN Document Server

    Axelrod, Warren

    2004-01-01

    This comprehensive and timely resource examines security risks related to IT outsourcing, clearly showing you how to recognize, evaluate, minimize, and manage these risks. Unique in its scope, this single volume offers you complete coverage of the whole range of IT security services and fully treats the IT security concerns of outsourcing. The book helps you deepen your knowledge of the tangible and intangible costs and benefits associated with outsourcing IT and IS functions.

  15. Accident Precursor Analysis and Management: Reducing Technological Risk Through Diligence

    Science.gov (United States)

    Phimister, James R. (Editor); Bier, Vicki M. (Editor); Kunreuther, Howard C. (Editor)

    2004-01-01

    Almost every year there is at least one technological disaster that highlights the challenge of managing technological risk. On February 1, 2003, the space shuttle Columbia and her crew were lost during reentry into the atmosphere. In the summer of 2003, there was a blackout that left millions of people in the northeast United States without electricity. Forensic analyses, congressional hearings, investigations by scientific boards and panels, and journalistic and academic research have yielded a wealth of information about the events that led up to each disaster, and questions have arisen. Why were the events that led to the accident not recognized as harbingers? Why were risk-reducing steps not taken? This line of questioning is based on the assumption that signals before an accident can and should be recognized. To examine the validity of this assumption, the National Academy of Engineering (NAE) undertook the Accident Precursors Project in February 2003. The project was overseen by a committee of experts from the safety and risk-sciences communities. Rather than examining a single accident or incident, the committee decided to investigate how different organizations anticipate and assess the likelihood of accidents from accident precursors. The project culminated in a workshop held in Washington, D.C., in July 2003. This report includes the papers presented at the workshop, as well as findings and recommendations based on the workshop results and committee discussions. The papers describe precursor strategies in aviation, the chemical industry, health care, nuclear power and security operations. In addition to current practices, they also address some areas for future research.

  16. Conseptual framework of ensuring food security in the Ural federal district

    Directory of Open Access Journals (Sweden)

    Aleksandr Samvelovich Beletskiy

    2011-12-01

    Full Text Available The paper reviews the risks and threats to food security of the Ural Federal District which can significantly reduce its the level. The most significant risks are grouped according to the following classification: macroeconomic, technological, climatic, agro-ecological and foreign trade risks. The main directions of economic policy of the Ural Federal District in the area of food security are defined. Particular attention is paid to the improvement of economic and physical availability of food for all groups of population and to the problems of formation of the state material reserves and food safety. Strategic development priorities in the field of agricultural and fishery products, raw materials and food, sustainable development of rural areas in the field of foreign policy are formulated. Conceptual bases for the implementation mechanism of economic policies to ensure food security in the region are suggested.

  17. Information technology - Security techniques - Information security management systems - Requirements

    CERN Document Server

    International Organization for Standardization. Geneva

    2005-01-01

    ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

  18. Reducing cancer risk in rural communities through supermarket interventions.

    Science.gov (United States)

    McCool, Barent N; Lyford, Conrad P; Hensarling, Natalie; Pence, Barbara; McCool, Audrey C; Thapa, Janani; Belasco, Eric; Carter, Tyra M

    2013-09-01

    Cancer risk is high, and prevention efforts are often minimal in rural communities. Feasible means of encouraging lifestyles that will reduce cancer risk for residents of rural communities are needed. This project developed and tested a model that could be feasibly adopted by rural communities to reduce cancer risk. This model focuses on incorporating multi-faceted cancer risk education in the local supermarket. As the supermarket functions both as the primary food source and an information source in small rural communities, the supermarket focus encourages the development of a community environment supportive of lifestyles that should reduce residents' risk for cancer. The actions taken to implement the model and the challenges that communities would have in implementing the model are identified.

  19. Institutional Root Cause of the Irregularity of Social Security Funds in China

    Institute of Scientific and Technical Information of China (English)

    Bingwen Zheng

    2007-01-01

    This paper analyzes institutional defects in the Chinese social security system, based on irregularities in social security funds revealed in the Audit Report by the China National Audit Office. The author divides the irregularities into five categories according to the nature of fund use. The results show that the institutional root cause of the irregularities lies in the unreasonable design and operation of the social security system, which currently faces management and institutional risks. This paper argues that simple rhetoric about strengthening regulation and supervision cannot help to reduce illegal practices, or to realize risk control. The only solution is to reform the social security system. Specifically, the Chinese Government should regulate the administrative cost of the social security system,and the behavior of its agencies, through legislation, reform the investment regime to increase rate of return of pension assets, and adjust and reshape the existing social security system, so as to elevate its pooling level.

  20. Social Security And Mental Illness: Reducing Disability With Supported Employment

    Science.gov (United States)

    Drake, Robert E.; Skinner, Jonathan S.; Bond, Gary R.; Goldman, Howard H.

    2010-01-01

    Social Security Administration disability programs are expensive, growing, and headed toward bankruptcy. People with psychiatric disabilities now constitute the largest and most rapidly expanding subgroup of program beneficiaries. Evidence-based supported employment is a well-defined, rigorously tested service model that helps people with psychiatric disabilities obtain and succeed in competitive employment. Providing evidence-based supported employment and mental health services to this population could reduce the growing rates of disability and enable those already disabled to contribute positively to the workforce and to their own welfare, at little or no cost (and, depending on assumptions, a possible savings) to the government. PMID:19414885

  1. Cyber-security: industrials must stop denying the risk of cyber-attacks

    International Nuclear Information System (INIS)

    Hausermann, L.

    2015-01-01

    The risk of cyber-attacks of industrial sites is real. Recently the Anvers port and the Bakou-Tbilissi-Ceyhan pipeline have been attacked. In both cases hackers succeeded: they were able to track sea containers in which drug was concealed and recover it in the Anvers port and in the case of the pipeline the hackers took control of the control system and were able to trigger a huge explosion by shunning security systems and allowing damaging pressure surges. The massive use of digital systems and of automated systems in various industrial sectors has led to huge network of inter-connected smart devices whose purpose is not to process data but to monitor and control. All these devices and equipment are controlled by software whose weaknesses and fault lines multiply the risk of cyber-attacks even for 'closed' networks. While the total hacking of a nuclear power plant is highly unlikely, real threats exist and must be taken into account. Innovative solutions based on the mapping of the fluxes of the system and combined with an inventory of all its weaknesses may pave the way towards cyber-security. (A.C.)

  2. The School Breakfast Program strengthens household food security among low-income households with elementary school children.

    Science.gov (United States)

    Bartfeld, Judith S; Ahn, Hong-Min

    2011-03-01

    The School Breakfast Program is an important component of the nutritional safety net and has been linked to positive changes in meal patterns and nutritional outcomes. By offering a breakfast, which for low-income children is available either at no cost or reduced price, the program also has the potential to increase household food security. This study examined the relationship between availability of the School Breakfast Program and household food security among low-income third-grade students by using data from the Early Childhood Longitudinal Survey-Kindergarten Cohort. The primary sample included 3010 students. Availability of school breakfast was assessed by surveys of school administrators. Food security was assessed by parents' reports by using the standard 18-item food security scale and considering 2 different food security thresholds. A probit model was estimated to measure the relationship between school breakfast availability and household food security while controlling for a range of other characteristics. Access to school breakfast reduced the risk of marginal food insecurity but not the risk of food insecurity at the standard threshold. That is, the program appeared beneficial in offsetting food-related concerns among at-risk families, although not necessarily in alleviating food insecurity once hardships had crossed the food insecurity threshold. Increasing the availability of school breakfast may be an effective strategy to maintain food security among low-income households with elementary school children.

  3. Secure communication based on multi-input multi-output chaotic system with large message amplitude

    International Nuclear Information System (INIS)

    Zheng, G.; Boutat, D.; Floquet, T.; Barbot, J.P.

    2009-01-01

    This paper deals with the problem of secure communication based on multi-input multi-output (MIMO) chaotic systems. Single input secure communication based on chaos can be easily extended to multiple ones by some combinations technologies, however all the combined inputs possess the same risk to be broken. In order to reduce this risk, a new secure communication scheme based on chaos with MIMO is discussed in this paper. Moreover, since the amplitude of messages in traditional schemes is limited because it would affect the quality of synchronization, the proposed scheme is also improved into an amplitude-independent one.

  4. Nutritional strategies to reduce falls risk in older people.

    Science.gov (United States)

    Nash, Louise; Bergin, Nick

    2018-03-23

    A literature review found an association between increased falls risk and malnutrition, sarcopenia, vitamin D deficiency and dehydration. Strategies to identify, prevent and treat these conditions can help to reduce falls risk in at-risk groups such as frail, older people. Nurses can reduce falls risk in older people by raising awareness of risk factors and embedding nutritional strategies in local falls reduction strategies. ©2018 RCN Publishing Company Ltd. All rights reserved. Not to be copied, transmitted or recorded in any way, in whole or part, without prior permission of the publishers.

  5. Labor rights of employees of the private security providers in El Salvador, and their relation to psychosocial risk

    Directory of Open Access Journals (Sweden)

    Carlos Alberto Coca Muñoz

    2014-11-01

    Full Text Available This paper draws the attention of the academic community, businessmen, worker associations/unions, and public decision makers to the relation between preventing psychosocial risks for private security workers in El Salvador, and the respect for their worker rights as enshrined in the Constitution of the Republic, the Labor Code, and the General Law for the Prevention of Risk at the Workplace. It addresses the doctrine and legal framework of psychosocial risk, and government responsibility in terms of occupational security and health –specifically, the intervention of work inspections by the Ministry of Labor, and verifying psychosocial risks.DOI: http://dx.doi.org/10.5377/rpsp.v4i1.1557

  6. Does retirement reduce the risk of myocardial infarction?

    DEFF Research Database (Denmark)

    Olesen, Kasper; Rugulies, Reiner; Rod, Naja Hulvej

    2014-01-01

    BACKGROUND: Recent studies have suggested that retirement may have beneficial effects on health outcomes. In this study we examined whether the risk of myocardial infarction (MI) was reduced following retirement in a Danish population sample. METHODS: Participants were 617 511 Danish workers, born...... of 1.11 (95% confidence interval: 1.06, 1.16) when comparing retirees with active workers of the same age. CONCLUSIONS: This study does not support the hypothesis that retirement reduces risk of MI. On the contrary, we find that retirement is associated with a modestly increased risk of MI....

  7. Warehouse receipts functioning to reduce market risk

    Directory of Open Access Journals (Sweden)

    Jovičić Daliborka

    2014-01-01

    Full Text Available Cereal production underlies the market risk to a great extent due to its elastic demand. Prices of grain have cyclic movements and significant decline in the harvest periods as a result of insufficient supply and high demand. The very specificity of agricultural production leads to the fact that agricultures are forced to sell their products at unfavorable conditions in order to resume production. The Public Warehouses System allows the agriculturers, who were previously unable to use the bank loans to finance the continuation of their production, to efficiently acquire the necessary funds, by the support of the warehouse receipts which serve as collaterals. Based on the results obtained by applying statistical methods (variance and standard deviation, as a measure of market risk under the assumption that warehouse receipts' prices will approximately follow the overall consumer price index, it can be concluded that the warehouse receipts trade will have a significant impact on risk reduction in cereal production. Positive effects can be manifested through the stabilization of prices, reduction of cyclic movements in the production of basic grains and, in the final stage, on the country's food security.

  8. The UN Security Council and prevention of displacement

    Directory of Open Access Journals (Sweden)

    Sanjula Weerasinghe

    2012-12-01

    Full Text Available Respecting the prohibitions against forced and arbitrary displacementcould significantly reduce the risk of, or prevent, displacement insituations of armed conflict, as could insisting on accountabilityfor violations of these prohibitions that amount to war crimes orcrimes against humanity. The UN Security Council has only partiallyaddressed these issues.

  9. Review your Computer Security Now and Frequently!

    CERN Multimedia

    IT Department

    2009-01-01

    The start-up of LHC is foreseen to take place in the autumn and we will be in the public spotlight again. This increases the necessity to be vigilant with respect to computer security and the defacement of an experiment’s Web page in September last year shows that we should be particularly attentive. Attackers are permanently probing CERN and so we must all do the maximum to reduce future risks. Security is a hierarchical responsibility and requires to balance the allocation of resources between making systems work and making them secure. Thus all of us, whether users, developers, system experts, administrators, or managers are responsible for securing our computing assets. These include computers, software applications, documents, accounts and passwords. There is no "silver bullet" for securing systems, which can only be achieved by a painstaking search for all possible vulnerabilities followed by their mitigation. Additional advice on particular topics can be obtained from the relevant I...

  10. Governance and Risk Management of Network and Information Security: The Role of Public Private Partnerships in Managing the Existing and Emerging Risks

    Science.gov (United States)

    Navare, Jyoti; Gemikonakli, Orhan

    Globalisation and new technology has opened the gates to more security risks. As the strategic importance of communication networks and information increased, threats to the security and safety of communication infrastructures, as well as information stored in and/or transmitted increased significantly. The development of the self replicating programmes has become a nightmare for Internet users. Leading companies, strategic organisations were not immune to attacks; they were also "hacked" and overtaken by intruders. Incidents of recent years have also shown that national/regional crisis may also trigger cyber attacks at large scale. Experts forecast that cyber wars are likely to take the stage as tension mounts between developed societies. New risks such as cyber-attacks, network terrorism and disintegration of traditional infrastructures has somewhat blurred the boundaries of operation and control. This paper seeks to consider the risk management and governance and looking more specifically at implications for emerging economies.

  11. Security in the internet

    International Nuclear Information System (INIS)

    Seibel, R.M.M.; Kocher, K.; Landsberg, P.

    2000-01-01

    Aim of the study: Is it possible to use the Internet as a secure media for transport of telemedicine? Which risks exist for routine use? In this article state of the art methods of security were analysed. Telemedicine in the Internet has severe risks, because patient data and hospital data of a secure Intranet can be manipulated by connecting it to the Web. Conclusions: Establishing of a firewall and the introduction of HPC (Health Professional Card) are minimizing the risk of un-authorized access to the hospital server. HPC allows good safety with digital signature and authentication of host and client of medical data. For secure e-mail PGP (Pretty Good Privacy) is easy to use as a standard protocol. Planning all activities exactly as well as following legal regulations are important requisites for reduction of safety risks in Internet. (orig.) [de

  12. Scenario-neutral Food Security Risk Assessment: A livestock Heat Stress Case Study

    Science.gov (United States)

    Broman, D.; Rajagopalan, B.; Hopson, T. M.

    2015-12-01

    Food security risk assessments can provide decision-makers with actionable information to identify critical system limitations, and alternatives to mitigate the impacts of future conditions. The majority of current risk assessments have been scenario-led and results are limited by the scenarios - selected future states of the world's climate system and socioeconomic factors. A generic scenario-neutral framework for food security risk assessments is presented here that uses plausible states of the world without initially assigning likelihoods. Measures of system vulnerabilities are identified and system risk is assessed for these states. This framework has benefited greatly by research in the water and natural resource fields to adapt their planning to provide better risk assessments. To illustrate the utility of this framework we develop a case study using livestock heat stress risk within the pastoral system of West Africa. Heat stress can have a major impact not only on livestock owners, but on the greater food production system, decreasing livestock growth, milk production, and reproduction, and in severe cases, death. A heat stress index calculated from daily weather is used as a vulnerability measure and is computed from historic daily weather data at several locations in the study region. To generate plausible states, a stochastic weather generator is developed to generate synthetic weather sequences at each location, consistent with the seasonal climate. A spatial model of monthly and seasonal heat stress provide projections of current and future livestock heat stress measures across the study region, and can incorporate in seasonal climate and other external covariates. These models, when linked with empirical thresholds of heat stress risk for specific breeds offer decision-makers with actionable information for use in near-term warning systems as well as for future planning. Future assessment can indicate under which states livestock are at greatest risk

  13. Breast cancer after bilateral risk-reducing mastectomy

    DEFF Research Database (Denmark)

    Skytte, A-B; Crüger, Dorthe Gylling; Gerster, M

    2011-01-01

    This study aims to evaluate the incidence of breast cancer after risk-reducing mastectomy (RRM) in healthy BRCA mutation carriers. This study is a long-term follow-up of 307 BRCA mutation carriers of whom 96 chose RRM. None of the study participants had a previous history of breast or ovarian...... cancer nor had they undergone RRM or risk-reducing bilateral salpingo-oophorectomy (BSO) prior to the time of BRCA testing. The annual incidence of post-mastectomy breast cancer was 0.8% compared with 1.7% in the non-operated group. Implications of these findings in relation to genetic counseling...

  14. Potential risks and threats to international security

    Directory of Open Access Journals (Sweden)

    Iurie RICHICINSCHI

    2016-12-01

    Full Text Available Today we can ascertain with certainty that in the early part of the 21st century, the challenges addressed to the current security environment tend to become increasingly diffuse, less predictable and multidimensional, being both a feature of external security, as well as an internal one and, of course, becoming an indispensable part of security policies and strategies. Therefore, the need for international cooperation as a foundation for the stability of the security environment has increased. It should provide a sense of trust and peace by ensuring the absence of danger both for the individual and for the community to which he belongs.

  15. Breastfeeding Reduces Childhood Obesity Risks.

    Science.gov (United States)

    Wang, Liang; Collins, Candice; Ratliff, Melanie; Xie, Bin; Wang, Youfa

    2017-06-01

    The present study examined the effects of breastfeeding and its duration on the development of childhood obesity from 24 months through grade 6. U.S. longitudinal data collected from 1234 children were analyzed using logistic regression models and generalized estimating equation (GEE). Child height and weight were measured six times at ages of 24 months, 36 months, 54 months, grade 1, grade 3, and grade 6. During the early 1990s, prevalence of breastfeeding was low in the United States, 60% and 48% at 1 and 6 months, respectively. Nonsmoking, white, married mothers with both parents in the household, and with income above the poverty line, were more likely to breastfeed at 1 month of age of their babies. Obesity rate of the children increased with age from 24 months to grade 6. Logistic regression showed that breastfeeding at month 1 was associated with 53% (odds ratio [OR]: 0.47, 95% confidence interval [CI]: 0.30-0.73) and 47% (OR: 0.53, 95% CI: 0.36-0.78) decreased risks for childhood obesity at grades 1 and 6, respectively. GEE analysis showed that breastfeeding at 1 month reduced risk for childhood obesity by 36% (95% CI: 0.47-0.88) from ages 24 months through grade 6. Regarding breastfeeding duration, more than 6 months (vs. never) was associated with a decreased risk for childhood obesity by 42% (OR: 0.58, 95% CI: 0.36-0.94). Breastfeeding at 1 month and more than 6 months reduced the risk of childhood obesity. Rate of breastfeeding was low in the United States in the 1990s, which may have had long-term implications on children.

  16. Organizational Policies and Programs to Reduce Job Stress and Risk of Workplace Violence Among K-12 Education Staff.

    Science.gov (United States)

    Landsbergis, Paul; Zoeckler, Jeanette; Kashem, Zerin; Rivera, Bianca; Alexander, Darryl; Bahruth, Amy

    2018-02-01

    We examine strategies, programs, and policies that educators have developed to reduce work stressors and thus health risks. First, we review twenty-seven empirical studies and review papers on organizational programs and policies in K-12 education published from 1990 to 2015 and find some evidence that mentoring, induction, and Peer Assistance and Review programs can increase support, skill development, decision-making authority, and perhaps job security, for teachers-and thus have the potential to reduce job stressors. Second, we describe efforts to reduce workplace violence in Oregon, especially in special education, including legislation, collective bargaining, research, and public awareness. We conclude that to reduce workplace violence, adequate resources are needed for staffing, training, equipment, injury/assault reporting, and investigation. Third, we discuss collective bargaining initiatives that led to mentoring and Peer Assistance and Review and state legislation on prevention of bullying and harassment of school staff. Finally, we present a research agenda on these issues.

  17. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II.

    Science.gov (United States)

    Watzlaf, Valerie J M; Moeini, Sohrab; Matusow, Laura; Firouzan, Patti

    2011-01-01

    In a previous publication the authors developed a privacy and security checklist to evaluate Voice over Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy. In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR. Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR.

  18. Secure Java For Web Application Development

    CERN Document Server

    Bhargav, Abhay

    2010-01-01

    As the Internet has evolved, so have the various vulnerabilities, which largely stem from the fact that developers are unaware of the importance of a robust application security program. This book aims to educate readers on application security and building secure web applications using the new Java Platform. The text details a secure web application development process from the risk assessment phase to the proof of concept phase. The authors detail such concepts as application risk assessment, secure SDLC, security compliance requirements, web application vulnerabilities and threats, security

  19. A Research Agenda for Security Engineering

    Directory of Open Access Journals (Sweden)

    Rich Goyette

    2013-08-01

    Full Text Available Despite nearly 30 years of research and application, the practice of information system security engineering has not yet begun to exhibit the traits of a rigorous scientific discipline. As cyberadversaries have become more mature, sophisticated, and disciplined in their tradecraft, the science of security engineering has not kept pace. The evidence of the erosion of our digital security – upon which society is increasingly dependent – appears in the news almost daily. In this article, we outline a research agenda designed to begin addressing this deficit and to move information system security engineering toward a mature engineering discipline. Our experience suggests that there are two key areas in which this movement should begin. First, a threat model that is actionable from the perspectives of risk management and security engineering should be developed. Second, a practical and relevant security-measurement framework should be developed to adequately inform security-engineering and risk-management processes. Advances in these areas will particularly benefit business/government risk assessors as well as security engineers performing security design work, leading to more accurate, meaningful, and quantitative risk analyses and more consistent and coherent security design decisions. Threat modelling and security measurement are challenging activities to get right – especially when they need to be applied in a general context. However, these are decisive starting points because they constitute the foundation of a scientific security-engineering practice. Addressing these challenges will require stronger and more coherent integration between the sub-disciplines of risk assessment and security engineering, including new tools to facilitate that integration. More generally, changes will be required in the way security engineering is both taught and practiced to take into account the holistic approach necessary from a mature, scientific

  20. IRSN 2007 barometer: perception of risks and security by French people. Global results

    International Nuclear Information System (INIS)

    2007-07-01

    This report presents under the form of graphs and comments the results of the annual IRSN opinion poll on matters of risk and security. The IRSN is the French Institute of Radioprotection and Nuclear Safety. Different themes are analysed: the present concerns for French people (in the present society, for the environment, about industrial risks and the image of science), the perception of expertise (who should control an installation, the role and the image of scientific experts, access to expertise documents), the public interest in risk issues (topic of interest, participation to information sessions), the attitude in front of 30 risk situations (presently perceived risks, confidence in public authorities to ensure their protection, truth about information on hazards, hierarchy of 30 situations). The last part is dedicated to the nuclear domain (nuclear risk, skill and credibility of interveners)

  1. Perceptions of the risk of child abduction or loss and the utility of child electronic security devices.

    Science.gov (United States)

    Dixon, R M; Pasnak, R

    1997-09-01

    Perceptions of the susceptibility of young children to becoming lost or being abducted, and of the potential usefulness of child electronic security devices, were examined via a questionnaire. Data were provided by 41 volunteers, most of them from a local government office centre. The questionnaire asked for demographic data, and then for the risk of a child being abducted or lost when under the supervision of different caregivers and in different situations. The probable effectiveness of three common abductor ploys was also addressed. The questionnaire concluded with 10 questions about child electronic security devices. Respondents viewed mothers, fathers, and grandparents as equally responsible caregivers and young adults/babysitters as the least responsible. These effects diminished as the age of the children increased. The garden at home was judged to be the most secure environment for children of all ages, while an amusement park was judged the least secure environment. Children were perceived to be more at risk of an abduction when a stranger asked for physical assistance or to take them to the hospital because their parents were hurt, than when asked for directions. Furthermore, the respondents expressed a moderately strong need for child electronic security devices, and viewed parents who use them as more responsible than those who do not.

  2. Global Hotspots of Conflict Risk between Food Security and Biodiversity Conservation

    OpenAIRE

    Molotoks, Amy; Dawson, Terence Peter

    2017-01-01

    The global challenges of food security and biodiversity are rarely addressed together, though recently there has been an increasing awareness that the two issues are closely related. The majority of land available for agriculture is already used for food production, but despite the productivity gains, one in nine people worldwide are classified as food insecure. There is an increasing risk that addressing food insecurity through methods such as agricultural expansion orintensification could l...

  3. Information security governance: a risk assessment approach to health information systems protection.

    Science.gov (United States)

    Williams, Patricia A H

    2013-01-01

    It is no small task to manage the protection of healthcare data and healthcare information systems. In an environment that is demanding adaptation to change for all information collection, storage and retrieval systems, including those for of e-health and information systems, it is imperative that good information security governance is in place. This includes understanding and meeting legislative and regulatory requirements. This chapter provides three models to educate and guide organisations in this complex area, and to simplify the process of information security governance and ensure appropriate and effective measures are put in place. The approach is risk based, adapted and contextualized for healthcare. In addition, specific considerations of the impact of cloud services, secondary use of data, big data and mobile health are discussed.

  4. The process of Risk management for E-business

    Directory of Open Access Journals (Sweden)

    Erion Lekaj

    2017-07-01

    Full Text Available In the new Internet economy, risk management plays a critical role to protect the organization and its ability to perform their business mission, not just its IT assets. Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. The risk management is an important component of an IT security program. Information and communications technology management and IT security are responsible for ensuring that technology risks are managed appropriately. These risks originate from the deployment and use of IT assets in various ways, such as configuring systems incorrectly or gaining access to restricted soft ware.

  5. ICT security management

    OpenAIRE

    SCHREURS, Jeanne; MOREAU, Rachel

    2007-01-01

    Security becomes more and more important and companies are aware that it has become a management problem. It’s critical to know what are the critical resources and processes of the company and their weaknesses. A security audit can be a handy solution. We have developed BEVA, a method to critically analyse the company and to uncover the weak spots in the security system. BEVA results also in a general security score and security scores for each security factor. These will be used in the risk ...

  6. Security Investment in Contagious Networks.

    Science.gov (United States)

    Hasheminasab, Seyed Alireza; Tork Ladani, Behrouz

    2018-01-16

    Security of the systems is normally interdependent in such a way that security risks of one part affect other parts and threats spread through the vulnerable links in the network. So, the risks of the systems can be mitigated through investments in the security of interconnecting links. This article takes an innovative look at the problem of security investment of nodes on their vulnerable links in a given contagious network as a game-theoretic model that can be applied to a variety of applications including information systems. In the proposed game model, each node computes its corresponding risk based on the value of its assets, vulnerabilities, and threats to determine the optimum level of security investments on its external links respecting its limited budget. Furthermore, direct and indirect nonlinear influences of a node's security investment on the risks of other nodes are considered. The existence and uniqueness of the game's Nash equilibrium in the proposed game are also proved. Further analysis of the model in a practical case revealed that taking advantage of the investment effects of other players, perfectly rational players (i.e., those who use the utility function of the proposed game model) make more cost-effective decisions than selfish nonrational or semirational players. © 2018 Society for Risk Analysis.

  7. Conceptualizing energy security

    International Nuclear Information System (INIS)

    Winzer, Christian

    2012-01-01

    Energy security is one of the main targets of energy policy. However, the term has not been clearly defined, which makes it hard to measure and difficult to balance against other policy objectives. We review the multitude of definitions of energy security. They can be characterized according to the sources of risk, the scope of the impacts, and the severity filters in the form of the speed, size, sustention, spread, singularity and sureness of impacts. Using a stylized case study for three European countries, we illustrate how the selection of conceptual boundaries along these dimensions determines the outcome. This can be avoided by more clearly separating between security of supply and other policy objectives. This leads us to the definition of energy security as the continuity of energy supplies relative to demand. - Highlights: ► The widest energy security concept includes all risks that are caused by or have an impact on the energy supply chain. ► Authors narrow this down by choosing different risk sources, impact measures and subjective severity filters in their definitions. ► The selection of conceptual boundaries determines outcome of quantitative studies.

  8. Top management turnover and firm default risk: Evidence from the Chinese securities market

    Directory of Open Access Journals (Sweden)

    Wei Ting

    2011-06-01

    Full Text Available China has moved rapidly from a socialist planned economy to a market economy. As a result, many enterprises in China are seeking talented top management to increase their performance and decrease their default risk. Studies abound regarding top management turnover and its relationship with firm performance, however, few studies have connected top management turnover with firm default risk. In China, a market with extensive financial fraud, firm default risk is an important factor and thus we explore this relationship in the Chinese securities market. Our results indicate that firms with higher default risk are more likely to change their top management in the next financial reporting period. In addition, following changes in top management, such firms default less than other companies.

  9. A unified framework for risk and vulnerability analysis covering both safety and security

    International Nuclear Information System (INIS)

    Aven, Terje

    2007-01-01

    Recently, we have seen several attempts to establish adequate risk and vulnerability analyses tools and related management frameworks dealing not only with accidental events but also security problems. These attempts have been based on different analysis approaches and using alternative building blocks. In this paper, we discuss some of these and show how a unified framework for such analyses and management tasks can be developed. The framework is based on the use of probability as a measure of uncertainty, as seen through the eyes of the assessor, and define risk as the combination of possible consequences and related uncertainties. Risk and vulnerability characterizations are introduced incorporating ideas both from vulnerability analyses literature as well as from the risk classification scheme introduced by Renn and Klinke

  10. Top management turnover and firm default risk:Evidence from the Chinese securities market

    Institute of Scientific and Technical Information of China (English)

    Wei; Ting

    2011-01-01

    China has moved rapidly from a socialist planned economy to a market economy.As a result,many enterprises in China are seeking talented top management to increase their performance and decrease their default risk.Studies abound regarding top management turnover and its relationship with firm performance,however,few studies have connected top management turnover with firm default risk.In China,a market with extensive financial fraud,firm default risk is an important factor and thus we explore this relationship in the Chinese securities market.Our results indicate that firms with higher default risk are more likely to change their top management in the next financial reporting period.In addition,following changes in top management,such firms default less than other companies.

  11. [Security aspects on the Internet].

    Science.gov (United States)

    Seibel, R M; Kocher, K; Landsberg, P

    2000-04-01

    Is it possible to use the Internet as a secure media for transport of telemedicine? Which risks exist for routine use? In this article state of the art methods of security were analysed. Telemedicine in the Internet has severe risks, because patient data and hospital data of a secure Intranet can be manipulated by connecting it to the Web. Establishing of a firewall and the introduction of HPC (Health Professional Card) are minimizing the risk of un-authorized access to the hospital server. HPC allows good safety with digital signature and authentication of host and client of medical data. For secure e-mail PGP (Pretty Good Privacy) is easy to use as a standard protocol. Planning all activities exactly as well as following legal regulations are important requisites for reduction of safety risks in Internet.

  12. Reducing cardiovascular risk : protecting the kidney

    NARCIS (Netherlands)

    Dobre, Daniela; Lambers Heerspink, Hiddo J.; de Zeeuw, Dick

    2009-01-01

    Progressive decline of renal function in chronic kidney disease (CKD), measured by a reduced glomerular filtration rate or albuminuria, is linked to an increased risk of cardiovascular (CV) disease. Angiotensin-converting enzyme (ACE) inhibitors and angiotensin II receptor blockers (ARBs), most

  13. Security of attachment and quality of mother-toddler social interaction in a high-risk sample.

    Science.gov (United States)

    Haltigan, John D; Lambert, Brittany L; Seifer, Ronald; Ekas, Naomi V; Bauer, Charles R; Messinger, Daniel S

    2012-02-01

    The quality of children's social interactions and their attachment security with a primary caregiver are two widely studied indices of socioemotional functioning in early childhood. Although both Bowlby and Ainsworth suggested that the parent-child interactions underlying the development of attachment security could be distinguished from other aspects of parent-child interaction (e.g., play), relatively little empirical research has examined this proposition. The aim of the current study was to explore this issue by examining concurrent relations between toddler's attachment security in the Strange Situation Procedure and quality of mother-child social interaction in a high-risk sample of toddlers characterized by prenatal cocaine exposure and low levels of maternal education. Analyses of variance suggested limited relations between attachment security and quality of social interaction. Further research examining the interrelations among various components of the parent-child relationship is needed. Copyright © 2011 Elsevier Inc. All rights reserved.

  14. Wireless Sensor Network Security Enhancement Using Directional Antennas: State of the Art and Research Challenges.

    Science.gov (United States)

    Curiac, Daniel-Ioan

    2016-04-07

    Being often deployed in remote or hostile environments, wireless sensor networks are vulnerable to various types of security attacks. A possible solution to reduce the security risks is to use directional antennas instead of omnidirectional ones or in conjunction with them. Due to their increased complexity, higher costs and larger sizes, directional antennas are not traditionally used in wireless sensor networks, but recent technology trends may support this method. This paper surveys existing state of the art approaches in the field, offering a broad perspective of the future use of directional antennas in mitigating security risks, together with new challenges and open research issues.

  15. Digital Health Data: A Comprehensive Review of Privacy and Security Risks and Some Recommendations

    Directory of Open Access Journals (Sweden)

    Shahidul Islam Khan

    2016-08-01

    Full Text Available In today’s world, health data are being produced in ever\\-increasing amounts due to extensive use of medical devices generating data in digital form. These data are stored in diverse formats at different health information systems. Medical practitioners and researchers can be benefited significantly if these massive heterogeneous data could be integrated and made accessible through a common platform. On the other hand, digital health data containing protected health information (PHI are the main target of the cybercriminals. In this paper, we have provided a state of the art review of the security threats in the integrated healthcare information systems. According to our analysis, healthcare data servers are leading target of the hackers because of monetary value. At present, attacks on healthcare organizations' data are 1.25 times higher compared to five years ago. We have provided some important recommendations to minimize the risk of attacks and to reduce the chance of compromising patients' privacy after any successful attack.

  16. Efficiently securing data on a wireless sensor network

    International Nuclear Information System (INIS)

    Healy, M; Newe, T; Lewis, E

    2007-01-01

    Due to the sensitive nature of the data many wireless sensor networks are tasked to collect security of this data is an important concern. The best way to secure this data is to encrypt it using a secure encryption algorithm before it is transmitted over the air ways. However due to the constrained nature of the resources available on sensor nodes the cost, both in terms of power consumption and speed, of any software based encryption procedure can often out weigh the risks of the transmission being intercepted. We present a solution to reduce this cost of employing encryption by taking advantage of a resource already available on many sensor nodes; this resource being the encryption module available on the Chipcon CC2420 transceiver chip

  17. A Secure Information Framework with APRQ Properties

    Science.gov (United States)

    Rupa, Ch.

    2017-08-01

    Internet of the things is the most trending topics in the digital world. Security issues are rampant. In the corporate or institutional setting, security risks are apparent from the outset. Market leaders are unable to use the cryptographic techniques due to their complexities. Hence many bits of private information, including ID, are readily available for third parties to see and to utilize. There is a need to decrease the complexity and increase the robustness of the cryptographic approaches. In view of this, a new cryptographic technique as good encryption pact with adjacency, random prime number and quantum code properties has been proposed. Here, encryption can be done by using quantum photons with gray code. This approach uses the concepts of physics and mathematics with no external key exchange to improve the security of the data. It also reduces the key attacks by generation of a key at the party side instead of sharing. This method makes the security more robust than with the existing approach. Important properties of gray code and quantum are adjacency property and different photons to a single bit (0 or 1). These can reduce the avalanche effect. Cryptanalysis of the proposed method shows that it is resistant to various attacks and stronger than the existing approaches.

  18. Risk Based Security Management at Research Reactors

    Energy Technology Data Exchange (ETDEWEB)

    Ek, David R. [Sandia National Laboratories (SNL-NM), Albuquerque, NM (United States)

    2015-09-01

    This presentation provides a background of what led to the international emphasis on nuclear security and describes how nuclear security is effectively implemented so as to preserve the societal benefits of nuclear and radioactive materials.

  19. Principles of Security Vulnerability Analysis of stationary industrial installations

    International Nuclear Information System (INIS)

    Borysiewicz, M.

    2006-01-01

    Security and safety have been key priorities at facilities that manufacture, store, use, or handle hazardous chemicals, after the terrorist attacks on the United States of September 11, 2001. Security improvements may be needed, especially at sites that pose a more attractive target to terrorists due to their economic importance, perceived level of consequences, and other factors. The first step in the process of managing security risks is to identify and analyze the threats and the vulnerabilities facing a facility by conducting a Security Vulnerability Analysis (SVA). The SVA is a systematic process that evaluates the likelihood that a threat against a facility will be successful. It considers the potential severity of consequences to the facility itself, to the surrounding community and on the energy supply chain. The objective of conducting a SVA is to identify security hazards, threats, and vulnerabilities facing a facility, and to evaluate the countermeasures to provide for the protection of the public, workers, national interests, the environment, and the company. With this information security risks can be assessed and strategies can be formed to reduce vulnerabilities as required. SVA is a tool to assist management in making decisions on the need for countermeasures to address the threats and vulnerabilities. The paper provides an overview of fundamental steps of SVA for stationary industrial installations. (author)

  20. Automating risk analysis of software design models.

    Science.gov (United States)

    Frydman, Maxime; Ruiz, Guifré; Heymann, Elisa; César, Eduardo; Miller, Barton P

    2014-01-01

    The growth of the internet and networked systems has exposed software to an increased amount of security threats. One of the responses from software developers to these threats is the introduction of security activities in the software development lifecycle. This paper describes an approach to reduce the need for costly human expertise to perform risk analysis in software, which is common in secure development methodologies, by automating threat modeling. Reducing the dependency on security experts aims at reducing the cost of secure development by allowing non-security-aware developers to apply secure development with little to no additional cost, making secure development more accessible. To automate threat modeling two data structures are introduced, identification trees and mitigation trees, to identify threats in software designs and advise mitigation techniques, while taking into account specification requirements and cost concerns. These are the components of our model for automated threat modeling, AutSEC. We validated AutSEC by implementing it in a tool based on data flow diagrams, from the Microsoft security development methodology, and applying it to VOMS, a grid middleware component, to evaluate our model's performance.

  1. Economic abuse and intra-household inequities in food security.

    Science.gov (United States)

    Power, Elaine M

    2006-01-01

    Food insecurity affected over 2.3 million Canadians in 2004. To date, the food security literature has not considered the potential impact of economic abuse on food security, but there are three ways in which these two important public health issues may be related: 1) victims of economic abuse are at risk of food insecurity when they are denied access to adequate financial resources; 2) the conditions that give rise to food insecurity may also precipitate intimate partner violence in all its forms; 3) women who leave economically abusive intimate heterosexual relationships are more likely to live in poverty and thus are at risk of food insecurity. This paper presents a case of one woman who, during a qualitative research interview, spontaneously reported economic abuse and heterosexual interpersonal violence. The economic abuse suffered by this participant appears to have affected her food security and that of her children, while her husband's was apparently unaffected. There is an urgent need to better understand the nature of intra-household food distribution in food-insecure households and the impact of economic abuse on its victims' food security. Such an understanding may lead to improved food security measurement tools and social policies to reduce food insecurity.

  2. Development of information security and vulnerability risk management system for J-PARC

    International Nuclear Information System (INIS)

    Ishikawa, Hiroyuki; Tate, Akihiro; Murakami, Tadashi

    2012-02-01

    In J-PARC (Japan Proton Accelerator Research Complex) we have set up intra-network (internal network, we will abbreviate it as JLAN, below) to support research activity and communication among users. In JLAN, we set up various kinds of security devices to keep JLAN secure. However, the servers which provide information or service to public are still in danger of being accessed illegally. If there is an illegal access, that may cause defacement of data or information leak. Furthermore, the victim servers are manipulated by the malicious attackers, and they themselves attack the external information equipments. Vulnerability of servers enables unauthorized access. So, vulnerability test with use of a vulnerability tool is one of the most effective ways to take measures for vulnerability of the equipments. However, it is not enough to just conduct a vulnerability test. It is also essential for information security to take measures to cover constantly for the vulnerability of servers. We focused on the points above, and developed the vulnerability testing system for security. It is not only a testing tool for the vulnerability of servers, but also management system which enables the server administrators in charge of taking measures for vulnerabilities to manage risks and handles PDCA (Plan-Do-Check-Action) cycles as countermeasure for vulnerability. In this paper, we report the technologies and ingenuities for the development of the above system. (author)

  3. Business risks, functions, methods of assessment and ways to reduce risk

    Directory of Open Access Journals (Sweden)

    A.V. Mihalchuk

    2015-06-01

    Full Text Available For successful existence in a market economy entrepreneur have to take bold actions, and this increases the risk. The article describes the concept of entrepreneurship and business risk, positive and negative aspects of functions of risk in business. Therefore, it is necessary to assess the risk properly and be able to manage it to achieve the most effective results in the market. In market conditions the problem of assessing and accounting market becomes independent theoretical and practical significance as an important component of the theory and practice of management. Risk - a key element of business activities. Development of risk situations can lead to both the occurrence of adverse effects (losses, lost profits, and positive results for a company in the form of increased profit. This article describes: the concept of entrepreneurship, risk and business risks, characteristic of positive and negative aspects of risk functions in business, methods of assessment and risk reduction, shows formulae and examples you can use to assess risk in an enterprise. Analyzing already established methods of risk assessment a number of rules were proposed in order to reduce business risk.

  4. METHOD FOR SECURITY SPECIFICATION SOFTWARE REQUIREMENTS AS A MEANS FOR IMPLEMENTING A SOFTWARE DEVELOPMENT PROCESS SECURE - MERSEC

    Directory of Open Access Journals (Sweden)

    Castro Mecías, L.T.

    2015-06-01

    Full Text Available Often security incidents that have the object or use the software as a means of causing serious damage and legal, economic consequences, etc. Results of a survey by Kaspersky Lab reflectvulnerabilities in software are the main cause of security incidents in enterprises, the report shows that 85% of them have reported security incidents and vulnerabilities in software are the main reason is further estimated that incidents can cause significant losses estimated from 50,000 to $ 649.000. (1 In this regard academic and industry research focuses on proposals based on reducing vulnerabilities and failures of technology, with a positive influence on how the software is developed. A development process for improved safety practices and should include activities from the initial phases of the software; so that security needs are identified, manage risk and appropriate measures are implemented. This article discusses a method of analysis, acquisition and requirements specification of the software safety analysis on the basis of various proposals and deficiencies identified from participant observation in software development teams. Experiments performed using the proposed yields positive results regarding the reduction of security vulnerabilities and compliance with the safety objectives of the software.

  5. Android apps security

    CERN Document Server

    Gunasekera, Sheran

    2012-01-01

    Android Apps Security provides guiding principles for how to best design and develop Android apps with security in mind. It explores concepts that can be used to secure apps and how developers can use and incorporate these security features into their apps. This book will provide developers with the information they need to design useful, high-performing, and secure apps that expose end-users to as little risk as possible.  Overview of Android OS versions, features, architecture and security.  Detailed examination of areas where attacks on applications can take place and what controls should b

  6. Periodontal disease with treatment reduces subsequent cancer risks.

    Science.gov (United States)

    Hwang, Ing-Ming; Sun, Li-Min; Lin, Cheng-Li; Lee, Chun-Feng; Kao, Chia-Hung

    2014-10-01

    The aim of our study was to evaluate the relationship between routine treatment of periodontal disease (PD) and the subsequent risks for cancers in Taiwan. Study participants were selected from the Taiwan National Health Insurance (NHI) system database. The PD with a routine treatment cohort contained 38 902 patients. For each treatment cohort participant, two age- and sex-matched comparison (control) cohort participants were randomly selected. Cox's proportional hazards regression analysis was used to estimate the effects of PD with treatment on the subsequent risk of cancer. The overall risk of developing cancer was significantly lower in the treatment cohort than in the patients without treatment (adjusted Hazard ratio = 0.72, 95% confidence interval = 0.68-0.76). The risks of developing most gastrointestinal tract, lung, gynecological and brain malignancies were significantly lower in the treatment cohort than in the comparison cohort. In contrast, the risks of prostate and thyroid cancers were significantly higher in the treatment cohort than in the comparison cohort. Our findings suggest that PD with treatment is associated with a significantly reduced overall risk of cancer and reduced risks of certain types of cancers. © The Author 2014. Published by Oxford University Press on behalf of the Association of Physicians. All rights reserved. For Permissions, please email: journals.permissions@oup.com.

  7. Evaluation of Cyber Security and Modelling of Risk Propagation with Petri Nets

    Directory of Open Access Journals (Sweden)

    Marcin Szpyrka

    2017-02-01

    Full Text Available This article presents a new method of risk propagation among associated elements. On thebasis of coloured Petri nets, a new class called propagation nets is defined. This class providesa formal model of a risk propagation. The proposed method allows for model relations betweennodes forming the network structure. Additionally, it takes into account the bidirectional relationsbetween components as well as relations between isomorphic, symmetrical components in variousbranches of the network. This method is agnostic in terms of use in various systems and it canbe adapted to the propagation model of any systems’ characteristics; however, it is intentionallyproposed to assess the risk of critical infrastructures. In this paper, as a proof of concept example, weshow the formal model of risk propagation proposed within the project Cyberspace Security ThreatsEvaluation System of the Republic of Poland. In the article, the idea of the method is presented aswell as its use case for evaluation of risk for cyber threats. With the adaptation of Petri nets, it ispossible to evaluate the risk for the particular node and assess the impact of this risk for all relatednodes including hierarchic relations of components as well as isomorphism of elements.

  8. Security culture for nuclear facilities

    Science.gov (United States)

    Gupta, Deeksha; Bajramovic, Edita

    2017-01-01

    Natural radioactive elements are part of our environment and radioactivity is a natural phenomenon. There are numerous beneficial applications of radioactive elements (radioisotopes) and radiation, starting from power generation to usages in medical, industrial and agriculture applications. But the risk of radiation exposure is always attached to operational workers, the public and the environment. Hence, this risk has to be assessed and controlled. The main goal of safety and security measures is to protect human life, health, and the environment. Currently, nuclear security considerations became essential along with nuclear safety as nuclear facilities are facing rapidly increase in cybersecurity risks. Therefore, prevention and adequate protection of nuclear facilities from cyberattacks is the major task. Historically, nuclear safety is well defined by IAEA guidelines while nuclear security is just gradually being addressed by some new guidance, especially the IAEA Nuclear Security Series (NSS), IEC 62645 and some national regulations. At the overall level, IAEA NSS 7 describes nuclear security as deterrence and detection of, and response to, theft, sabotage, unauthorized access, illegal transfer or other malicious acts involving nuclear, other radioactive substances and their associated facilities. Nuclear security should be included throughout nuclear facilities. Proper implementation of a nuclear security culture leads to staff vigilance and a high level of security posture. Nuclear security also depends on policy makers, regulators, managers, individual employees and members of public. Therefore, proper education and security awareness are essential in keeping nuclear facilities safe and secure.

  9. A Comparative Analysis of University Information Systems within the Scope of the Information Security Risks

    Directory of Open Access Journals (Sweden)

    Rustu Yilmaz

    2016-05-01

    Full Text Available Universities are the leading institutions that are the sources of educated human population who both produce information and ensure to develop new products and new services by using information effectively, and who are needed in every area. Therefore, universities are expected to be institutions where information and information management are used efficiently. In the present study, the topics such as infrastructure, operation, application, information, policy and human-based information security at universities were examined within the scope of the information security standards which are highly required and intended to be available at each university today, and then a comparative analysis was conducted specific to Turkey. Within the present study, the Microsoft Security Assessment Tool developed by Microsoft was used as the risk analysis tool. The analyses aim to enable the universities to compare their information systems with the information systems of other universities within the scope of the information security awareness, and to make suggestions in this regard.

  10. A Model for an Information Security Risk Management (ISRM) Framework for Saudi Arabian Organisations

    Science.gov (United States)

    Alshareef, Naser

    2016-01-01

    Countries in the Gulf represent thriving, globally important commercial centres. They have embraced technology and modern management methods, often originating in the western countries. In adapting to quite different cultures these do not always operate as successfully. The adoption and practices of the Information Security Risk Management (ISRM)…

  11. Security and robustness for collaborative monitors

    NARCIS (Netherlands)

    Testerink, Bas; Bulling, Nils; Dastani, Mehdi

    2016-01-01

    Decentralized monitors can be subject to robustness and security risks. Robustness risks include attacks on the monitor’s infrastructure in order to disable parts of its functionality. Security risks include attacks that try to extract information from the monitor and thereby possibly leak sensitive

  12. Public Health Crisis in War and Conflict - Health Security in Aggregate.

    Science.gov (United States)

    Quinn, John; Zelený, Tomáš; Subramaniam, Rammika; Bencko, Vladimír

    2017-03-01

    Public health status of populations is multifactorial and besides other factors it is linked to war and conflict. Public health crisis can erupt when states go to war or are invaded; health security may be reduced for affected populations. This study reviews in aggregate multiple indices of human security, human development and legitimacy of the state in order to describe a predictable global health portrait. Paradigm shift of large global powers to that non-state actors and proxies impact regional influence through scaled conflict and present major global health challenges for policy makers. Small scale conflict with large scale violence threatens health security for at-risk populations. The paper concludes that health security is directly proportional to state security. Copyright© by the National Institute of Public Health, Prague 2017

  13. The efficiency of asset management strategies to reduce urban flood risk.

    Science.gov (United States)

    ten Veldhuis, J A E; Clemens, F H L R

    2011-01-01

    In this study, three asset management strategies were compared with respect to their efficiency to reduce flood risk. Data from call centres at two municipalities were used to quantify urban flood risks associated with three causes of urban flooding: gully pot blockage, sewer pipe blockage and sewer overloading. The efficiency of three flood reduction strategies was assessed based on their effect on the causes contributing to flood risk. The sensitivity of the results to uncertainty in the data source, citizens' calls, was analysed through incorporation of uncertainty ranges taken from customer complaint literature. Based on the available data it could be shown that increasing gully pot blockage is the most efficient action to reduce flood risk, given data uncertainty. If differences between cause incidences are large, as in the presented case study, call data are sufficient to decide how flood risk can be most efficiently reduced. According to the results of this analysis, enlargement of sewer pipes is not an efficient strategy to reduce flood risk, because flood risk associated with sewer overloading is small compared to other failure mechanisms.

  14. A Layered Trust Information Security Architecture

    Science.gov (United States)

    de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

    2014-01-01

    Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

  15. A layered trust information security architecture.

    Science.gov (United States)

    de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

    2014-12-01

    Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

  16. A Layered Trust Information Security Architecture

    Directory of Open Access Journals (Sweden)

    Robson de Oliveira Albuquerque

    2014-12-01

    Full Text Available Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

  17. Quantifiably secure power grid operation, management, and evolution :

    Energy Technology Data Exchange (ETDEWEB)

    Gray, Genetha Anne.; Watson, Jean-Paul; Silva Monroy, Cesar Augusto; Gramacy, Robert B.

    2013-09-01

    This report summarizes findings and results of the Quantifiably Secure Power Grid Operation, Management, and Evolution LDRD. The focus of the LDRD was to develop decisionsupport technologies to enable rational and quantifiable risk management for two key grid operational timescales: scheduling (day-ahead) and planning (month-to-year-ahead). Risk or resiliency metrics are foundational in this effort. The 2003 Northeast Blackout investigative report stressed the criticality of enforceable metrics for system resiliency the grids ability to satisfy demands subject to perturbation. However, we neither have well-defined risk metrics for addressing the pervasive uncertainties in a renewable energy era, nor decision-support tools for their enforcement, which severely impacts efforts to rationally improve grid security. For day-ahead unit commitment, decision-support tools must account for topological security constraints, loss-of-load (economic) costs, and supply and demand variability especially given high renewables penetration. For long-term planning, transmission and generation expansion must ensure realized demand is satisfied for various projected technological, climate, and growth scenarios. The decision-support tools investigated in this project paid particular attention to tailoriented risk metrics for explicitly addressing high-consequence events. Historically, decisionsupport tools for the grid consider expected cost minimization, largely ignoring risk and instead penalizing loss-of-load through artificial parameters. The technical focus of this work was the development of scalable solvers for enforcing risk metrics. Advanced stochastic programming solvers were developed to address generation and transmission expansion and unit commitment, minimizing cost subject to pre-specified risk thresholds. Particular attention was paid to renewables where security critically depends on production and demand prediction accuracy. To address this

  18. Front end of the nuclear fuel cycle: options to reduce the risks of terrorism and proliferation

    International Nuclear Information System (INIS)

    Greenberg, E.V.C.; Hoenig, M.M.

    1987-01-01

    The authors' assessment of the prospects for advanced front end technologies and fuel assurances becoming effective mechanisms for achieving nonproliferation and antiterrorism objectives is relatively pessimistic unless they are integrated with back end accommodations such as the return of spent fuel. They recommend that further examination of front end assurances be linked to that accommodation. To be sure, certain real technological improvements may postpone the day when commercial use of nuclear explosive fuels, with all their attendant terrorism and proliferation risks, is justified. Indeed, improvements in LWRs, using well-understood technology combined with advanced enrichment techniques, could reduce uranium requirements up to 45% at the beginning of the next century and up to 30% a decade earlier, provided the economic and security incentives are present. On the institutional side, existing supply conditions put little pressure on importing countries to seek long-term supply assurances. Moreover, the political obstacles to creating new international institutions or arrangements are exceedingly difficult to overcome, especially without a heightened consciousness of the growing risks of civilian explosive nuclear materials and the political will to make these risks a high priority. 2 tables

  19. Decommissioning Programme Management: reducing risk and cost while accelerating schedules through improved planning, Earned Value Management and safe work execution

    International Nuclear Information System (INIS)

    Hansen, S.E.

    2008-01-01

    CH2M HILL experience includes more than two decades of managing nuclear facilities and providing clean-up and operations support for commercial and government facilities worldwide. Our expertise ranges from decommissioning and defence sector businesses to nuclear technology development and innovation. Our approach places top priority on the safe execution of work while reducing both risk and cost. Our nuclear services include: programme management, nuclear safety analysis, radiological protection, radioactive waste management, nuclear remediation, nuclear materials and waste transportation management, nuclear safeguards and security services, and nuclear decontamination and decommissioning. This paper will discuss our approach which has resulted in a strong track record of accelerating schedules and reducing costs of major nuclear programmes, including Rocky Flats, Idaho, and our work at UKAEA sites. (author)

  20. Evaluating shielding effectiveness for reducing space radiation cancer risks

    International Nuclear Information System (INIS)

    Cucinotta, Francis A.; Kim, Myung-Hee Y.; Ren, Lei

    2006-01-01

    We discuss calculations of probability distribution functions (PDF) representing uncertainties in projecting fatal cancer risk from galactic cosmic rays (GCR) and solar particle events (SPE). The PDFs are used in significance tests for evaluating the effectiveness of potential radiation shielding approaches. Uncertainties in risk coefficients determined from epidemiology data, dose and dose-rate reduction factors, quality factors, and physics models of radiation environments are considered in models of cancer risk PDFs. Competing mortality risks and functional correlations in radiation quality factor uncertainties are included in the calculations. We show that the cancer risk uncertainty, defined as the ratio of the upper value of 95% confidence interval (CI) to the point estimate is about 4-fold for lunar and Mars mission risk projections. For short-stay lunar missions ( 180d) or Mars missions, GCR risks may exceed radiation risk limits that are based on acceptable levels of risk. For example, the upper 95% CI exceeding 10% fatal risk for males and females on a Mars mission. For reducing GCR cancer risks, shielding materials are marginally effective because of the penetrating nature of GCR and secondary radiation produced in tissue by relativistic particles. At the present time, polyethylene or carbon composite shielding cannot be shown to significantly reduce risk compared to aluminum shielding based on a significance test that accounts for radiobiology uncertainties in GCR risk projection

  1. Nuclear security. Improving correction of security deficiencies at DOE's weapons facilities

    International Nuclear Information System (INIS)

    Wells, James E.; Cannon, Doris E.; Fenzel, William F.; Lightner, Kenneth E. Jr.; Curtis, Lois J.; DuBois, Julia A.; Brown, Gail W.; Trujillo, Charles S.; Tumler, Pamela K.

    1992-11-01

    The US nuclear weapons research, development, and production are conducted at 10 DOE nuclear weapons facilities by contractors under the guidance and oversight of 9 DOE field offices. Because these facilities house special nuclear materials used in making nuclear weapons and nuclear weapons components, DOE administers a security program to protect (1) against theft, sabotage, espionage, terrorism, or other risks to national security and (2) the safety and health of DOE employees and the public. DOE spends almost $1 billion a year on this security program. DOE administers the security program through periodic inspections that evaluate and monitor the effectiveness of facilities' safeguards and security. Security inspections identify deficiencies, instances of noncompliance with safeguards and security requirements or poor performance of the systems being evaluated, that must be corrected to maintain adequate security. The contractors and DOE share responsibility for correcting deficiencies. Contractors, in correcting deficiencies, must comply with several DOE orders. The contractors' performances were not adequate in conducting four of the eight procedures considered necessary in meeting DOE's deficiency correction requirements. For 19 of the 20 deficiency cases we reviewed, contractors could not demonstrate that they had conducted three critical deficiency analyses (root cause, risk assessment, and cost-benefit) required by DOE. Additionally, the contractors did not always adequately verify that corrective actions taken were appropriate, effective, and complete. The contractors performed the remaining four procedures (reviewing deficiencies for duplication, entering deficiencies into a data base, tracking the status of deficiencies, and preparing and implementing a corrective action plan) adequately in all 20 cases. DOE's oversight of the corrective action process could be improved in three areas. The computerized systems used to track the status of security

  2. SECTOR-SPECIFIC STRUCTURE OF THE REGIONAL ECONOMY AS A FACTOR OF ELEVATION OF RISKS TO ITS ECONOMIC SECURITY

    Directory of Open Access Journals (Sweden)

    Rostislav BILYK

    2016-07-01

    Full Text Available The article analyzes a sector-specific specialization of the regional economy in Ukraine. It also reveals possibility and conditions of transformation of a sector-specific specialization of the region and risks to its economic security. The article suggests an assessment of influence of a sector-specific specialization on occurrence of threats to the economic security of the region.

  3. Energy security and national policy

    International Nuclear Information System (INIS)

    Martin, W.F.

    1987-01-01

    To achieve an energy secure future, energy cannot be viewed as an isolated concern. It is part and parcel of a nation's economic, social, and political context. In the past important implications for the economy and national security have been ignored. Crash programs to deal with oil shortages in the seventies, crashed. In the eighties, oil surplus has been enjoyed. The energy situation could be quite different in the nineties. Statistics on energy supply and consumption of oil, coal, natural gas and electricity from nuclear power show that much progress has been made worldwide. However, about half of the world's oil will come from the Persian Gulf by 1995. Continued low oil prices could raise US imports to 60% of consumption by 1995. Persian Gulf tensions serve as reminders of the link between energy policy and national security policy. Energy policy must be based on market forces and concerns for national security. Strategic oil reserves will expand along with the availability of domestic oil and gas resources. Increased attention to conservation, diversification of energy resources, and use of alternative fuels can help reduce imports. Continued high-risk long term research and development is needed. Improved technology can reduce environmental impacts. Global markets need global cooperation. Energy has emerged as an important aspect of East-West relations. Europeans need to diversify their sources of energy. The soviets have proposed expanded collaboration in magnetic fusion science. A series of initiatives are proposed that together will ensure that economies will not become overly dependent on a single source of energy

  4. Use of risk assessment methods for security design and analysis of nuclear and radioactive facilities

    International Nuclear Information System (INIS)

    Vasconcelos, Vanderley de; Andrade, Marcos C.; Jordao, Elizabete

    2011-01-01

    The objective of this work is to evaluate the applicability of risk assessment methods for analyzing the physical protection of nuclear and radioactive facilities. One of the important processes for physical protection in nuclear and radioactive facilities is the identifying of areas containing nuclear materials, structures, systems or components to be protected from sabotage, which could directly or indirectly lead to unacceptable radiological consequences. A survey of the international guidelines and recommendations about vital area identification, design basis threat (DBT), and the security of nuclear and radioactive facilities was carried out. The traditional methods used for quantitative risk assessment, like FMEA (Failure Mode and Effect Analysis), Event and Decision Trees, Fault and Success Trees, Vulnerability Assessment, Monte Carlo Simulation, Probabilistic Safety Assessment, Scenario Analysis, and Game Theory, among others, are highlighted. The applicability of such techniques to security issues, their pros and cons, the general resources needed to implement them, as data or support software, are analyzed. Finally, an approach to security design and analysis, beginning with a qualitative and preliminary examination to determine the range of possible scenarios, outcomes, and the systems to be included in the analyses, and proceeding to a progressively use of more quantitative techniques is presented. (author)

  5. Execution of a self-directed risk assessment methodology to address HIPAA data security requirements

    Science.gov (United States)

    Coleman, Johnathan

    2003-05-01

    This paper analyzes the method and training of a self directed risk assessment methodology entitled OCTAVE (Operationally Critical Threat Asset and Vulnerability Evaluation) at over 170 DOD medical treatment facilities. It focuses specifically on how OCTAVE built interdisciplinary, inter-hierarchical consensus and enhanced local capabilities to perform Health Information Assurance. The Risk Assessment Methodology was developed by the Software Engineering Institute at Carnegie Mellon University as part of the Defense Health Information Assurance Program (DHIAP). The basis for its success is the combination of analysis of organizational practices and technological vulnerabilities. Together, these areas address the core implications behind the HIPAA Security Rule and can be used to develop Organizational Protection Strategies and Technological Mitigation Plans. A key component of OCTAVE is the inter-disciplinary composition of the analysis team (Patient Administration, IT staff and Clinician). It is this unique composition of analysis team members, along with organizational and technical analysis of business practices, assets and threats, which enables facilities to create sound and effective security policies. The Risk Assessment is conducted in-house, and therefore the process, results and knowledge remain within the organization, helping to build consensus in an environment of differing organizational and disciplinary perspectives on Health Information Assurance.

  6. Measuring the security of energy exports demand in OPEC economies

    International Nuclear Information System (INIS)

    Dike, Jude Chukwudi

    2013-01-01

    One of the objectives of OPEC is the security of demand for the crude oil exports of its members. Achieving this objective is imperative with the projected decline in OECD countries' crude oil demand among other crude oil demand shocks. This paper focuses on determining the external crude oil demand security risks of OPEC member states. In assessing these risks, this study introduces two indexes. The first index, Risky Energy Exports Demand (REED), indicates the level of energy export demand security risks for OPEC members. It combines measures of export dependence, economic dependence, monopsony risk and transportation risk. The second index, Contribution to OPEC Risk Exposure (CORE), indicates the individual contribution of the OPEC members to OPEC's risk exposure. This study utilises the disaggregated index approach in measuring energy demand security risks for crude oil and natural gas and involves a country level analysis. With the disaggregated approach, the study shows that OPEC's energy export demand security risks differ across countries and energy types. - Highlights: • REED and CORE indexes are suitable measures for energy exports demand security risk. • The indexes show that energy demand security risk is different for each OPEC country. • The countries contribution to OPEC's energy demand security risk is also different. • The outcome is necessary for OPEC's common energy and climate change policies. • The outcome makes a case for oil demand security as a topical issue in the literature

  7. Risk-reducing mastectomy for the prevention of primary breast cancer.

    Science.gov (United States)

    Carbine, Nora E; Lostumbo, Liz; Wallace, Judi; Ko, Henry

    2018-04-05

    Recent progress in understanding the genetic basis of breast cancer and widely publicized reports of celebrities undergoing risk-reducing mastectomy (RRM) have increased interest in RRM as a method of preventing breast cancer. This is an update of a Cochrane Review first published in 2004 and previously updated in 2006 and 2010. (i) To determine whether risk-reducing mastectomy reduces death rates from any cause in women who have never had breast cancer and in women who have a history of breast cancer in one breast, and (ii) to examine the effect of risk-reducing mastectomy on other endpoints, including breast cancer incidence, breast cancer mortality, disease-free survival, physical morbidity, and psychosocial outcomes. For this Review update, we searched Cochrane Breast Cancer's Specialized Register, MEDLINE, Embase and the WHO International Clinical Trials Registry Platform (ICTRP) on 9 July 2016. We included studies in English. Participants included women at risk for breast cancer in at least one breast. Interventions included all types of mastectomy performed for the purpose of preventing breast cancer. At least two review authors independently abstracted data from each report. We summarized data descriptively; quantitative meta-analysis was not feasible due to heterogeneity of study designs and insufficient reporting. We analyzed data separately for bilateral risk-reducing mastectomy (BRRM) and contralateral risk-reducing mastectomy (CRRM). Four review authors assessed the methodological quality to determine whether or not the methods used sufficiently minimized selection bias, performance bias, detection bias, and attrition bias. All 61 included studies were observational studies with some methodological limitations; randomized trials were absent. The studies presented data on 15,077 women with a wide range of risk factors for breast cancer, who underwent RRM.Twenty-one BRRM studies looking at the incidence of breast cancer or disease-specific mortality, or

  8. Securing cloud services a pragmatic approach to security architecture in the cloud

    CERN Document Server

    Newcombe, Lee

    2012-01-01

    This book provides an overview of security architecture processes and explains how they may be used to derive an appropriate set of security controls to manage the risks associated with working in the Cloud.

  9. Security management

    International Nuclear Information System (INIS)

    Adams, H.W.

    1990-01-01

    Technical progress is moving more and more quickly and the systems thus produced are so complex and have become so unclear to the individual that he can no longer estimate the consequences: Faith in progress has given way to deep mistrust. Companies have adjusted to this change in consciousness. An interesting tendency can be identified: technical security is already available - now the organization of security has become an important objective for companies. The key message of the book is: If outworn technical systems are no longer adequate, the organization must be thoroughly overhauled. Five chapters deal with the following themes: organization as an aspect of society; risk control; aspects of security; is there security in ADP; the broader concept of security. (orig./HP) [de

  10. Community Savings Groups, Financial Security, and HIV Risk Among Female Sex Workers in Iringa, Tanzania.

    Science.gov (United States)

    Mantsios, Andrea; Galai, Noya; Mbwambo, Jessie; Likindikoki, Samuel; Shembilu, Catherine; Mwampashi, Ard; Beckham, S W; Leddy, Anna; Davis, Wendy; Sherman, Susan; Kennedy, Caitlin; Kerrigan, Deanna

    2018-02-24

    This study assessed the association between community savings group participation and consistent condom use (CCU) among female sex workers (FSW) in Iringa, Tanzania. Using cross-sectional data from a survey of venue-based FSW (n = 496), logistic regression was used to examine the associations between financial indicators including community savings group participation and CCU. Over one-third (35%) of the women participated in a savings group. Multivariable regression results indicated that participating in a savings group was significantly associated with nearly two times greater odds of CCU with new clients in the last 30 days (aOR = 1.77, 95% CI 1.10-2.86). Exploratory mediation analysis indicated that the relationship between savings group participation and CCU was partially mediated by financial security, as measured by monthly income. Findings indicate that community savings groups may play an important role in reducing sexual risk behaviors of FSW and hold promise as part of comprehensive, community-led HIV prevention strategies among FSW.

  11. [Strategies for reducing risks in smoking: opportunity or threat].

    Science.gov (United States)

    Córdoba, Rodrigo; Nerín, Isabel

    2009-12-01

    The smoking control policies recommended by the World Health Organisation have achieved a slight decrease in smoking prevalence in the developed countries, although associated mortality is still very high. The use of tobacco products other than cigarettes and even medicinal nicotine (known as nicotine replacement therapy (NRT)) has been proposed as a risk reduction strategy. Among the tobacco products with less individual risk than cigarettes would be any type of tobacco without smoke (smokeless) with a low content in nitrosamines and modified cigarettes; both forms included under the PREP (Potentially Reduced Exposure Products) concept. The idea would be to promote these products among those who cannot quit smoking or wish to reduce their risk without giving up nicotine intake. The possible effects of risk reduction strategies, including PREP, on the decreased prevalence and morbidity and mortality are reviewed, and the possible implications that this measure could have in our country are analysed. Tobacco control measures in Spain are recent and still insufficient. Therefore, the current priority in Spain is the development of policies of control that have shown to more than effective. The marketing and advertising of new tobacco products, even with reduced potential risk, seems more a serious threat than an opportunity for the development of smoking control policies.

  12. Reducing the Risk of Methadone Overdose

    Centers for Disease Control (CDC) Podcasts

    2012-07-03

    This podcast is based on the July 2012 CDC Vital Signs report. Approximately 14 people die every day of overdoses related to methadone. Listen to learn how to reduce your risk of an overdose.  Created: 7/3/2012 by Centers for Disease Control and Prevention (CDC).   Date Released: 7/3/2012.

  13. Food Security and Cardiovascular Disease Risk Among Adults in the United States: Findings From the National Health and Nutrition Examination Survey, 2003?2008

    OpenAIRE

    Ford, Earl S.

    2013-01-01

    Introduction Little is known about the relationship between food security status and predicted 10-year cardiovascular disease risk. The objective of this study was to examine the associations between food security status and cardiovascular disease risk factors and predicted 10-year risk in a national sample of US adults. Methods A cross-sectional analysis using data from 10,455 adults aged 20 years or older from the National Health and Nutrition Examination Survey 2003?2008 was conducted. Fou...

  14. Information Security Governance: When Compliance Becomes More Important than Security

    OpenAIRE

    Tan , Terence C. C.; Ruighaver , Anthonie B.; Ahmad , Atif

    2010-01-01

    International audience; Current security governance is often based on a centralized decision making model and still uses an ineffective 20th century risk management approach to security. This approach is relatively simple to manage since it needs almost no security governance below the top enterprise level where most decisions are made. However, while there is a role for more corporate governance, new regulations, and improved codes of best practice to address current weak organizational secu...

  15. Communication in reducing facility siting risk

    International Nuclear Information System (INIS)

    Bisconti, A.S.

    1992-01-01

    Today, social considerations are as important as technical ones in siting new nuclear facilities. Siting any industrial facility has become extremely difficult in this era of not in my backyard (NIMBY). Even if NIMBY does not arise locally, well-organized national opposition groups can be counted on to step in to fan the flames, especially when the industrial facility has to do with anything nuclear. It is now generally recognized that the greatest risk of failure for new nuclear facilities is not technical but social. Applying lessons gained from past experience and social science research can help reduce that risk. From these lessons, six principles for public interaction and communication stand out: (1) create goodwill now; (2) involve the community early; (3) establish the need; (4) communicate controls, not risk; (5) avoid jargon; (6) understand your public

  16. Web Security, Privacy & Commerce

    CERN Document Server

    Garfinkel, Simson

    2011-01-01

    Since the first edition of this classic reference was published, World Wide Web use has exploded and e-commerce has become a daily part of business and personal life. As Web use has grown, so have the threats to our security and privacy--from credit card fraud to routine invasions of privacy by marketers to web site defacements to attacks that shut down popular web sites. Web Security, Privacy & Commerce goes behind the headlines, examines the major security risks facing us today, and explains how we can minimize them. It describes risks for Windows and Unix, Microsoft Internet Exp

  17. OPINIONS ABOUT MILITARY LOGISTICS IN A TURBULENT MEDIUM SECURITY

    Directory of Open Access Journals (Sweden)

    Mircea UDRESCU

    2013-06-01

    Full Text Available In the natural world, turbulence involves violent demonstrations, random appearances, unpredictability. Scientists have developed chaos theory to explain some possible variants of development of events that have a given initial state and a number of deterministic assumptions. In these cases, the initial process can take the exponential expression as a form of incorporation of disturbances. Turbulence, for any social environment, especially for the security environment, means extra risk and uncertainty. Policy makers use the security risks to cover their uncertainties, subordinating national security of an umbrella collective, which makes collective security risks to become national security and safety risks.

  18. Practice brief. Securing wireless technology for healthcare.

    Science.gov (United States)

    Retterer, John; Casto, Brian W

    2004-05-01

    Wireless networking can be a very complex science, requiring an understanding of physics and the electromagnetic spectrum. While the radio theory behind the technology can be challenging, a basic understanding of wireless networking can be sufficient for small-scale deployment. Numerous security mechanisms are available to wireless technologies, making it practical, scalable, and affordable for healthcare organizations. The decision on the selected security model should take into account the needs for additional server hardware and administrative costs. Where wide area network connections exist between cooperative organizations, deployment of a distributed security model can be considered to reduce administrative overhead. The wireless approach chosen should be dynamic and concentrate on the organization's specific environmental needs. Aspects of organizational mission, operations, service level, and budget allotment as well as an organization's risk tolerance are all part of the balance in the decision to deploy wireless technology.

  19. Security Bingo

    CERN Multimedia

    Computer Security Team

    2011-01-01

    Want to check your security awareness and win one of three marvellous books on computer security? Just print out this page, mark which of the 25 good practices below you already follow, and send the sheet back to us by 31 October 2011 at either Computer.Security@cern.ch or P.O. Box G19710.   Winners[1] must show that they fulfil at least five good practices in a continuous vertical, horizontal or diagonal row. For details on CERN Computer Security, please consult http://cern.ch/security. I personally…   …am concerned about computer security. …run my computer with an anti-virus software and up-to-date signature files. …lock my computer screen whenever I leave my office. …have chosen a reasonably complex password. …have restricted access to all my files and data. …am aware of the security risks and threats to CERN’s computing facilities. &hell...

  20. Reducing the threat of RDDs. It's not enough to plug gaps in security systems for radioactive sources. Needed are integrated 'cradle-to-grave' controls to prevent high-risk sources from finding their way into the wrong hands

    International Nuclear Information System (INIS)

    Ferguson, C.D.

    2003-01-01

    Common radioactive materials, such as commercial radioactive sources used in medicine, industry, and scientific research, could fuel radiological dispersal devices (RDDs). While the IAEA has worked toward improving the security of radioactive sources long before the September 11 attacks, the IAEA moved quickly after this date to increase its efforts to prevent these materials from becoming tools of radiological terror. IAEA Director General Elbaradei has spoken often about the need for a 'cradle-to-grave' protection system for radioactive materials. While the IAEA and several Member States have striven to establish such a system, more thinking and work are still required to develop an integrated, layered, and cooperative defense system for radioactive source security. Security improvement should be prioritized on those radioactive sources that pose the greatest security risks. Although perfect security systems do not exist a layered security system should be established. This means that multiple barriers should be in place to lessen the likelihood of a radiological terror act. A summary of the findings of the International Conference on Security of Radioactive sources held in March 2003 is included in this paper

  1. Federal securities law and the need to disclose the risk of canceling nuclear plant

    International Nuclear Information System (INIS)

    Sponseller, D.

    1984-01-01

    Almost every electric utility company involved in nuclear plant construction has experienced difficulty as a result of the deteriorating condition of the nuclear industry as a whole. The thrust of a growing number of lawsuits brought against electric companies for alleged violations of federal securities laws is that the companies failed to reveal cost overruns, delays, and the risk of cancellation and write-off of nuclear plants in their annual reports and registration statements. A review of several suits and the disclosure requirements of securities statutes concludes that, although investors have known about utility problems, they have just become aware this year that the entire financial viability of the electric companies is threatened

  2. INFORMATION SYSTEM SECURITY (CYBER SECURITY

    Directory of Open Access Journals (Sweden)

    Muhammad Siddique Ansari

    2016-03-01

    Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers

  3. Information security risk analysis

    CERN Document Server

    Peltier, Thomas R

    2001-01-01

    Effective Risk AnalysisQualitative Risk AnalysisValue AnalysisOther Qualitative MethodsFacilitated Risk Analysis Process (FRAP)Other Uses of Qualitative Risk AnalysisCase StudyAppendix A: QuestionnaireAppendix B: Facilitated Risk Analysis Process FormsAppendix C: Business Impact Analysis FormsAppendix D: Sample of ReportAppendix E: Threat DefinitionsAppendix F: Other Risk Analysis OpinionsIndex

  4. Auditing Organizational Security

    Science.gov (United States)

    2017-01-01

    Organi- zation for Standardiza- tion ( ISO ): ISO 27000 : Information Systems Se- curity Management. A robust program of internal auditing of a...improvement is the basis and underpinning of the ISO . All processes must be considered ongoing and never at an “end state.” Top management develops a...security management system, including security policies and security objectives, plus threats and risks. Orga- nizations already working with ISO 9000

  5. Social Security Funds Clamor for Reform

    Institute of Scientific and Technical Information of China (English)

    郑秉文

    2008-01-01

    This paper analyzed the institutional deficiencies inherent in China’s social security system based on a dissection of various social security fund violations. It holds that the unscientific design in social security system is the root cause for social security fund violations, which is reflected in low level of social security unification, irrational investment system and legislative loopholes etc. Currently, China’s social security funds are facing risks in management and in system; The key of risk control lies in the reforming of the overall framework of social security system through the following aspects: 1) readjust the unified account system structure to raise the level of unification; 2) reform funds investment system to boost ROI; 3) speeding up legislative to regulate the administrative costs and the behaviors of its entities.

  6. Limiting Future Proliferation and Security Risks

    International Nuclear Information System (INIS)

    Bari, R.

    2011-01-01

    A major new technical tool for evaluation of proliferation and security risks has emerged over the past decade as part the activities of the Generation IV International Forum. The tool has been developed by a consensus group from participating countries and organizations and is termed the Proliferation Resistance and Physical Protection (PR and PP) Evaluation Methodology. The methodology defines a set of challenges, analyzes system response to these challenges, and assesses outcomes. The challenges are the threats posed by potential actors (proliferant states or sub-national adversaries). It is of paramount importance in an evaluation to establish the objectives, capabilities, resources, and strategies of the adversary as well as the design and protection contexts. Technical and institutional characteristics are both used to evaluate the response of the system and to determine its resistance against proliferation threats and robustness against sabotage and terrorism threats. The outcomes of the system response are expressed in terms of a set of measures, which thereby define the PR and PP characteristics of the system. This paper summarizes results of applications of the methodology to nuclear energy systems including reprocessing facilities and large and small modular reactors. The use of the methodology in the design phase a facility will be discussed as it applies to future safeguards concepts.

  7. Assessing the Need for an On-Line Educational Module for Volunteer Leaders on Bio-Security in Washington State 4-H Livestock Projects

    Science.gov (United States)

    Stevenson, Jill L.; Moore, Dale A.; Newman, Jerry; Schmidt, Janet L.; Smith, Sarah M.; Smith, Jean; Kerr, Susan; Wallace, Michael; BoyEs, Pat

    2011-01-01

    4-H livestock projects present disease transmission risks that can be reduced by the use of bio-security practices. The responsibility of teaching bio-security to youth belongs primarily to volunteer leaders, who may not be aware of the importance of these practices. A needs assessment for an online educational module about bio-security revealed…

  8. Privacy and Security in Mobile Health (mHealth) Research.

    Science.gov (United States)

    Arora, Shifali; Yttri, Jennifer; Nilse, Wendy

    2014-01-01

    Research on the use of mobile technologies for alcohol use problems is a developing field. Rapid technological advances in mobile health (or mHealth) research generate both opportunities and challenges, including how to create scalable systems capable of collecting unprecedented amounts of data and conducting interventions-some in real time-while at the same time protecting the privacy and safety of research participants. Although the research literature in this area is sparse, lessons can be borrowed from other communities, such as cybersecurity or Internet security, which offer many techniques to reduce the potential risk of data breaches or tampering in mHealth. More research into measures to minimize risk to privacy and security effectively in mHealth is needed. Even so, progress in mHealth research should not stop while the field waits for perfect solutions.

  9. Security and Emergency Management Division

    Data.gov (United States)

    Federal Laboratory Consortium — Volpe's Security and Emergency Management Division identifies vulnerabilities, risks, and opportunities to improve the security of transportation systems, critical...

  10. School Security and Crisis Preparedness: Make It Your Business.

    Science.gov (United States)

    Trump, Kenneth S.

    1999-01-01

    The top five security risks in today's schools include aggressive behavior, weapons possession or use, drug trafficking, gangs, and "stranger danger." Home-made bomb threats are common. This article also discusses security system costs, risk-reduction frameworks, security assessments, crisis-preparedness guidelines, and security-related…

  11. Reducing the Risks for Contrast-Induced Nephropathy

    International Nuclear Information System (INIS)

    Stacul, Fulvio

    2005-01-01

    Contrast-induced nephropathy (CIN) is one of the most serious adverse events associated with the use of contrast media (CM). Patients who develop this complication can have increased morbidity, higher rates of mortality, lengthy hospital stays, and poor long-term outcomes. Although CIN cannot be eliminated, the chances of developing this condition can be reduced by using appropriate prevention strategies. An important first step to reduce the chance of CIN is to identify risk factors associated with this condition. Patients with a previously elevated serum creatinine level, especially when secondary to diabetic nephropathy, are at great risk for developing CIN. Other patient-related risk factors include concurrent use of nephrotoxic medications, dehydration, congestive heart failure, age greater than 70 years, and probably the presence of diabetes mellitus even if serum creatinine is normal. Adequate hydration is widely accepted as an important prophylactic measure for preventing CIN, but the optimal hydration regimen is still debatable. The risk of CIN increases with greater doses of CM, as well as with the type of CM used. A high-osmolar CM poses a greater risk of CIN than does a low-osmolar CM and, as recent but limited data suggest, the use of an iso-osmolar CM is less nephrotoxic than a low-osmolar CM in patients with renal impairment following intra-arterial procedures, although this finding needs to be verified in future clinical studies. Pharmacologic agents such as calcium channel blockers, dopamine, atrial natriuretic peptide, fenoldopam, prostaglandin E1, and endothelin receptor antagonist have not been proven effective against CIN development. Controversies still exist on the possible effectiveness of theophylline and N-acetylcysteine. Simple strategies for the prevention of CIN in at-risk patients are reviewed and unproven interventions are discussed

  12. Developing a secured social networking site using information security awareness techniques

    Directory of Open Access Journals (Sweden)

    Julius O. Okesola

    2014-11-01

    Full Text Available Background: Ever since social network sites (SNS became a global phenomenon in almost every industry, security has become a major concern to many SNS stakeholders. Several security techniques have been invented towards addressing SNS security, but information security awareness (ISA remains a critical point. Whilst very few users have used social circles and applications because of a lack of users’ awareness, the majority have found it difficult to determine the basis of categorising friends in a meaningful way for privacy and security policies settings. This has confirmed that technical control is just part of the security solutions and not necessarily a total solution. Changing human behaviour on SNSs is essential; hence the need for a privately enhanced ISA SNS. Objective: This article presented sOcialistOnline – a newly developed SNS, duly secured and platform independent with various ISA techniques fully implemented. Method: Following a detailed literature review of the related works, the SNS was developed on the basis of Object Oriented Programming (OOP approach, using PhP as the coding language with the MySQL database engine at the back end. Result: This study addressed the SNS requirements of privacy, security and services, and attributed them as the basis of architectural design for sOcialistOnline. SNS users are more aware of potential risk and the possible consequences of unsecured behaviours. Conclusion: ISA is focussed on the users who are often the greatest security risk on SNSs, regardless of technical securities implemented. Therefore SNSs are required to incorporate effective ISA into their platform and ensure users are motivated to embrace it.

  13. Door locking and exit security measures on acute psychiatric admission wards

    NARCIS (Netherlands)

    Nijman, H.L.I.; Bowers, L.; Haglund, K.; Muir-Cochrane, E.; Simpson, A.; Merwe, M. van der

    2011-01-01

    Locking the exit doors of psychiatric wards is believed to reduce the risk of patients absconding. The aims of the study were to investigate both the prevalence of door locking and other exit security measures on UK admission wards, as well as whether door locking appears to be effective in keeping

  14. Web security a whitehat perspective

    CERN Document Server

    Wu, Hanqing

    2015-01-01

    MY VIEW OF THE SECURITY WORLDView of the IT Security WorldBrief History of Web SecurityBrief History of Chinese HackersDevelopment Process of Hacking TechniquesRise of Web SecurityBlack Hat, White HatBack to Nature: The Essence of Secret SecuritySuperstition: There Is No Silver BulletSecurity Is an Ongoing ProcessSecurity ElementsHow to Implement Safety AssessmentAsset ClassificationThreat AnalysisRisk AnalysisDesign of Security ProgramsArt of War of White HatPrinciples of Secure by DefaultBlacklist, WhitelistPrinciple of Least PrivilegePrinciple of Defense in DepthPrinciples of Data and Code

  15. Assessing and managing security risk in IT systems a structured methodology

    CERN Document Server

    McCumber, John

    2004-01-01

    SECURITY CONCEPTSUsing ModelsIntroduction: Understanding, Selecting, and Applying Models Understanding AssetsLayered Security Using Models in Security Security Models for Information Systems Shortcomings of Models in SecuritySecurity in Context Reference Defining Information SecurityConfidentiality, Integrity, and Availability Information AttributesIntrinsic versus Imputed Value Information as an Asset The Elements of Security Security Is Security Only in Context Information as an Asset Introduction Determining Value Managing Information Resources ReferencesUnderstanding Threat and Its Relatio

  16. Uranium and thorium mining and milling: material security and risk assessment

    International Nuclear Information System (INIS)

    Steinhaeusler, F.; Zaitseva, L.

    2005-01-01

    several of the following pre-requisites in order to breach the current level of security at mining and milling facilities: covert political support; covert support by members of the security forces and/or intelligence community; adequate transport capability for bulk shipments or material by rail, road, ship, or air; corruption at the level of government officials, such as export control agencies, customs officers, and border guards. The number of illicit trafficking cases involving uranium and thorium that are known to have occurred shows that the current system of physical protection and accounting is in need of improvement. In order to reduce this risk in the future a series of practically applicable actions are recommended. (author)

  17. Automated security management

    CERN Document Server

    Al-Shaer, Ehab; Xie, Geoffrey

    2013-01-01

    In this contributed volume, leading international researchers explore configuration modeling and checking, vulnerability and risk assessment, configuration analysis, and diagnostics and discovery. The authors equip readers to understand automated security management systems and techniques that increase overall network assurability and usability. These constantly changing networks defend against cyber attacks by integrating hundreds of security devices such as firewalls, IPSec gateways, IDS/IPS, authentication servers, authorization/RBAC servers, and crypto systems. Automated Security Managemen

  18. Nuclear energy and security

    International Nuclear Information System (INIS)

    Blejwas, Thomas E.; Sanders, Thomas L.; Eagan, Robert J.; Baker, Arnold B.

    2000-01-01

    Nuclear power is an important and, the authors believe, essential component of a secure nuclear future. Although nuclear fuel cycles create materials that have some potential for use in nuclear weapons, with appropriate fuel cycles, nuclear power could reduce rather than increase real proliferation risk worldwide. Future fuel cycles could be designed to avoid plutonium production, generate minimal amounts of plutonium in proliferation-resistant amounts or configurations, and/or transparently and efficiently consume plutonium already created. Furthermore, a strong and viable US nuclear infrastructure, of which nuclear power is a large element, is essential if the US is to maintain a leadership or even participatory role in defining the global nuclear infrastructure and controlling the proliferation of nuclear weapons. By focusing on new fuel cycles and new reactor technologies, it is possible to advantageously burn and reduce nuclear materials that could be used for nuclear weapons rather than increase and/or dispose of these materials. Thus, the authors suggest that planners for a secure nuclear future use technology to design an ideal future. In this future, nuclear power creates large amounts of virtually atmospherically clean energy while significantly lowering the threat of proliferation through the thoughtful use, physical security, and agreed-upon transparency of nuclear materials. The authors must develop options for policy makers that bring them as close as practical to this ideal. Just as Atoms for Peace became the ideal for the first nuclear century, they see a potential nuclear future that contributes significantly to power for peace and prosperity

  19. A broadened typology on energy and security

    International Nuclear Information System (INIS)

    Johansson, Bengt

    2013-01-01

    A broadened typology describing the interconnection between energy and security is developed in this paper, with the aim of improving understanding of the relationship between energy and security by applying different research and policy perspectives. One approach involves studying energy as an object exposed to security threats, using concepts such as security of supply or security of demand. Another approach involves studying the role of the energy system as the subject in generating or enhancing insecurity. The latter approach includes studying the conflict-generating potential inherent in the economic value of energy, the risk of accidents and antagonistic attacks to energy infrastructure and the security risks related to the negative environmental impact of the energy system. In order to make a comprehensive analysis of the security consequences of proposed energy policies or strategies, all these aspects should be taken into account to varying degrees. The typology proposed here could be a valuable tool for ensuring that all security aspects have been considered. - Highlights: • The paper presents a broadened typology of energy and security, useful for policy analysis. • The energy system can be an object for security threats and as a subject generating or contributing to insecurity. • Energy as an object for security threats includes the concepts of security of supply and security of demand. • The economic value of energy can contribute to insecurity. • Technological and environmental risks of specific energy systems also provide potential threats to human security

  20. Reducing the harms associated with risk assessments

    International Nuclear Information System (INIS)

    Montague, Peter

    2004-01-01

    Risk assessments are the intellectual products of dedicated public health and environmental professionals. Like many other products, risk assessments carry with them the potential for both good and harm. This paper briefly examines some of the harms to which risk assessments have contributed, and then suggests that the legal 'duty to warn' doctrine offers a logical and practical way to reduce some of these harms. The paper suggests concepts that could be incorporated into warnings accompanying every formal risk assessment as routine 'boiler plate' addenda, just as other potentially harmful products, such as lawn mowers and cook stoves, are accompanied by warnings. Finally, the paper briefly examines the 'Code of Ethics and Standards of Practice for Environmental Professionals' (promulgated by the National Association of Environmental Professionals) and shows that the suggested warnings are consistent with recommended practices for environmental professionals

  1. Measuring Short-term Energy Security

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    2011-07-01

    Ensuring energy security has been at the centre of the IEA mission since its inception, following the oil crises of the early 1970s. While the security of oil supplies remains important, contemporary energy security policies must address all energy sources and cover a comprehensive range of natural, economic and political risks that affect energy sources, infrastructures and services. In response to this challenge, the IEA is currently developing a Model Of Short-term Energy Security (MOSES) to evaluate the energy security risks and resilience capacities of its member countries. The current version of MOSES covers short-term security of supply for primary energy sources and secondary fuels among IEA countries. It also lays the foundation for analysis of vulnerabilities of electricity and end-use energy sectors. MOSES contains a novel approach to analysing energy security, which can be used to identify energy security priorities, as a starting point for national energy security assessments and to track the evolution of a country's energy security profile. By grouping together countries with similar 'energy security profiles', MOSES depicts the energy security landscape of IEA countries. By extending the MOSES methodology to electricity security and energy services in the future, the IEA aims to develop a comprehensive policy-relevant perspective on global energy security. This Brochure provides and overview of the analysis and results. Readers interested in an in-depth discussion of methodology are referred to the MOSES Working Paper.

  2. Mitigating flood exposure: Reducing disaster risk and trauma signature.

    Science.gov (United States)

    Shultz, James M; McLean, Andrew; Herberman Mash, Holly B; Rosen, Alexa; Kelly, Fiona; Solo-Gabriele, Helena M; Youngs, Georgia A; Jensen, Jessica; Bernal, Oscar; Neria, Yuval

    2013-01-01

    Introduction. In 2011, following heavy winter snowfall, two cities bordering two rivers in North Dakota, USA faced major flood threats. Flooding was foreseeable and predictable although the extent of risk was uncertain. One community, Fargo, situated in a shallow river basin, successfully mitigated and prevented flooding. For the other community, Minot, located in a deep river valley, prevention was not possible and downtown businesses and one-quarter of the homes were inundated, in the city's worst flood on record. We aimed at contrasting the respective hazards, vulnerabilities, stressors, psychological risk factors, psychosocial consequences, and disaster risk reduction strategies under conditions where flood prevention was, and was not, possible. Methods . We applied the "trauma signature analysis" (TSIG) approach to compare the hazard profiles, identify salient disaster stressors, document the key components of disaster risk reduction response, and examine indicators of community resilience. Results . Two demographically-comparable communities, Fargo and Minot, faced challenging river flood threats and exhibited effective coordination across community sectors. We examined the implementation of disaster risk reduction strategies in situations where coordinated citizen action was able to prevent disaster impact (hazard avoidance) compared to the more common scenario when unpreventable disaster strikes, causing destruction, harm, and distress. Across a range of indicators, it is clear that successful mitigation diminishes both physical and psychological impact, thereby reducing the trauma signature of the event. Conclusion . In contrast to experience of historic flooding in Minot, the city of Fargo succeeded in reducing the trauma signature by way of reducing risk through mitigation.

  3. MODEL-BASED SECURITY ENGINEERING OF SOA SYSTEM USING SECURITY INTENT DSL

    OpenAIRE

    Muhammad Qaiser Saleem; Jafreezal Jaafar; Mohd Fadzil Hassan

    2011-01-01

    Currently most of the enterprises are using SOA and web services technologies to build their web information system. They are using MDA principles for design and development of WIS and using UML as a modelling language for business process modelling. Along with the increased connectivity in SOA environment, security risks rise exponentially. Security is not defined during the early phases of development and left onto developer. Properly configuring security requirements in SOA applications is...

  4. Systematic, appropriate, and cost-effective application of security technologies in U.S. public schools to reduce crime, violence, and drugs

    Science.gov (United States)

    Green, Mary W.

    1997-01-01

    As problems of violence and crime become more prevalent in our schools, more and more school districts will elect to use security technologies to control these problems. While the desired change in student and community attitudes will require significant systemic change through intense US social programs, security technologies can greatly augment school staff today by providing services similar to having extra adults present. Technologies such as cameras, sensors, drug detection, biometric and personnel identification, lighting, barriers, weapon and explosives detection, anti- graffiti methods, and duress alarms can all be effective, given they are used in appropriate applications, with realistic expectations and an understanding of limitations. Similar to a high-risk government facility, schools must consider a systems approach to security, which includes the use of personnel and procedures as well as security technologies, such that the synergy created by all these elements together contributes more tot he general 'order maintenance' of the facility than could be achieved by separate measures not integrated or related.

  5. Security planning an applied approach

    CERN Document Server

    Lincke, Susan

    2015-01-01

    This book guides readers through building an IT security plan. Offering a template, it helps readers to prioritize risks, conform to regulation, plan their defense and secure proprietary/confidential information. The process is documented in the supplemental online security workbook. Security Planning is designed for the busy IT practitioner, who does not have time to become a security expert, but needs a security plan now. It also serves to educate the reader of a broader set of concepts related to the security environment through the Introductory Concepts and Advanced sections. The book serv

  6. Human health risk assessment database, "the NHSRC toxicity value database": supporting the risk assessment process at US EPA's National Homeland Security Research Center.

    Science.gov (United States)

    Moudgal, Chandrika J; Garrahan, Kevin; Brady-Roberts, Eletha; Gavrelis, Naida; Arbogast, Michelle; Dun, Sarah

    2008-11-15

    The toxicity value database of the United States Environmental Protection Agency's (EPA) National Homeland Security Research Center has been in development since 2004. The toxicity value database includes a compilation of agent property, toxicity, dose-response, and health effects data for 96 agents: 84 chemical and radiological agents and 12 biotoxins. The database is populated with multiple toxicity benchmark values and agent property information from secondary sources, with web links to the secondary sources, where available. A selected set of primary literature citations and associated dose-response data are also included. The toxicity value database offers a powerful means to quickly and efficiently gather pertinent toxicity and dose-response data for a number of agents that are of concern to the nation's security. This database, in conjunction with other tools, will play an important role in understanding human health risks, and will provide a means for risk assessors and managers to make quick and informed decisions on the potential health risks and determine appropriate responses (e.g., cleanup) to agent release. A final, stand alone MS ACESSS working version of the toxicity value database was completed in November, 2007.

  7. Human health risk assessment database, 'the NHSRC toxicity value database': Supporting the risk assessment process at US EPA's National Homeland Security Research Center

    International Nuclear Information System (INIS)

    Moudgal, Chandrika J.; Garrahan, Kevin; Brady-Roberts, Eletha; Gavrelis, Naida; Arbogast, Michelle; Dun, Sarah

    2008-01-01

    The toxicity value database of the United States Environmental Protection Agency's (EPA) National Homeland Security Research Center has been in development since 2004. The toxicity value database includes a compilation of agent property, toxicity, dose-response, and health effects data for 96 agents: 84 chemical and radiological agents and 12 biotoxins. The database is populated with multiple toxicity benchmark values and agent property information from secondary sources, with web links to the secondary sources, where available. A selected set of primary literature citations and associated dose-response data are also included. The toxicity value database offers a powerful means to quickly and efficiently gather pertinent toxicity and dose-response data for a number of agents that are of concern to the nation's security. This database, in conjunction with other tools, will play an important role in understanding human health risks, and will provide a means for risk assessors and managers to make quick and informed decisions on the potential health risks and determine appropriate responses (e.g., cleanup) to agent release. A final, stand alone MS ACESSS working version of the toxicity value database was completed in November, 2007

  8. When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: A cybersecurity risk assessment checklist.

    Science.gov (United States)

    Blanke, Sandra J; McGrady, Elizabeth

    2016-07-01

    Health care stakeholders are concerned about the growing risk of protecting sensitive patient health information from breaches. The Federal Emergency Management Agency (FEMA) has identified cyber attacks as an emerging concern, and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) have increased security requirements and are enforcing compliance through stiff financial penalties. The purpose of this study is to describe health care breaches of protected information, analyze the hazards and vulnerabilities of reported breach cases, and prescribe best practices of managing risk through security controls and countermeasures. Prescriptive findings were used to construct a checklist tool to assess and monitor common risks. This research uses a case methodology to describe specific examples of the 3 major types of cyber breach hazards: portable device, insider, and physical breaches. We utilize a risk management framework to prescribe preventative actions that organizations can take to assess, analyze, and mitigate these risks. The health care sector has the largest number of reported breaches, with 3 major types: portable device, insider, and physical breaches. Analysis of actual cases indicates security gaps requiring prescriptive fixes based on "best practices." Our research culminates in a 25-item checklist that organizations can use to assess existing practices and identify security gaps requiring improvement. © 2016 American Society for Healthcare Risk Management of the American Hospital Association.

  9. A Cyber Security Risk Assessment Procedure for Digital I and C Systems in NPPs

    International Nuclear Information System (INIS)

    Song, J. G.; Lee, J. W.; Lee, C. K.; Kwon, K. C.; Lee, D. Y.

    2011-01-01

    Digital Instrumentation and Control (I and C) systems in nuclear power plants (NPPs) use general digital technologies similar to those used in IT systems. However, one of significant differences between the two systems resides in the duration of their service life. The I and C systems in NPPs operate for more than 20 years. IT systems, on the other hand, are in service for about 3 to 5 years. Hence, a one-time risk assessment for IT systems is normally acceptable. In contrast, the risk assessment for the I and C systems in NPPs should be recursively performed during their longer operation life. A recursive procedure for cyber security risk assessment of the I and C systems in NPPs is studied and proposed in this paper

  10. A Cyber Security Risk Assessment Procedure for Digital I and C Systems in NPPs

    Energy Technology Data Exchange (ETDEWEB)

    Song, J. G.; Lee, J. W.; Lee, C. K.; Kwon, K. C.; Lee, D. Y. [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2011-10-15

    Digital Instrumentation and Control (I and C) systems in nuclear power plants (NPPs) use general digital technologies similar to those used in IT systems. However, one of significant differences between the two systems resides in the duration of their service life. The I and C systems in NPPs operate for more than 20 years. IT systems, on the other hand, are in service for about 3 to 5 years. Hence, a one-time risk assessment for IT systems is normally acceptable. In contrast, the risk assessment for the I and C systems in NPPs should be recursively performed during their longer operation life. A recursive procedure for cyber security risk assessment of the I and C systems in NPPs is studied and proposed in this paper

  11. Critical Security Studies in the 21st Century: Any Directions for Lithuanian Security Studies?

    Directory of Open Access Journals (Sweden)

    Jakniūnaitė Dovilė

    2014-12-01

    Full Text Available This article focuses on recent developments and discussions in the field of security studies and aims to suggest new guidelines for the research of Lithuanian security policy. First it covers the main subjects of contemporary security discourse; next it provides evaluation and review of the critical tradition in security studies that frames presuppositions and is the means for analyzing specific security issues as well as that which fosters reflexive thinking about security. The third part deals with three topics of security research (analysis of security through the concepts of risk, exceptionality and media which have become talking-points in recent years and which have provided innovative insights in security studies.

  12. A new Subcutaneously Anchored Device for Securing External Cerebrospinal Fluid Catheters: our Preliminary Experience.

    Science.gov (United States)

    Frassanito, Paolo; Massimi, Luca; Tamburrini, Gianpiero; Pittiruti, Mauro; Doglietto, Francesco; Nucci, Carlotta Ginevra; Caldarelli, Massimo

    2016-09-01

    Accidental dislocation or removal is a well-known complication of external cerebrospinal fluid (CSF) drainage in daily clinical practice. At present, no data about the incidence of such complications are available in the scientific literature. SecurAcath (Interrad Medical, Plymouth, Minnesota, USA) is a subcutaneously anchored device recently adopted for securement of central venous catheters, known to be highly effective (and cost-effective) in reducing the risk of catheter dislodgement and/or accidental removal. We report our preliminary experience with the use of SecurAcath to secure CSF drainage, either ventricular or spinal, to the skin. SecurAcath was used in 29 consecutive patients (age range: 3 weeks-16 years, median age 6.3 years). In particular, the device was used for 25 ventricular catheters (a patient received 2 catheters in the same procedure for bilateral brain abscess) and 5 spinal drainages. Period in place ranged from 1-4 weeks (median 22 days). No complication related to the use of the device was observed, in particular there was no case of dislocation or accidental removal of the catheter. The removal procedure was extremely easy. The device has proven its utility also in 3 cases requiring an adjustment of the length of the catheter. In our experience, SecurAcath is a safe and effective device to secure CSF external catheters to the skin, with several relevant advantages: its placement and maintenance are easy; it may stay in place for the entire duration of the catheter; it allows a more complete antisepsis of the exit site, thus reducing local skin complications; it eliminates the risk of suture-related needlestick injuries. Copyright © 2016 Elsevier Inc. All rights reserved.

  13. Policy risk in action: pension reforms and social security wealth in Hungary, Czech Republic, and Slovakia

    Czech Academy of Sciences Publication Activity Database

    Dušek, Libor; Kopecsni, J.

    -, 9/2008 (2008), s. 1-34 R&D Projects: GA ČR GA402/05/0711 Institutional research plan: CEZ:AV0Z70850503 Keywords : pension reforms * social security * policy risk Subject RIV: AH - Economics http://ies.fsv.cuni.cz/default/file/download/id/8361

  14. Reducing risks, protecting people. A harmonized approach

    International Nuclear Information System (INIS)

    Foster, R.B.

    2000-01-01

    Risk training, education and communication usually refer to the responsibilities of those who generate risk (e.g. operators of nuclear power plants) towards those who are exposed to the risk (e.g. employees working in the plants and those living in the vicinity). In this context training, education and communication are intended to transfer information from risk professionals to a largely uninformed audience, with a view to improving standards or providing reassurance. However, with the growth of media such as the Internet those to whom such training, education and communication have traditionally been directed are now much better informed. In addition, increasing prosperity affects expectations and prompts questions, not only about the adequacy of the control measures intended to address specific hazards, but also about whether the hazardous activity is justified at all. Within the UK (and Europe) this is very evident for nuclear power, other applications of ionizing radiation, and in other areas such as genetically modified food. In consequence regulators of hazardous activities face considerable new challenges. Of course, regulators still have to formulate standards, communicate them to those responsible for risk reduction and see that the necessary controls are in place. But in addition regulators also have to be able to answer questions such as: - why is this hazardous activity (e.g. a nuclear power plant) allowed at all? - what level of risk is unacceptable? - is the approach to risk reduction sufficiently precautionary? - why shouldn't the risk be reduced further? - why are the risks from certain activities (e.g. those from ionizing radiation) controlled to much lower levels than those from other work activities? - how are decisions made, what criteria are applied and how are the stake holders involves? All this does not make life easy for regulators! The full paper will describe how the Health and Safety Executive (HSE) has responded to these challenges by

  15. 75 FR 75486 - Maritime Security Directive 104-6 (Rev. 4); Guidelines for U.S. Vessels Operating in High Risk...

    Science.gov (United States)

    2010-12-03

    ... Directive 104-6 (Rev. 4); Guidelines for U.S. Vessels Operating in High Risk Waters AGENCY: Coast Guard, DHS... Maritime Transportation Security Act (MTSA) on international voyages through or in designated high risk... MARSEC Directives are available at your local Captain of the Port (COTP) office. Phone numbers and...

  16. Managing Risk, Reducing Vulnerability and Enhancing Productivity ...

    International Development Research Centre (IDRC) Digital Library (Canada)

    Managing Risk, Reducing Vulnerability and Enhancing Productivity under a Changing Climate. The countries of the Greater Horn of Africa are particularly vulnerable to drought, exacerbated by widespread poverty and dependence on rainfed agriculture. Even with normal rainfall, the region does not produce enough food to ...

  17. How to implement security controls for an information security program at CBRN facilities

    International Nuclear Information System (INIS)

    Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

    2015-01-01

    This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

  18. How to implement security controls for an information security program at CBRN facilities

    Energy Technology Data Exchange (ETDEWEB)

    Lenaeus, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)

    2015-12-01

    This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

  19. Social Security and Fighting Poverty in Tunisia

    Directory of Open Access Journals (Sweden)

    Hasna Khemili

    2018-02-01

    Full Text Available The objective of this study was to examine the role of social security in fighting poverty in Metlaoui, Tunisia, using survey data collected between July 2012 and January 2014, covering 200 poor households. We used questionnaire data, which gave a thorough analysis of the reactions, behavior, and strategies adopted by poor households as a result of various forms of risk. Social security has an effect on a number of different areas, including health, education, housing, and income. Our methodology explored both complete and partial risk-sharing, to investigate the impact of social security schemes on the strategies adopted by households to cope with economic shocks. The estimation results of different models showed that social security could help social security-covered households choose less costly strategies to cope with risks. However, the role of social security remains insufficient, given that covered households had less confidence in its services and they adopted strategies of self-insurance or income smoothing. Overall, the results showed that social security plays an important role in Metlaoui, but it remains insufficient, especially for households that are not covered by social security and are suffering from heavy health expenditures.

  20. 75 FR 8088 - Privacy Act of 1974; Department of Homeland Security/ALL-023 Personnel Security Management System...

    Science.gov (United States)

    2010-02-23

    ... risk of harm to economic or property interests, identity theft or fraud, or harm to the security or... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2009-0041] Privacy Act of 1974; Department of Homeland Security/ALL--023 Personnel Security Management System of Records AGENCY...

  1. Computer security engineering management

    International Nuclear Information System (INIS)

    McDonald, G.W.

    1988-01-01

    For best results, computer security should be engineered into a system during its development rather than being appended later on. This paper addresses the implementation of computer security in eight stages through the life cycle of the system; starting with the definition of security policies and ending with continuing support for the security aspects of the system throughout its operational life cycle. Security policy is addressed relative to successive decomposition of security objectives (through policy, standard, and control stages) into system security requirements. This is followed by a discussion of computer security organization and responsibilities. Next the paper directs itself to analysis and management of security-related risks, followed by discussion of design and development of the system itself. Discussion of security test and evaluation preparations, and approval to operate (certification and accreditation), is followed by discussion of computer security training for users is followed by coverage of life cycle support for the security of the system

  2. Reducing Risk for the Next Generation Nuclear Plant

    Energy Technology Data Exchange (ETDEWEB)

    John M. Beck II; Harold J. Heydt; Emmanuel O. Opare; Kyle B. Oswald

    2010-07-01

    The Next Generation Nuclear Plant (NGNP) Project, managed by the Idaho National Laboratory (INL), is directed by the Energy Policy Act of 2005, to research, develop, design, construct, and operate a prototype forth generation nuclear reactor to meet the needs of the 21st Century. As with all large projects developing and deploying new technologies, the NGNP has numerous risks that need to be identified, tracked, mitigated, and reduced in order for successful project completion. A Risk Management Plan (RMP) was created to outline the process the INL is using to manage the risks and reduction strategies for the NGNP Project. Integral to the RMP is the development and use of a Risk Management System (RMS). The RMS is a tool that supports management and monitoring of the project risks. The RMS does not only contain a risk register, but other functionality that allows decision makers, engineering staff, and technology researchers to review and monitor the risks as the project matures.

  3. Reducing Risk for the Next Generation Nuclear Plant

    International Nuclear Information System (INIS)

    Beck, John M. II; Heydt, Harold J.; Opare, Emmanuel O.; Oswald, Kyle B.

    2010-01-01

    The Next Generation Nuclear Plant (NGNP) Project, managed by the Idaho National Laboratory (INL), is directed by the Energy Policy Act of 2005, to research, develop, design, construct, and operate a prototype forth generation nuclear reactor to meet the needs of the 21st Century. As with all large projects developing and deploying new technologies, the NGNP has numerous risks that need to be identified, tracked, mitigated, and reduced in order for successful project completion. A Risk Management Plan (RMP) was created to outline the process the INL is using to manage the risks and reduction strategies for the NGNP Project. Integral to the RMP is the development and use of a Risk Management System (RMS). The RMS is a tool that supports management and monitoring of the project risks. The RMS does not only contain a risk register, but other functionality that allows decision makers, engineering staff, and technology researchers to review and monitor the risks as the project matures.

  4. You Outsource the Service but Not the Risk: Supply Chain Risk Management for the Cyber Security of Safety Critical Systems

    OpenAIRE

    Johnson, Chris W.

    2016-01-01

    Companies increasingly form interdependent relationships between contractors and sub-contractors that extend\\ud across national borders and legal jurisdictions. In consequence, supply chain risk management (SCRM) is an\\ud increasing concern for the cyber security of safety-critical systems. The following pages argue that outsourcing\\ud undermines SCRM by eroding technical expertise, which companies need to select and audit their suppliers. They\\ud are still held accountable when the failure o...

  5. IMPLEMENTATION OF SECURITY CONTROLS ACCORDING TO ISO/IEC 27002 IN A SMALL ORGANISATION

    Directory of Open Access Journals (Sweden)

    MATÚŠ HORVÁTH

    2009-12-01

    Full Text Available Information security should be today a key issue in any organization. With the implementation of information security management system (ISMS the organization can identify and reduce risks in this area. This the area of information security management covers a numbers of ISO / IEC 27000 standards, which are based on best practice solutions. However, smaller organizations are often discourages with the implementation of these systems, because of fear of high cost and complexity. Especially due to the fact that the standards does not strictly require implementation of all security controls it is possible to implement these systems in small-size organizations. In this article, we want to point on this fact through describing practical experience with ISMS implementation in small-size organization.

  6. Nuclear security from cradle to grave

    International Nuclear Information System (INIS)

    Raja Adnan, Raja Abdul Aziz

    2016-01-01

    On 8 May 2016, the Amendment to the Convention on the Physical Protection of Nuclear Material (CPPNM) finally entered into force, almost eleven years after its adoption. The world will be a more secure place as a result of the commitments that States party to the Amendment have made. The Amendment establishes legally binding commitments for countries to protect nuclear facilities as well as nuclear material in domestic use, storage and transport. Under the Amendment, countries are required to establish appropriate physical protection regimes for nuclear material. They also take on new obligations to share information on sabotage, including on credible threats of sabotage. The entry into force of the Amendment demonstrates the international community’s resolve to act together to strengthen nuclear security globally. It also helps reduce the risk of an attack involving nuclear material, which could have catastrophic consequences.

  7. Properties of Traffic Risk Coefficient

    Science.gov (United States)

    Tang, Tie-Qiao; Huang, Hai-Jun; Shang, Hua-Yan; Xue, Yu

    2009-10-01

    We use the model with the consideration of the traffic interruption probability (Physica A 387(2008)6845) to study the relationship between the traffic risk coefficient and the traffic interruption probability. The analytical and numerical results show that the traffic interruption probability will reduce the traffic risk coefficient and that the reduction is related to the density, which shows that this model can improve traffic security.

  8. Security and Robustness issues in Collaborative Runtime Verification

    NARCIS (Netherlands)

    Testerink, B.J.G.; Bulling, N.; Dastani, M.M.

    2015-01-01

    Decentralized monitors can have robustness and security risks. Among robustness risks are attacks on the monitor's infrastructure in or- der to disable parts of its functionality. Among security risks are attacks that try to extract information from the monitor, and thereby possibly leak sensitive

  9. New Mandatory Computer Security Course

    CERN Multimedia

    CERN Bulletin

    2010-01-01

    Just like any other organization, CERN is permanently under attack - even right now. Consequently it's important to be vigilant about security risks, protecting CERN's reputation - and your work. The availability, integrity and confidentiality of CERN's computing services and the unhindered operation of its accelerators and experiments come down to the combined efforts of the CERN Security Team and you. In order to remain par with the attack trends, the Security Team regularly reminds CERN users about the computer security risks, and about the rules for using CERN’s computing facilities. Since 2007, newcomers have to follow a dedicated basic computer security course informing them about the “Do’s” and “Dont’s” when using CERNs computing facilities. This course has recently been redesigned. It is now mandatory for all CERN members (users and staff) owning a CERN computer account and must be followed once every three years. Members who...

  10. SECURITY RISKS, MYTHS IN A TRANSITIONING SUB-NATIONAL REGIONAL ECONOMY (CROSS RIVER STATE AND IMAGINATIVE GEOGRAPHIES OF NIGERIA

    Directory of Open Access Journals (Sweden)

    J. K. UKWAYI

    2015-03-01

    Full Text Available The emergence of an “international community” through accumulation of perceived risks that contrasts with those risks (of considerably lower levels of seriousness compared to those perceived constitutes one of the interesting (or intriguing subjects of risks and disaster studies surrounding the 9/11 era. The constructions of “imaginative geographies”, have frequently been biased in the practices that underlie the mapping of the foreign places tend to put-down the affected regions in their “paintings” for the global community. The latter are subsequently “demonized” in their ratings of competence for participating in world trade, tourism, travel, among other social/cultural, and economic and political activities. The objective of this article is to highlight how the exaggeration of risks (contrasted to actually existing/lived risks, practices that are frequently associated with such adverse “imaginative geographies” poses sub-national regional development dilemma in Nigeria’s Niger Delta. We trace the roots of adverse “imaginative geographies” of Nigeria to the Abacha dictatorship (1993-1997. Then we highlight the mixed characteristics of the Niger Delta conditions during the “return of positive image recapture” by Nigeria’s federal government (re-democratisation of the Fourth Republic, 1999-present, re-branding campaigns; as well as adverse conditions present. Most significantly, we show that despite these adversities, a combination of favorable geographical size, differentiation, sub-national regional security programme formulation and management taking aims at diversification have created “large oases” of peace and security in Cross River State, a part of the Niger Delta that has been completely unscathed by insurgencies of the nearby sub-national region and further away national origin. Apart from identifying sub-national regions qualifying for delisting from “adverse imaginative geographies” due to

  11. Convergence of Corporate and Information Security

    OpenAIRE

    Syed; Rahman, M.; Donahue, Shannon E.

    2010-01-01

    As physical and information security boundaries have become increasingly blurry many organizations are experiencing challenges with how to effectively and efficiently manage security within the corporate. There is no current standard or best practice offered by the security community regarding convergence; however many organizations such as the Alliance for Enterprise Security Risk Management (AESRM) offer some excellent suggestions for integrating a converged security program. This paper rep...

  12. Mass and Elite Views on Nuclear Security: US National Security Surveys 1993-1999

    Energy Technology Data Exchange (ETDEWEB)

    HERRON,KERRY G.; JENKINS-SMITH,HANK C.; HUGHES,SCOTT D.

    2000-06-01

    This is the fourth report in an ongoing series of studies examining how US perspectives about nuclear security are evolving in the post-Cold War era. In Volume 1 the authors present findings from a nationwide telephone survey of randomly selected members of the US general public conducted from 13 September to 14 October 1999. Results are compared to findings from previous surveys in this series conducted in 1993, 1995, and 1997, and trends are analyzed. Key areas of investigation reported in Volume 1 include evolving perceptions of nuclear weapons risks and benefits, preferences for related policy and spending issues, and views about three emerging issue areas: deterrent utility of precision guided munitions; response options to attacks in which mass casualty weapons are used; and expectations about national missile defenses. In this volume they relate respondent beliefs about nuclear security to perceptions of nuclear risks and benefits and to policy preferences. They develop causal models to partially explain key preferences, and they employ cluster analysis to group respondents into four policy relevant clusters characterized by similar views and preferences about nuclear security within each cluster. Systematic links are found among respondent demographic characteristics, perceptions of nuclear risks and benefits, policy beliefs, and security policy and spending preferences. In Volume 2 they provide analysis of in-depth interviews with fifty members of the US security policy community.

  13. Mass and Elite Views on Nuclear Security: US National Security Surveys 1993-1999

    International Nuclear Information System (INIS)

    Herron, Kerry G.; Jenkins-Smith, Hank C.; Hughes, Scott D.

    2000-01-01

    This is the fourth report in an ongoing series of studies examining how US perspectives about nuclear security are evolving in the post-Cold War era. In Volume 1 the authors present findings from a nationwide telephone survey of randomly selected members of the US general public conducted from 13 September to 14 October 1999. Results are compared to findings from previous surveys in this series conducted in 1993, 1995, and 1997, and trends are analyzed. Key areas of investigation reported in Volume 1 include evolving perceptions of nuclear weapons risks and benefits, preferences for related policy and spending issues, and views about three emerging issue areas: deterrent utility of precision guided munitions; response options to attacks in which mass casualty weapons are used; and expectations about national missile defenses. In this volume they relate respondent beliefs about nuclear security to perceptions of nuclear risks and benefits and to policy preferences. They develop causal models to partially explain key preferences, and they employ cluster analysis to group respondents into four policy relevant clusters characterized by similar views and preferences about nuclear security within each cluster. Systematic links are found among respondent demographic characteristics, perceptions of nuclear risks and benefits, policy beliefs, and security policy and spending preferences. In Volume 2 they provide analysis of in-depth interviews with fifty members of the US security policy community

  14. Acid-reducing vagotomy is associated with reduced risk of subsequent ischemic heart disease in complicated peptic ulcer

    Science.gov (United States)

    Wu, Shih-Chi; Fang, Chu-Wen; Chen, William Tzu-Liang; Muo, Chih-Hsin

    2016-01-01

    Abstract Persistent exacerbation of a peptic ulcer may lead to a complicated peptic ulcer (perforation or/and bleeding). The management of complicated peptic ulcers has shifted from acid-reducing vagotomy, drainage, and gastrectomy to simple local suture or non-operative (endoscopic/angiographic) hemostasis. We were interested in the long-term effects of this trend change. In this study, complicated peptic ulcer patients who received acid-reducing vagotomy were compared with those who received simple suture/hemostasis to determine the risk of ischemic heart disease (IHD). This retrospective cohort study analyzed 335,680 peptic ulcer patients recorded from 2000 to 2006 versus 335,680 age-, sex-, comorbidity-, and index-year matched comparisons. Patients with Helicobacter pylori (HP) infection were excluded. In order to identify the effect of vagus nerve severance, patients who received gastrectomy or antrectomy were also excluded. The incidence of IHD in both cohorts, and in the complicated peptic ulcer patients who received acid-reducing vagotomy versus those who received simple suture or hemostasis was evaluated. The overall incidence of IHD was higher in patients with peptic ulcer than those without peptic ulcer (17.00 vs 12.06 per 1000 person-years), with an adjusted hazard ratio (aHR) of 1.46 based on multivariable Cox proportional hazards regression analysis controlling for age, sex, Charlson's comorbidity index, and death (competing risk). While comparing peptic ulcer patients with acid-reducing vagotomy to those with simple suture/hemostasis or those without surgical treatment, the aHR (0.58) was the lowest in the acid-reducing vagotomy group. Patients with peptic ulcer have an elevated risk of IHD. However, complicated peptic ulcer patients who received acid-reducing vagotomy were associated with reduced risk of developing IHD. PMID:27977613

  15. PRIVATE SECURITY IN SPORT

    Directory of Open Access Journals (Sweden)

    Dragan Vukasović

    2011-09-01

    Full Text Available Given the importance of sport for international integration, affirmation, a sense of belonging and other values of general interest, in order to maintain and open new prospects of development, it is necessary to form the private security system along with state security system, with a view to creating conditions for development sports athletes to achieve better results both in domestic and international competitions. Private security is only one element of an integrated security system which, with its efficient organization with the use of adequate means and measures should provide answers to new challenges, risks and threats. Private security in line with the new understanding of the concept of security has an important role in providing athletes.

  16. Reve{a,i}ling the risks: a phenomenology of information security

    NARCIS (Netherlands)

    Pieters, Wolter

    2010-01-01

    In information security research, perceived security usually has a negative meaning, when it is used in contrast to actual security. From a phenomenological perspective, however, perceived security is all we have. This paper develops a phenomenological account of information security, in which a

  17. Information Security and Integrity Systems

    Science.gov (United States)

    1990-01-01

    Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

  18. Disentangling determinants of insecticide use to manage production, food security, and health risks in Cambodia and Vietnam: evidence from household surveys and risk-assessment experiments

    Directory of Open Access Journals (Sweden)

    Wei Zhang, PhD

    2018-05-01

    Full Text Available Background: Insect pest problems are among the main causes of crop yield losses in global agriculture. Insecticides protect households from food-security and income shocks, but can induce human health and environmental risks. Semi-subsistence farm households (SSFHs, which farm for both consumption and market, make decisions about crop management and output allocation to maximise food consumption, income, and health outcomes, depending on their risk preferences and other household and community characteristics. In this study, we aimed to disentangle the determinants of insecticide use by SSFHs and identify whether health consideration has had any effect on insecticide use. Methods: In this econometric analysis, we used field data collected from household surveys and risk-assessment experiments in 2014 in Cambodia and Vietnam to analyse insecticide use among more than 1000 SSFHs. Findings: We found that crops (except for rice whose outputs were used to a greater degree for consumption were less likely to be sprayed with insecticides or were sprayed fewer times. Health-conscious households (as indicated by the use of modern-fuel cooking stoves and reported concern over food safety as a main reason for maintaining home gardens consistently refrained from spraying, but this tendency diminished as output allocation shifted toward commercial use, suggesting a possible moral-hazard phenomenon. Farmers were more likely to apply insecticides to crops of high food security or dietary importance, such as rice, although the difference between fresh produce and grain produce in risk of insecticide residue exposure might also have contributed to the difference in insecticide use between rice and non-rice crops. The two samples from Cambodia and Vietnam had similarities regarding the deterring effect of health consideration and differences in other factors affecting insecticide use, such as risk preference, landholding size, household head's education level

  19. Reve{a,i}ling the risks: a phenomenology of information security

    NARCIS (Netherlands)

    Pieters, Wolter

    2009-01-01

    In information security research, perceived security usually has a negative meaning, when it is used in contrast to actual security. From a phenomenological perspective, however, perceived security is all we have. In this paper, we develop a phenomenological account of information security, where we

  20. Security-constrained self-scheduling of generation companies in day-ahead electricity markets considering financial risk

    International Nuclear Information System (INIS)

    Amjady, Nima; Vahidinasab, Vahid

    2013-01-01

    Highlights: ► A security-constrained self-scheduling is presented. ► The proposed framework takes into account the uncertainty of the predicted market prices. ► We model the risk and profit tradeoff of a GENCO based on an efficient multi-objective model. ► Unit commitment and inter-temporal constraints of generators are considered in an MIP model. ► Simulation results are presented on the IEEE 30-bus and IEEE 118-bus test systems. - Abstract: In this paper, a new security-constrained self-scheduling framework incorporating the transmission flow limits in both steady state conditions and post-contingent states is presented to produce efficient bidding strategy for generation companies (GENCOs) in day-ahead electricity markets. Moreover, the proposed framework takes into account the uncertainty of the predicted market prices and models the risk and profit tradeoff of a GENCO based on an efficient multi-objective model. Furthermore, unit commitment and inter-temporal constraints of generators are considered in the suggested model converting it to a mixed-integer programming (MIP) optimization problem. Sensitivity of the proposed framework with respect to both the level of the market prices and adopted risk level is also evaluated in the paper. Simulation results are presented on the IEEE 30-bus and IEEE 118-bus test systems illustrating the performance of the proposed self-scheduling model.

  1. Finding Security Patterns to Countermeasure Software Vulnerabilities

    OpenAIRE

    Borstad, Ole Gunnar

    2008-01-01

    Software security is an increasingly important part of software development as the risk from attackers is constantly evolving through increased exposure, threats and economic impact of security breaches. Emerging security literature describes expert knowledge such as secure development best practices. This knowledge is often not applied by software developers because they lack security awareness, security training and secure development methods and tools. Existing methods and tools require to...

  2. Multilevel classification of security concerns in cloud computing

    Directory of Open Access Journals (Sweden)

    Syed Asad Hussain

    2017-01-01

    Full Text Available Threats jeopardize some basic security requirements in a cloud. These threats generally constitute privacy breach, data leakage and unauthorized data access at different cloud layers. This paper presents a novel multilevel classification model of different security attacks across different cloud services at each layer. It also identifies attack types and risk levels associated with different cloud services at these layers. The risks are ranked as low, medium and high. The intensity of these risk levels depends upon the position of cloud layers. The attacks get more severe for lower layers where infrastructure and platform are involved. The intensity of these risk levels is also associated with security requirements of data encryption, multi-tenancy, data privacy, authentication and authorization for different cloud services. The multilevel classification model leads to the provision of dynamic security contract for each cloud layer that dynamically decides about security requirements for cloud consumer and provider.

  3. Russian spent marine fuel as a global security risk

    International Nuclear Information System (INIS)

    Gussgard, K.; Reistad, O.

    2001-01-01

    Russian marine fuel is a trans-national security concern. This paper focuses on specific technical properties of Russian marine nuclear fuel especially relevant for evaluating different aspects on nuclear proliferation, in addition to risks associated with regional environmental degradation and illegal diversion of radiological substances. Russian fresh fuel for marine reactors has been involved in several significant cases of illicit trafficking of special nuclear materials. The amount and quality of nuclear materials in Russian spent marine fuel give also reason for concern. Not less than 200 marine reactor cores are ready for having their spent fuel unloaded and preliminary stored on shore in the Far East and North West of Russia, and large amounts of spent naval fuel have been stored at Russian military bases for decades. In order to assess the security risks associated with Russian spent marine fuel, this paper discusses the material attractiveness of spent fuel from all types of Russian marine reactors. The calculations are based on a model of a light water moderated Russian icebreaker reactor. The computer tool HELIOS, used for modelling the reactor and the reactor operations, has been extensively qualified by comparisons with experimental data and international benchmark problems for reactor physics codes as well as through feedback from applications. Some of these benchmarks and studies include fuel enrichments up to 90% in Russian marine reactors. Several fuel data cases are discussed in the paper, focusing especially on: 1) early fuel designs with low initial enrichment; 2) more modern fuel designs used in third and fourth generation of Russian submarines probably with intermediate enriched fuel; and 3) marine fuel with initial enrichment levels close to weapons-grade material. In each case the fuel has been burned until k eff has reached below 1. Case 1) has been evaluated, the calculations made as basis for this paper have concentrated on fuel with

  4. BASIC CONCEPTS OF TAX SECURITY AS PART OF THE FINANCIAL SECURITY OF UKRAINE

    Directory of Open Access Journals (Sweden)

    Sergiy Golikov

    2016-11-01

    Full Text Available The purpose of the paper is to examine the essence of the term «tax security», its fundamental characteristics, such as threats, risks, interests and protection, defined how the state could provide them. The paper analyses economic, social and legal nature of the term. Key indicators of tax security of Ukraine identified and analyzed. In addition, the paper studies an integrated approach of tax security threats. In case of a big amount of threats, they divided to four main sources of threats: the state of the national economy, the state of the public finances, social features of the society and institutional environment. For each source, there have been identified and analyzed the most important factors of threats of tax security of Ukraine. Methodology. The survey based on an analysis of existing studies of Ukrainian and foreign scientists about the essence and nature of "tax security" for the last 10 years. In addition, to determine the essence and the concept, goals and objectives, methods and principles of the economic nature of the tax security, main risks, threats, expectations and results of efficient tax security identified. To build an integrated approach it is necessary to analyse all existing and potential factors of threats. There data used from reports of the State Statistics Service of Ukraine, Ministry of Economic Development and Trade of Ukraine, PWC and World Bank. Results of the survey showed that tax security is such a condition of tax security, when the process of harmonization of taxation provided under effective management of risks and threats that arise in tax area, by taking the necessary measures by the executive bodies to meet the interests of the state, society and taxpayers (business entities, organizations, people. Integrated approach of threats analysis of tax security shows that the most dangerous threats are those that are associated with poor economic development, considerable socio-economic stratification of

  5. Stochastic Security and Risk-Constrained Scheduling for an Autonomous Microgrid with Demand Response and Renewable Energy Resources

    DEFF Research Database (Denmark)

    Vahedipour-Dahraie, Mostafa; Rashidizadeh-Kermani, Homa; Najafi, Hamid Reza

    2017-01-01

    is to determine the optimal scheduling with considering risk aversion and system frequency security to maximise the expected profit of operator. To deal with various uncertainties, a riskconstrained two-stage stochastic programming model is proposed where the risk aversion of MG operator is modelled using...... of customers can be effectively applied to balance the demand and supply in electricity networks. This study presents a novel stochastic model from a microgrid (MG) operator perspective for energy and reserve scheduling considering risk management strategy. It is assumed that the MG operator can procure energy...... conditional value at risk method. Extensive numerical results are shown to demonstrate the effectiveness of the proposed framework....

  6. Argumentation-Based Security Requirements Elicitation: The Next Round

    NARCIS (Netherlands)

    Ionita, Dan; Bullee, Jan-Willem; Wieringa, Roelf J.

    2014-01-01

    Information Security Risk Assessment can be viewed as part of requirements engineering because it is used to translate security goals into security requirements, where security requirements are the desired system properties that mitigate threats to security goals. To improve the defensibility of

  7. Reminder: Mandatory Computer Security Course

    CERN Multimedia

    IT Department

    2011-01-01

    Just like any other organization, CERN is permanently under attack – even right now. Consequently it's important to be vigilant about security risks, protecting CERN's reputation - and your work. The availability, integrity and confidentiality of CERN's computing services and the unhindered operation of its accelerators and experiments come down to the combined efforts of the CERN Security Team and you. In order to remain par with the attack trends, the Security Team regularly reminds CERN users about the computer security risks, and about the rules for using CERN’s computing facilities. Therefore, a new dedicated basic computer security course has been designed informing you about the “Do’s” and “Dont’s” when using CERN's computing facilities. This course is mandatory for all person owning a CERN computer account and must be followed once every three years. Users who have never done the course, or whose course needs to be renewe...

  8. Governing for Enterprise Security (Briefing Charts)

    Science.gov (United States)

    2005-01-01

    governance/stakeholder.html © 2005 by Carnegie Mellon University page 16 Adequate Security and Operational Risk “Appropriate business security is that which...Sherwood 03] Sherwood, John; Clark; Andrew; Lynas, David. “Systems and Business Security Architecture.” SABSA Limited, 17 September 2003. Available at

  9. Enersec conference series. Nuclear energy and security (NUSEC). Book of abstracts

    Energy Technology Data Exchange (ETDEWEB)

    Steinhaeusler, F; Heissl, C [Division of Physics and Biophysics, University of Salzburg, Hellbrunnerstrasse 34, Salzburg (Austria)

    2005-07-01

    Full text: After the terror attacks in the last years, the issue of security of nuclear power plants was raised, therefore members of national regulatory agencies, international organizations, and research institutions have engaged in the assessment of the security threats to nuclear facilities and the potential risks to man and the environment in the case of a successful terror attack. The risks range from the theft of nuclear material leading to illicit trafficking, to sabotage of nuclear power plants, and attacks on spent fuel transport resulting in an uncontrolled release of radioactivity. The NUSEC conference was focused on the security-related risks in the nuclear sector and its objective was to provide an overview of the currently available terrorism risk assessment methodology and international security approaches. Papers were presented in the following sessions: security of nuclear material, security of nuclear power plants, security of the transport of nuclear material, security of nuclear waste, national approaches to nuclear security and future outlook. (nevyjel)

  10. Enersec conference series. Nuclear energy and security (NUSEC). Book of abstracts

    International Nuclear Information System (INIS)

    Steinhaeusler, F.; Heissl, C.

    2005-01-01

    Full text: After the terror attacks in the last years, the issue of security of nuclear power plants was raised, therefore members of national regulatory agencies, international organizations, and research institutions have engaged in the assessment of the security threats to nuclear facilities and the potential risks to man and the environment in the case of a successful terror attack. The risks range from the theft of nuclear material leading to illicit trafficking, to sabotage of nuclear power plants, and attacks on spent fuel transport resulting in an uncontrolled release of radioactivity. The NUSEC conference was focused on the security-related risks in the nuclear sector and its objective was to provide an overview of the currently available terrorism risk assessment methodology and international security approaches. Papers were presented in the following sessions: security of nuclear material, security of nuclear power plants, security of the transport of nuclear material, security of nuclear waste, national approaches to nuclear security and future outlook. (nevyjel)

  11. Interparental conflict, children's security with parents, and long-term risk of internalizing problems: A longitudinal study from ages 2 to 10.

    Science.gov (United States)

    Brock, Rebecca L; Kochanska, Grazyna

    2016-02-01

    Although the negative impact of marital conflict on children has been amply documented, few studies have examined the process of risk in a long-term, longitudinal design. We examined parent-child attachment security as a mechanism that may account for the impact of interparental conflict on children's long-term risk of internalizing problems. Sixty-two community mothers, fathers, and children were followed from ages 2 to 10. Parents reported on their conflicts when their children were 2. Trained observers produced parent-child attachment security scores (Attachment Q-Set, Waters, 1987), based on lengthy naturalistic observations of the child with each parent. Parents rated children's internalizing problems at age 10. A conditional process model and bootstrap approach were implemented to examine conditional indirect effects of conflict on child internalizing problems through attachment security for girls versus boys. Maladaptive marital conflict (destructive strategies, severity of arguments) increased internalizing problems 8 years later due to the undermined security for girls, whereas negative emotional aftermath of conflict (unresolved, lingering tension) increased internalizing problems for both boys and girls. The emotional aftermath of conflict is often overlooked, yet it appears to be a key dimension influencing emotional security in the family system, with significant consequences for children's development.

  12. Management of Information Security in Financial Accounting

    OpenAIRE

    Aurel Serb; Constantin Baron; Nicoleta Magdalena Iacob; Costinela-Luminita Defta

    2014-01-01

    Security issues in financial accounting are complex, and the risks are often difficult to stipulate, even for experts. The issues presented in this article try to be formed in a contribution to the consolidation of problems in the field of risk, and former vulnerabilities in cyber security in financial accounting. The use of an information security management system became a requirement for organizations because on the states began adopting mandatory data protection legislation and informatio...

  13. Energy systems security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Energy Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to electricity transmission grids and their protection, risk assessment of energy systems, analysis of interdependent energy networks. Methods to manage electricity transmission disturbances so as to avoid blackouts are discussed, and self-healing energy system and a nano-enabled power source are presented.

  14. Meta-analysis: Does garlic intake reduce risk of gastric cancer?

    Science.gov (United States)

    Kodali, R T; Eslick, Guy D

    2015-01-01

    In the past 2 decades, various epidemiological studies investigated whether garlic can positively modify the risk of gastric cancer. Garlic contains numerous sulfide compounds, including diallyl trisulfide, which have anticarcinogenic properties. We conducted a meta-analysis to determine if garlic intake reduces the risk of gastric cancer. An electronic search of MEDLINE, PubMed, and EMBASE to June 2014 was completed. There were 14 case control studies, 2 randomized controlled studies, and 1 cohort study that fulfilled our inclusion criteria. We used a random effects model to calculate pooled odds ratios (OR) and 95% confidence intervals (CIs) for risk of gastric cancer with garlic consumption. Meta-analysis of a total of 8,621 cases and 14,889 controls was conducted. Significant variability in duration of garlic intake and reference categories for amount of intake was noted. High, low, and any garlic intake were all associated with reduced risk of gastric cancer. High intake had the most significant risk reduction, OR = 0.49 (95% CI: 0.38-0.62). Heterogeneity was low (I² = 30.85, P = 0.17). A more modest risk reduction was associated with low intake, OR = 0.75 (95% CI: 0.58-0.97). Half of the studies did not separate garlic intake into high or low amounts, intake was only noted as consumption vs. non-consumption. Any amount of consumption still showed a risk reduction similar to low intake, OR = 0.77 (95% CI: 0.60-1.00). Low and any amount of consumption showed moderate heterogeneity (58% and 45%, respectively). Garlic intake appears to be associated with reduced risk of gastric cancer. Further high quality studies are required to confirm this finding and to assess the amount of garlic that needs to be consumed for protective effect.

  15. Information security of power enterprises of North-Arctic region

    Science.gov (United States)

    Sushko, O. P.

    2018-05-01

    The role of information technologies in providing technological security for energy enterprises is a component of the economic security for the northern Arctic region in general. Applying instruments and methods of information protection modelling of the energy enterprises' business process in the northern Arctic region (such as Arkhenergo and Komienergo), the authors analysed and identified most frequent risks of information security. With the analytic hierarchy process based on weighting factor estimations, information risks of energy enterprises' technological processes were ranked. The economic estimation of the information security within an energy enterprise considers weighting factor-adjusted variables (risks). Investments in information security systems of energy enterprises in the northern Arctic region are related to necessary security elements installation; current operating expenses on business process protection systems become materialized economic damage.

  16. Integration of the advanced transparency framework to advanced nuclear systems : enhancing Safety, Operations, Security and Safeguards (SOSS)

    International Nuclear Information System (INIS)

    Mendez, Carmen Margarita; Rochau, Gary Eugene; Cleary, Virginia D.

    2008-01-01

    The advent of the nuclear renaissance gives rise to a concern for the effective design of nuclear fuel cycle systems that are safe, secure, nonproliferating and cost-effective. We propose to integrate the monitoring of the four major factors of nuclear facilities by focusing on the interactions between Safeguards, Operations, Security, and Safety (SOSS). We proposed to develop a framework that monitors process information continuously and can demonstrate the ability to enhance safety, operations, security, and safeguards by measuring and reducing relevant SOSS risks, thus ensuring the safe and legitimate use of the nuclear fuel cycle facility. A real-time comparison between expected and observed operations provides the foundation for the calculation of SOSS risk. The automation of new nuclear facilities requiring minimal manual operation provides an opportunity to utilize the abundance of process information for monitoring SOSS risk. A framework that monitors process information continuously can lead to greater transparency of nuclear fuel cycle activities and can demonstrate the ability to enhance the safety, operations, security and safeguards associated with the functioning of the nuclear fuel cycle facility. Sandia National Laboratories (SNL) has developed a risk algorithm for safeguards and is in the process of demonstrating the ability to monitor operational signals in real-time though a cooperative research project with the Japan Atomic Energy Agency (JAEA). The risk algorithms for safety, operations and security are under development. The next stage of this work will be to integrate the four algorithms into a single framework

  17. Preliminary analysis of the inclusion of security passive systems to reduce the impact of accidents in nuclear power plants

    International Nuclear Information System (INIS)

    Sanchez J, J.; Morales S, J. B.; Espinosa P, G.

    2011-11-01

    In this work is presented a conceptual analysis of possible benefits and limitations that potentially represents the introduction of security passive systems to reduce the events impact of very low probability and high risk to the systems of radioactive material confinement of a light water reactor. These events are related with the possibility that a hydrogen explosion is presented as consequence of the accumulation of the same hydrogen in the contention of the reactor, in a scenario of severe accident. This accumulated hydrogen can be liberated in the reactor building or primary contention, where the conditions of their atmosphere make but prone the combustion. The catalytic recombination represents a viable option for the hydrogen concentrations decrease and because this recombination is highly exothermic, is important to analyze and to know if the recombined vapor to high temperature can be used in combination with vapor injectors that in turn, they are passive systems. In the following sections an explanation is presented about the use of the mentioned systems, as well as some results on the behavior of the vapor injectors. (Author)

  18. Planning Security Services for IT Systems

    OpenAIRE

    Henderson, Marie; Page, Howard Philip

    2014-01-01

    Often the hardest job is to get business representatives to look at security as something that makes managing their risks and achieving their objectives easier, with security compliance as just part of that journey. This paper addresses that by making planning for security services a 'business tool'.

  19. Risk Assessment Generated by Usage of ICT and Information Security Measures

    Directory of Open Access Journals (Sweden)

    Ilie TAMAS

    2006-01-01

    Full Text Available Information societies involve the usage of information technology and communications (ITC on a large scale. The dependence on ITC is an unquestionable problem in the present, because we assist to a generality of computers usage in all economic and social life activities. That is why organization information systems became accessible at the global level and there are permanently open for a quick exchange of information between different categories of users located by different geographical nods. The ITC usage involves the existing of some risks that should be known, evaluation and based on these, we must have information systems security measure. We consider that the risk is an indicator very important that must be permanently assess in the usage process of the information system based on ITC. Risk management suppose a permanently evaluation of these problems and also restrain by some practical actions who goes to the decrease of its effects. From the expose point of view, in this paper work it is presented the results of research based on specialty literature and current cases from practical activities, regarding the risks of ITC usage and their diminishing measure. There are distinguished the main factors (threat, vulnerability and impact who affect the information risk and on the other way, diminishing measure of the action to these factors for optimum working of an economic and social organism who use ITC. We consider that through proposed measures we assume safety in design process, implement and usage of the informational systems based on ITC.

  20. Do Job Security Guarantees Work?

    OpenAIRE

    Alex Bryson; Lorenzo Cappellari; Claudio Lucifora

    2004-01-01

    We investigate the effect of employer job security guarantees on employee perceptions of job security. Using linked employer-employee data from the 1998 British Workplace Employee Relations Survey, we find job security guarantees reduce employee perceptions of job insecurity. This finding is robust to endogenous selection of job security guarantees by employers engaging in organisational change and workforce reductions. Furthermore, there is no evidence that increased job security through job...

  1. A Security Assessment Approach with Graded Importance Score of Security Controls and Asset Consequence for I and C Systems in Operating NPPs

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Sooill; Kim, Yong Sik; Moon, Insun; Lee, Euijong [KHNP CRI, Daejeon (Korea, Republic of)

    2016-10-15

    This paper introduces a security assessment approach with graded importance score of security controls and the asset consequence through an asset and risk analysis to manage the security levels in operating NPPs (Nuclear Power Plants). Whereas, those are being exposed to various types of new and existing cyber threats, vulnerabilities and risks which significantly increase the likelihood that those could be compromised. U.S. NRC(United States Nuclear Regulatory Commission) and KINAC(Korea Institute of Nuclear Nonproliferation And Control) request the cyber security plan by establishing the cyber security program through assessing and managing the potential for adverse effect on safety, security and emergency preparedness functions so as to provide high assurance that critical functions are properly protected from the cyber-attack. This paper shows the security assessment approach with graded importance score of security controls and the asset consequence. It could lead to manage the security levels consistent with the purpose of defense in- depth strategy based on regulatory rule as well as internal risk-based self-assessment. Also, this management of the security level may make effect of encouraging the installation of high ranked countermeasures in order to rapidly increase the security level. Proposed approach could be conducted for the pilot test on the model plants with each reactor type of operating NPPs.

  2. A Security Assessment Approach with Graded Importance Score of Security Controls and Asset Consequence for I and C Systems in Operating NPPs

    International Nuclear Information System (INIS)

    Lee, Sooill; Kim, Yong Sik; Moon, Insun; Lee, Euijong

    2016-01-01

    This paper introduces a security assessment approach with graded importance score of security controls and the asset consequence through an asset and risk analysis to manage the security levels in operating NPPs (Nuclear Power Plants). Whereas, those are being exposed to various types of new and existing cyber threats, vulnerabilities and risks which significantly increase the likelihood that those could be compromised. U.S. NRC(United States Nuclear Regulatory Commission) and KINAC(Korea Institute of Nuclear Nonproliferation And Control) request the cyber security plan by establishing the cyber security program through assessing and managing the potential for adverse effect on safety, security and emergency preparedness functions so as to provide high assurance that critical functions are properly protected from the cyber-attack. This paper shows the security assessment approach with graded importance score of security controls and the asset consequence. It could lead to manage the security levels consistent with the purpose of defense in- depth strategy based on regulatory rule as well as internal risk-based self-assessment. Also, this management of the security level may make effect of encouraging the installation of high ranked countermeasures in order to rapidly increase the security level. Proposed approach could be conducted for the pilot test on the model plants with each reactor type of operating NPPs

  3. Reducing sequence risk using trend following and the CAPE ratio

    OpenAIRE

    Clare, A.; Thomas, S.; Smith, P. N.; Seaton, J.

    2017-01-01

    The risk of experiencing bad investment outcomes at the wrong time, or sequence risk, is a poorly understood, but crucial aspect of the risk faced by investors, in particular those in the decumulation phase of their savings journey, typically over the period of retirement financed by a defined contributions pension scheme. Using US equity return data from 1872-2014 we show how this risk can be significantly reduced by applying trend-following investment strategies. We also demonstrate that kn...

  4. Science of Security Lablet - Scalability and Usability

    Science.gov (United States)

    2014-12-16

    Cybersecurity_Framework.ashx Byres, Eric and Justin Lowe, 2004, The Myths and Facts behind Cyber Security Risks for Industrial Control Systems, Proceedings of the VDE ...Myths and Facts behind Cyber Security Risks for Industria l Control Systems, Proceedings of the VDE Kongress, 2004. Kshetri, Nir, 2005, Pattern of

  5. Cities at risk: status of Italian planning system in reducing seismic and hydrogeological risks

    Directory of Open Access Journals (Sweden)

    Grazia Di Giovanni

    2016-03-01

    Full Text Available Italy and its urban systems are under high seismic and hydrogeological risks. The awareness about the role of human activities in the genesis of disasters is achieved in the scientific debate, as well as the role of urban and regional planning in reducing risks. The paper reviews the state of Italian major cities referred to hydrogeological and seismic risk by: 1 extrapolating data and maps about seismic hazard and landslide risk concerning cities with more than 50.000 inhabitants and metropolitan contexts, and 2 outlining how risk reduction is framed in Italian planning system (at national and regional levels. The analyses of available data and the review of the normative framework highlight the existing gaps in addressing risk reduction: nevertheless a wide knowledge about natural risks afflicting Italian territory and an articulated regulatory framework, the available data about risks are not exhaustive, and risk reduction policies and multidisciplinary pro-active approaches are only partially fostered and applied.

  6. Reduced risk of UC in families affected by appendicitis

    DEFF Research Database (Denmark)

    Nyboe Andersen, Nynne; Gørtz, Sanne; Frisch, Morten

    2017-01-01

    OBJECTIVE: The possible aetiological link between appendicitis and UC remains unclear. In order to investigate the hereditary component of the association, we studied the risk of UC in family members of individuals with appendicitis. DESIGN: A cohort of 7.1 million individuals was established...... million person-years of follow-up between 1977 and 2011, a total of 190 004 cohort members developed appendicitis and 45 202 developed UC. Individuals having a first-degree relative with appendicitis before age 20 years had significantly reduced risk of UC (RR 0.90; 95% CI 0.86 to 0.95); this association...... was stronger in individuals with a family predisposition to UC (RR 0.66; 95% CI 0.51 to 0.83). CONCLUSIONS: Individuals with a first-degree relative diagnosed with appendicitis before age 20 years are at reduced risk of UC, particularly when there is a family predisposition to UC. Our findings question...

  7. Discharges to prison from medium secure psychiatric units in England and Wales.

    Science.gov (United States)

    Doyle, Michael; Coid, Jeremy; Archer-Power, Laura; Dewa, Lindsay; Hunter-Didrichsen, Alice; Stevenson, Rachel; Wainwright, Verity; Kallis, Costas; Ullrich, Simone; Shaw, Jenny

    2014-09-01

    Early findings from a national study of discharges from 32 National Health Service medium secure units revealed that nearly twice as many patients than expected were discharged back to prison. To compare the characteristics of those discharged back to prison with those discharged to the community, and consider the implications for ongoing care and risk. Prospective cohort follow-up design. All forensic patients discharged from 32 medium secure units across England and Wales over a 12-month period were identified. Those discharged to prison were compared with those who were discharged to the community. Nearly half of the individuals discharged to prison were diagnosed with a serious mental illness and over a third with schizophrenia. They were a higher risk, more likely to have a personality disorder, more symptomatic and less motivated than those discharged to the community. Findings suggest that alternative models of prison mental healthcare should be considered to reduce risks to the patient and the public. Royal College of Psychiatrists.

  8. Bridging Two Worlds: Reconciling Practical Risk Assessment Methodologies with Theory of Attack Trees

    NARCIS (Netherlands)

    Gadyatskaya, Olga; Harpes, Carlo; Mauw, Sjouke; Muller, Cedric; Muller, Steve

    2016-01-01

    Security risk treatment often requires a complex cost-benefit analysis to be carried out in order to select countermeasures that optimally reduce risks while having minimal costs. According to ISO/IEC 27001, risk treatment relies on catalogues of countermeasures, and the analysts are expected to

  9. Indirect risk effects reduce feeding efficiency of ducks during spring.

    Science.gov (United States)

    Behney, Adam C; O'Shaughnessy, Ryan; Eichholz, Michael W; Stafford, Joshua D

    2018-01-01

    Indirect risk effects of predators on prey behavior can have more of an impact on prey populations than direct consumptive effects. Predation risk can elicit more vigilance behavior in prey, reducing the amount of time available for other activities, such as foraging, which could potentially reduce foraging efficiency. Understanding the conditions associated with predation risk and the specific effects predation risk have on prey behavior is important because it has direct influences on the profitability of food items found under various conditions and states of the forager. The goals of this study were to assess how ducks perceived predation risk in various habitat types and how strongly perceived risk versus energetic demand affected foraging behavior. We manipulated food abundance in different wetland types in Illinois, USA to reduce confounding between food abundance and vegetation structure. We conducted focal-animal behavioral samples on five duck species in treatment and control plots and used generalized linear mixed-effects models to compare the effects of vegetation structure versus other factors on the intensity with which ducks fed and the duration of feeding stints. Mallards fed more intensively and, along with blue-winged teal, used longer feeding stints in open habitats, consistent with the hypothesis that limited visibility was perceived to have a greater predation risk than unlimited visibility. The species temporally nearest to nesting, wood ducks, were willing to take more risks for a greater food reward, consistent with an increase in a marginal value of energy as they approached nesting. Our results indicate that some duck species value energy differently based on the surrounding vegetation structure and density. Furthermore, increases in the marginal value of energy can be more influential than perceived risk in shaping foraging behavior patterns. Based on these findings, we conclude that the value of various food items is not solely

  10. Microsoft Windows Security Essentials

    CERN Document Server

    Gibson, Darril

    2011-01-01

    Windows security concepts and technologies for IT beginners IT security can be a complex topic, especially for those new to the field of IT. This full-color book, with a focus on the Microsoft Technology Associate (MTA) program, offers a clear and easy-to-understand approach to Windows security risks and attacks for newcomers to the world of IT. By paring down to just the essentials, beginners gain a solid foundation of security concepts upon which more advanced topics and technologies can be built. This straightforward guide begins each chapter by laying out a list of topics to be discussed,

  11. Cigarette smoking risk-reducing beliefs: Findings from the United States Health Information National Trends Survey.

    Science.gov (United States)

    Kaufman, Annette R; Coa, Kisha I; Nguyen, Anh B

    2017-09-01

    Cigarette smoking risk-reducing beliefs are ideas that certain health promoting behaviors (e.g., exercise) may mitigate the risks associated with smoking. The objective of this study was to describe smoking risk-reducing beliefs and the belief that quitting can reduce the harmful effects of smoking among the U.S. adult population and the associations between these beliefs, current smoking status, and sociodemographics. Data were from the Health Information National Trends Survey 4 (HINTS 4) Cycles 3 and 4 (2013-2014; N=6862). Descriptive analyses were conducted to examine bivariate associations among the quit smoking belief, smoking risk-reducing beliefs, and covariates. Weighted ordinal logistic regression models examined the adjusted associations between smoking status and sociodemographics, with quit smoking belief and risk-reducing beliefs. Eighty-two percent of the population reported that quitting cigarette smoking can help reduce the harmful effects of smoking a lot: former smokers and individuals with higher educational attainment were more likely to endorse this belief than never smokers and those with lower educational attainment. Many people endorsed smoking risk-reducing beliefs about exercise (79.3%), fruits and vegetables (71.8%), vitamins (67.2%), and sleep (68.5%). Former smokers were less likely to subscribe to these beliefs than never smokers. Vulnerable populations who may be most at risk of smoking attributable morbidity and mortality were more likely to endorse risk-reducing beliefs. Future studies are needed to better understand how risk-reducing beliefs are formed and if modifying these beliefs may help to reduce cigarette smoking in the U.S. Published by Elsevier Inc.

  12. Securing Public Safety Vehicles: Reducing Vulnerabilities by Leveraging Smart Technology and Design Strategies

    Science.gov (United States)

    2013-12-01

    there are technologies available today that would reduce the risk of vehicle theft and misuse by fortifying vulnerabilities. They offer several levels...confirm identity by identify “what I am (what I do)” in the electronic context of “who am I?”80 Furthermore, biometrics is a digital representation of...can build a comprehensive and effective biometric identification system, improve overall performance, improve system robustness, and reduce the

  13. Ecosystem and Food Security in a Changing Climate

    Science.gov (United States)

    Field, C. B.

    2011-12-01

    Observed and projected impacts of climate change for ecosystem and food security tend to appear as changes in the risk of both desirable and undesirable outcomes. As a consequence, it is useful to frame the challenge of adaptation to a changing climate as a problem in risk management. For some kinds of impacts, the risks are relatively well characterized. For others, they are poorly known. Especially for the cases where the risks are poorly known, effective adaptation will need to consider approaches that build dynamic portfolios of options, based on learning from experience. Effective adaptation approaches also need to consider the risks of threshold-type responses, where opportunities for gradual adaptation based on learning may be limited. Finally, effective adaptation should build on the understanding that negative impacts on ecosystems and food security often result from extreme events, where a link to climate change may be unclear now and far into the future. Ecosystem and food security impacts that potentially require adaptation to a changing climate vary from region to region and interact strongly with actions not related to climate. In many ecosystems, climate change shifts the risk profile to increase risks of wildfire and biological invasions. Higher order risks from factors like pests and pathogens remain difficult to quantify. For food security, observational evidence highlights threshold-like behavior to high temperature in yields of a number of crops. But the risks to food security may be much broader, encompassing risks to availability of irrigation, degradation of topsoil, and challenges of storage and distribution. A risk management approach facilitates consideration of all these challenges with a unified framework.

  14. Global plutonium management: A security option

    International Nuclear Information System (INIS)

    Sylvester, K.W.B.

    1998-01-01

    The US surplus plutonium disposition program was created to reduce the proliferation risk posed by the fissile material from thousands of retired nuclear weapons. The Department of Energy has decided to process its Put into a form as secure as Pu in civilian spent fuel. While implementation issues have been considered, a major one (Russian reciprocity) remains unresolved. Russia has made disposition action conditional on extracting the fuel value of its Pu but lacks the infrastructure to do so. Assistance in the construction of the required facilities would conflict with official US policy opposing the development of a Pu fuel cycle. The resulting stagnation provides impetus for a reevaluation of US nonproliferation objectives and Pu disposition options. A strategy for satisfying Russian fuel value concerns and reducing the proliferation risk posed by surplus weapons-grade plutonium (WGPu) is proposed. The effectiveness of material alteration (e.g., isotopic, chemical, etc.hor-ellipsis) at reducing the desire, ability and opportunity for proliferation is assessed. Virtually all the security benefits attainable by material processing can be obtained by immobilizing Pu in large unit size/mass monoliths without a radiation barrier. Russia would be allowed to extract the Pu at a future date for use as fuel in a verifiable manner. Remote tracking capability, if proven feasible, would further improve safeguarding capability. As an alternate approach, the US could compensate Russia for its Pu, allowing it to be disposed of or processed elsewhere. A market based method for pricing Pu is proposed. Surplus Pu could represent access to nuclear fuel at a fixed price at a future date. This position can be replicated in the uranium market and priced using derivative theory. The proposed strategy attempts to meet nonproliferation objectives by recognizing technical limitations and satisfying political constraints

  15. How do women at increased breast cancer risk perceive and decide between risks of cancer and risk-reducing treatments? A synthesis of qualitative research.

    Science.gov (United States)

    Fielden, Hannah G; Brown, Stephen L; Saini, Pooja; Beesley, Helen; Salmon, Peter

    2017-09-01

    Risk-reducing procedures can be offered to people at increased cancer risk, but many procedures can have iatrogenic effects. People therefore need to weigh risks associated with both cancer and the risk-reduction procedure in their decisions. By reviewing relevant literature on breast cancer (BC) risk reduction, we aimed to understand how women at relatively high risk of BC perceive their risk and how their risk perceptions influence their decisions about risk reduction. Synthesis of 15 qualitative studies obtained from systematic searches of SCOPUS, Web of Knowledge, PsychINFO, and Medline electronic databases (inception-June 2015). Women did not think about risk probabilistically. Instead, they allocated themselves to broad risk categories, typically influenced by their own or familial experiences of BC. In deciding about risk-reduction procedures, some women reported weighing the risks and benefits, but papers did not describe how they did so. For many women, however, an overriding wish to reduce intense worry about BC led them to choose aggressive risk-reducing procedures without such deliberation. Reasoning that categorisation is a fundamental aspect of risk perception, we argue that patients can be encouraged to develop more nuanced and accurate categorisations of their own risk through their interactions with clinicians. Empirically-based ethical reflection is required to determine whether and when it is appropriate to provide risk-reduction procedures to alleviate worry. © 2016 The Authors. Psycho-Oncology Published by John Wiley & Sons Ltd.

  16. Secure it now or secure it later: the benefits of addressing cyber-security from the outset

    Science.gov (United States)

    Olama, Mohammed M.; Nutaro, James

    2013-05-01

    The majority of funding for research and development (R&D) in cyber-security is focused on the end of the software lifecycle where systems have been deployed or are nearing deployment. Recruiting of cyber-security personnel is similarly focused on end-of-life expertise. By emphasizing cyber-security at these late stages, security problems are found and corrected when it is most expensive to do so, thus increasing the cost of owning and operating complex software systems. Worse, expenditures on expensive security measures often mean less money for innovative developments. These unwanted increases in cost and potential slowing of innovation are unavoidable consequences of an approach to security that finds and remediate faults after software has been implemented. We argue that software security can be improved and the total cost of a software system can be substantially reduced by an appropriate allocation of resources to the early stages of a software project. By adopting a similar allocation of R&D funds to the early stages of the software lifecycle, we propose that the costs of cyber-security can be better controlled and, consequently, the positive effects of this R&D on industry will be much more pronounced.

  17. Cooling off health security hot spots: getting on top of it down under.

    Science.gov (United States)

    Murray, Kris A; Skerratt, Lee F; Speare, Rick; Ritchie, Scott; Smout, Felicity; Hedlefs, Robert; Lee, Jonathan

    2012-11-01

    Australia is free of many diseases, pests and weeds found elsewhere in the world due to its geographical isolation and relatively good health security practices. However, its health security is under increasing pressure due to a number of ecological, climatic, demographic and behavioural changes occurring globally. North Queensland is a high risk area (a health security hot spot) for Australia, due in part to its connection to neighbouring countries via the Torres Strait and the Indo-Papuan conduit, its high diversity of wildlife reservoirs and its environmental characteristics. Major outbreaks of exotic diseases, pests and weeds in Australia can cost in excess of $1 billion; however, most expenditure on health security is reactive apart from preventive measures undertaken for a few high profile diseases, pests and weeds. Large gains in health security could therefore be made by spending more on pre-emptive approaches to reduce the risk of outbreaks, invasion/spread and establishment, despite these gains being difficult to quantify. Although biosecurity threats may initially have regional impacts (e.g. Hendra virus), a break down in security in health security hot spots can have national and international consequences, as has been seen recently in other regions with the emergence of SARS and pandemic avian influenza. Novel approaches should be driven by building research and management capacity, particularly in the regions where threats arise, a model that is applicable both in Australia and in other regions of the world that value and therefore aim to improve their strategies for maintaining health security. Copyright © 2012 Elsevier Ltd. All rights reserved.

  18. A risk-based approach to designing effective security force training exercises

    International Nuclear Information System (INIS)

    Bott, T.F.; Eisenhawer, S.W.

    2002-01-01

    The effectiveness of a security force in protecting a nuclear facility is often evaluated using training exercises that pit a group of simulated attackers against a security team. In the situation studied here, a security force was regularly tested by a regulatory body with the responsibility for security oversight. It was observed that the regulators were continually imposing more challenging security scenarios by assigning increasingly sophisticated facility knowledge to the attackers. Not surprisingly, the security forces' assessed effectiveness decreased until eventually they were unable to successfully resist the attacks. Security managers maintained that the knowledge attributed to the attackers was becoming increasingly unrealistic and feared they would be forced to concentrate resources on unrealistic scenarios at the expense of more credible threats.

  19. An economic assessment of population health risk in region

    Directory of Open Access Journals (Sweden)

    Nina Vladimirovna Zaytseva

    2012-06-01

    Full Text Available This paper proposes a method of economic assessment of population health risk as a tool of life qualitymanagement and qualityof labor resources in the region (as factors of a region’s economic security. The technique is based on the cost of reducing the period of disability in the implementation of population health risk and takes into account the effects of risk prevention on levels of the budgetary system of the Russian Federation. The method intends to support making decisions on planning measures to reduce population health risk at the level of regions, territories and separate objects to assess their cost-performance, optimization of investment and operating costs to reduce the population health risk and sustainable development of the territory

  20. Stochastic Optimization of Supply Chain Risk Measures –a Methodology for Improving Supply Security of Subsidized Fuel Oil in Indonesia

    Directory of Open Access Journals (Sweden)

    Adinda Yuanita

    2015-08-01

    Full Text Available Monte Carlo simulation-based methods for stochastic optimization of risk measures is required to solve complex problems in supply security of subsidized fuel oil in Indonesia. In order to overcome constraints in distribution of subsidized fuel in Indonesia, which has the fourth largest population in the world—more than 250,000,000 people with 66.5% of productive population, and has more than 17,000 islands with its population centered around the nation's capital only—it is necessary to have a measurable and integrated risk analysis with monitoring system for the purpose of supply security of subsidized fuel. In consideration of this complex issue, uncertainty and probability heavily affected this research. Therefore, this research did the Monte Carlo sampling-based stochastic simulation optimization with the state-of-the-art "FIRST" parameter combined with the Sensitivity Analysis to determine the priority of integrated risk mitigation handling so that the implication of the new model design from this research may give faster risk mitigation time. The results of the research identified innovative ideas of risk based audit on supply chain risk management and new FIRST (Fairness, Independence, Reliable, Sustainable, Transparent parameters on risk measures. In addition to that, the integration of risk analysis confirmed the innovative level of priority on sensitivity analysis. Moreover, the findings showed that the new risk mitigation time was 60% faster than the original risk mitigation time.

  1. [Protocols of health security in the light of some examples of risk management].

    Science.gov (United States)

    Postel-Vinay, Nicolas; Coquin, Yves

    2005-11-30

    Throughout medical training, medical risk management is a subject that has been insufficiently addressed and treated without a global vision. Yet the different dangers often make the front page of a media that addresses the question of health security when there is a failure of the system or new legal developments. Added to this disequilibrium of communication and training is the great complexity of risk management. Not only is the nature of the potentially dangerous agents extraordinarily varied but also the entity that detects the risk is sometimes a stranger to the causes of its appearance. The surrounding regulations are themselves complex and dense. Using the examples that have arisen over the last 2 or 3 years, this article describes the current French protocols in risk management, that rely upon the agencies delivering their expertise, certain of which are endowed with the power of policing these regulations. In practice, the doctor should understand the role of these agencies, know how to find the validated information that they can provide, and understand his role in this picture. A role that is perceived as far away as long as the risk has not emerged, but is in the forefront once the event arises.

  2. Policy risk in action: pension reforms and social security wealth in Hungary, Czech Republic, and Slovakia

    Czech Academy of Sciences Publication Activity Database

    Dušek, Libor; Kopecsni, J.

    2008-01-01

    Roč. 58, 7-8 (2008), s. 329-358 ISSN 0015-1920 R&D Projects: GA MŠk LC542 Institutional research plan: CEZ:AV0Z70850503 Keywords : pension reforms * social security * policy risk Subject RIV: AH - Economics Impact factor: 0.275, year: 2008 http://journal.fsv.cuni.cz/storage/1137_dusek-kopecsni_-_329-358-opravené.pdf

  3. Evaluating Process Effectiveness to Reduce Risk

    Science.gov (United States)

    Shepherd, Christena C.

    2017-01-01

    It is well documented that government agencies do not have the same incentive as the private sector to focus on process effectiveness and continual improvement of those processes. It is also well documented whenever government agencies fail to deliver efficient, effective, consistent, and fair services to the citizens. In spite of the various "reinventing government" and "effectiveness initiatives" of the past decades, and in spite of the efforts on the part of many agencies to improve, government in general still lags behind industry in creating a culture of effective processes and systems. While the tragic events that unfolded recently in Flint, Michigan, teach us that running government "like a business" does not always take the needs of the citizenry into account, there are many lessons and techniques from the private sector that government agencies can use to improve. The incentive to improve, while mandated by various administrations1, needs to come from within the workforce, in order to effectively take root. The best, most effective incentive is to reduce, control or eliminate risk. Government agencies face some of the same risks as the private sector, while some are unique. While ISO 310002 has been around since 2009, risk has taken on increased visibility within the private sector with the advent of the emphasis on risk-based thinking in ISO 9001:20153. The relationship between risk-based thinking and effective processes is simple and direct. Those processes that are well thought out and standardized (i.e. Plan-Do-Check-Act), will have taken into account the applicable policy, statutory, regulatory, safety, quality and technical parameters, which may not occur to someone performing the process with minimal experience or training; and thus protect the employees, the public and the agency from statutory and regulatory violations; delay in providing services; non-delivery of services; harm to public or employee safety and health; cost overruns; breaches in

  4. Biometric Enhancement of Home and Office Security to Reduce ...

    African Journals Online (AJOL)

    PROF. OLIVER OSUAGWA

    Biometrics security technology uses the physiological and ... verification and authentication methodology to verify how facial screening explores the different ... mouth, nose etc and stores the bio-information extracted from the face of every ...

  5. Information Security for Business: the Necessity of Reputational Risk Management

    Directory of Open Access Journals (Sweden)

    Vitaly Eduardovich Dorokhov

    2015-06-01

    Full Text Available The article presents the analysis of actual information security problems in commercial segment. The main directions in regulations of the Russian Federation connected with information security assurance are defined. The results indicate the insufficiency of legal regulation in prevention of reputational losses due to information security incidents

  6. Improving neurosurgical communication and reducing risk and registrar burden using a novel online database referral platform.

    Science.gov (United States)

    Matloob, Samir A; Hyam, Jonathan A; Thorne, Lewis; Bradford, Robert

    2016-01-01

    Documentation of urgent referrals to neurosurgical units and communication with referring hospitals is critical for effective handover and appropriate continuity of care within a tertiary service. Referrals to our neurosurgical unit were audited and we found that the majority of referrals were not documented and this led to more calls to the on-call neurosurgery registrar regarding old referrals. We implemented a new referral system in an attempt to improve documentation of referrals, communication with our referring hospitals and to professionalise the service we offer them. During a 14-day period, number of bleeps, missed bleeps, calls discussing new referrals and previously processed referrals were recorded. Whether new referrals were appropriately documented and referrers received a written response was also recorded. A commercially provided secure cloud-based data archiving telecommunications and database platform for referrals was subsequently introduced within the Trust and the questionnaire repeated during another 14-day period 1 year after implementation. Missed bleeps per day reduced from 16% (SD ± 6.4%) to 9% (SD ± 4.8%; df = 13, paired t-tests p = 0.007) and mean calls per day clarifying previous referrals reduced from 10 (SD ± 4) to 5 (SD ± 3.5; df = 13, p = 0.003). Documentation of new referrals increased from 43% (74/174) to 85% (181/210), and responses to referrals increased from 74% to 98%. The use of a secure cloud-based data archiving telecommunications and database platform significantly increased the documentation of new referrals. This led to fewer missed bleeps and fewer calls about old referrals for the on call registrar. This system of documenting referrals results in improved continuity of care for neurosurgical patients, a significant reduction in risk for Trusts and a more efficient use of Registrar time.

  7. It Security Issues Within the Video Game Industry

    OpenAIRE

    STEPHEN MOHR; SYED (SHAWON) RAHMAN,

    2011-01-01

    IT security issues are an important aspect for each and every organization within the video game industry. Within the video game industry alone, you might not normally think of security risks being an issue. But as we can and have seen in recent news, no company is immune to security risks no matter how big or how small. While each of these organizations will never be exactly the same as the next, there are common security issues that can and do affect each and every video game company. In or...

  8. Emergency management and homeland security: Exploring the relationship.

    Science.gov (United States)

    Kahan, Jerome H

    2015-01-01

    In the years after the 9/11 tragedy, the United States continues to face risks from all forms of major disasters, from potentially dangerous terrorist attacks to catastrophic acts of nature. Professionals in the fields of emergency management and homeland security have responsibilities for ensuring that all levels of government, urban areas and communities, nongovernmental organizations, businesses, and individual citizens are prepared to deal with such hazards though actions that reduce risks to lives and property. Regrettably, the overall efficiency and effectiveness of the nation's ability to deal with disasters is unnecessarily challenged by the absence of a common understanding on how these fields are related in the workforce and educational arenas. Complicating matters further is the fact that neither of these fields has developed agreed definitions. In many ways, homeland security and emergency management have come to represent two different worlds and cultures. These conditions can have a deleterious effect on preparedness planning for public and private stakeholders across the nation when coordinated responses among federal, state, and local activities are essential for dealing with consequential hazards. This article demonstrates that the fields of emergency management and homeland security share many responsibilities but are not identical in scope or skills. It argues that emergency management should be considered a critical subset of the far broader and more strategic field of homeland security. From analytically based conclusions, it recommends five steps that be taken to bring these fields closer together to benefit more from their synergist relationship as well as from their individual contributions.

  9. Russian-American Security Cooperation After St. Petersburg: Challenges and Opportunities

    Science.gov (United States)

    2007-04-01

    each shipment. The third GTRI element, the Reduced Enrichment for Research and Test Reactors ( RERTR ) program, funds efforts to convert the cores of...IAEA in the Russian Research Reactor Return Pro- gram, the RERTR Program, and the Tripartite Initia- tive to secure high-risk radioactive sources...Russia’s involvement in the RERTR , see Charles D. Ferguson, Preventing Catastrophic Nuclear Terrorism, New York: Council on Foreign Relations, March 2006

  10. Implementing an Information Security Program

    Energy Technology Data Exchange (ETDEWEB)

    Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.; O' Neil, Lori Ross; Leitch, Rosalyn; Johnson, Christopher; Lewis, John G.; Rodger, Robert M.

    2017-11-01

    The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to cover information security best practices, planning for an information security management system, and implementing security controls for information security.

  11. Can an active aging index (AAI) provide insight into reducing elder abuse? A case study in Rajshahi District, Bangladesh.

    Science.gov (United States)

    Tareque, Md Ismail; Ahmed, Md Munsur; Tiedt, Andrew D; Hoque, Nazrul

    2014-01-01

    We use data from respondents aged 60 years and above, collected during April 2009 in the Rajshahi district of Bangladesh, to examine whether high activeness, as captured by an AAI or in sub-domains, can help reduce the risk of elder abuse. The findings suggest that more than half of rural elderly and 14 percent of urban elderly were at some point abused. High activeness in health and security dimensions lowers the risk of being abused while those who are low active in community participation have the lowest risk of being abused in both rural and urban areas. Being literate (elderly with primary/secondary education) is revealed to be a significant factor that lowers the risk of abuse in both rural and urban areas. These results imply a need for educational programs that bolster positive and proper community interaction, in turn promoting a secure later life for elders, and reducing burden for families and society. High activeness in health and security dimensions should also be promoted to keep the elderly healthy and protect from abusive behavior. Copyright © 2013 Elsevier Ireland Ltd. All rights reserved.

  12. Interparental conflict, children’s security with parents, and long-term risk of internalizing problems: A longitudinal study from ages 2 to 10

    Science.gov (United States)

    Brock, Rebecca L.; Kochanska, Grazyna

    2015-01-01

    Although the negative impact of marital conflict on children has been amply documented, few studies have examined the process of risk in a long-term, longitudinal design. We examined parent–child attachment security as a mechanism that may account for the impact of interparental conflict on children’s long-term risk of internalizing problems. Sixty-two community mothers, fathers, and children were followed from ages 2 to 10. Parents reported on their conflicts when their children were 2. Trained observers produced parent–child attachment security scores (Attachment Q-Set, Waters, 1987), based on lengthy naturalistic observations of the child with each parent. Parents rated children’s internalizing problems at age 10. A conditional process model and bootstrap approach were implemented to examine conditional indirect effects of conflict on child internalizing problems through attachment security for girls versus boys. Maladaptive marital conflict (destructive strategies, severity of arguments) increased internalizing problems 8 years later due to the undermined security for girls, whereas negative emotional aftermath of conflict (unresolved, lingering tension) increased internalizing problems for both boys and girls. The emotional aftermath of conflict is often overlooked, yet it appears to be a key dimension influencing emotional security in the family system, with significant consequences for children’s development. PMID:25797703

  13. Medical interventional procedures--reducing the radiation risks

    International Nuclear Information System (INIS)

    Cousins, C.; Sharp, C.

    2004-01-01

    Over the last 40 years, the number of percutaneous interventional procedures using radiation has increased significantly, with many secondary care clinicians using fluoroscopically guided techniques. Many procedures can deliver high radiation doses to patients and staff, with the potential to cause immediate and delayed radiation effects. The challenge for interventionists is to maximize benefit, whilst minimizing radiation risk to patients and staff. Non-radiologist clinicians are often inadequately trained in radiation safety and radiobiology. However, clinical governance and legislation now requires a more rigorous approach to protecting patients and staff. Protection can be ensured, and risks can be controlled, by appropriate design, procurement and commissioning of equipment; quality assurance; and optimal operational technique, backed by audit. Interventionists need knowledge and skills to reduce the risks. Appropriate training should include awareness of the potential for radiation injury, equipment operational parameters, doses measurement and recording methods and dose reduction techniques. Clinical governance requires informed consent, appropriate patient counselling and follow-up

  14. Medical interventional procedures--reducing the radiation risks

    Energy Technology Data Exchange (ETDEWEB)

    Cousins, C. E-mail: claire.cousins@addenbrookes.nhs.uk; Sharp, C

    2004-06-01

    Over the last 40 years, the number of percutaneous interventional procedures using radiation has increased significantly, with many secondary care clinicians using fluoroscopically guided techniques. Many procedures can deliver high radiation doses to patients and staff, with the potential to cause immediate and delayed radiation effects. The challenge for interventionists is to maximize benefit, whilst minimizing radiation risk to patients and staff. Non-radiologist clinicians are often inadequately trained in radiation safety and radiobiology. However, clinical governance and legislation now requires a more rigorous approach to protecting patients and staff. Protection can be ensured, and risks can be controlled, by appropriate design, procurement and commissioning of equipment; quality assurance; and optimal operational technique, backed by audit. Interventionists need knowledge and skills to reduce the risks. Appropriate training should include awareness of the potential for radiation injury, equipment operational parameters, doses measurement and recording methods and dose reduction techniques. Clinical governance requires informed consent, appropriate patient counselling and follow-up.

  15. Reducing health risk assigned to organic emissions from a chemical weapons incinerator.

    Science.gov (United States)

    Laman, David M; Weiler, B Douglas; Skeen, Rodney S

    2013-03-01

    Organic emissions from a chemical weapons incinerator have been characterized with an improved set of analytical methods to reduce the human health risk assigned to operations of the facility. A gas chromatography/mass selective detection method with substantially reduced detection limits has been used in conjunction with scanning electron microscopy/energy dispersive X-ray spectrometry and Fourier transform infrared microscopy to improve the speciation of semi-volatile and non-volatile organics emitted from the incinerator. The reduced detection limits have allowed a significant reduction in the assumed polycyclic aromatic hydrocarbon (PAH) and aminobiphenyl (ABP) emission rates used as inputs to the human health risk assessment for the incinerator. A mean factor of 17 decrease in assigned human health risk is realized for six common local exposure scenarios as a result of the reduced PAH and ABP detection limits.

  16. Security concerns and trust in the adoption of m-commerce

    Directory of Open Access Journals (Sweden)

    Alexios Vasileiadis

    2014-10-01

    Full Text Available Purpose – to deeply examine customers’ perception in terms of how the determinants of trust and perceived risk affect their intention to adopt mobile commerce.Design/methodology/approach – literature review, conceptual framework, modelling method, quantitative survey methodology (questionnaire instrument.Findings – the perception of risk in terms of privacy, m-payments, m-commerce legislation and quality of delivered products has negative effect in the intention to adopt mobile commerce, while the good online vendors’ reputation, enticing promises, good encryption security and transparency, reduce the effect of risk and increase the intention to use m-commerce. The availability of easy to understand and find policies have positive effect in the intention to use m-commerce. When customers feel free of risks and have high level of trust in the intention to use mobile commerce they actually adopt it.Research limitation/implications –this empirical research contributed to the theory by exploring which factors influence or deter the m-commerce adoption. However, the UTAUT model, simple random sampling method and case studies on how the online vendors perform towards this topic are worth-exploring by future researchers.Practical implications – the research results show that mobile technology manufacturers and developers should improve both software and wireless network security, online vendors should improve their online reputation, transparency, and mobile website navigation. Lawmakers should improve m-commerce legislation to better protect customers in case of dispute with online vendors.Originality/value – previous researchers have never focused solely and in-depth on the determinants of perceived risk and trust. Moreover, this object had never been examined in the Greek Population.Keywords: mobile commerce adoption, security concerns, trust, perceived risksResearch type: literature review, Conceptual paper, Research paper

  17. Exploring public perceptions of energy security risks in the UK

    International Nuclear Information System (INIS)

    Demski, Christina; Poortinga, Wouter; Pidgeon, Nick

    2014-01-01

    Along with climate change and affordability, concerns about energy security are key drivers behind proposals for major energy system change in the UK and numerous other countries. Unlike climate change we know very little about how the public thinks and feels about this aspect of sustainability and energy policy. Beyond engaging critically with conceptual and theoretical discussions, empirical data from two surveys (Cardiff postal survey, N=520; online UK survey, N=499) using a ten item energy security scale are presented and discussed. Here we show that aspects of energy security are certainly of concern to the UK public, with particularly high concern around dependence on fossil fuels/imports and relatively lower expressed concern for actual disruption of energy supply. However public concerns around energy security are only emerging, and likely to change depending on the context in which it is discussed (e.g. in comparison to climate change). In addition, findings from public interviews are used to further contextualise the survey findings, showing unfamiliarity among the UK public with regards to the term “energy security”. We discuss implications, and further work that would be useful for understanding public perceptions in more depth. - highlights: • Exploring public views on energy security using a 10 item scale. • Concerns over energy security is relatively high but susceptible to framing. • Patterns of concern for different energy security aspects examined. • The term energy security is unfamiliar, only an emerging concern among UK publics. • Further discussion on the meanings and implications of these perceptions

  18. Study of Security Attributes of Smart Grid Systems- Current Cyber Security Issues

    Energy Technology Data Exchange (ETDEWEB)

    Wayne F. Boyer; Scott A. McBride

    2009-04-01

    This document provides information for a report to congress on Smart Grid security as required by Section 1309 of Title XIII of the Energy Independence and Security Act of 2007. The security of any future Smart Grid is dependent on successfully addressing the cyber security issues associated with the nation’s current power grid. Smart Grid will utilize numerous legacy systems and technologies that are currently installed. Therefore, known vulnerabilities in these legacy systems must be remediated and associated risks mitigated in order to increase the security and success of the Smart Grid. The implementation of Smart Grid will include the deployment of many new technologies and multiple communication infrastructures. This report describes the main technologies that support Smart Grid and summarizes the status of implementation into the existing U.S. electrical infrastructure.

  19. Reduced cancer risk in vegetarians: an analysis of recent reports.

    Science.gov (United States)

    Lanou, Amy Joy; Svenson, Barbara

    2010-12-20

    This report reviews current evidence regarding the relationship between vegetarian eating patterns and cancer risk. Although plant-based diets including vegetarian and vegan diets are generally considered to be cancer protective, very few studies have directly addressed this question. Most large prospective observational studies show that vegetarian diets are at least modestly cancer protective (10%-12% reduction in overall cancer risk) although results for specific cancers are less clear. No long-term randomized clinical trials have been conducted to address this relationship. However, a broad body of evidence links specific plant foods such as fruits and vegetables, plant constituents such as fiber, antioxidants and other phytochemicals, and achieving and maintaining a healthy weight to reduced risk of cancer diagnosis and recurrence. Also, research links the consumption of meat, especially red and processed meats, to increased risk of several types of cancer. Vegetarian and vegan diets increase beneficial plant foods and plant constituents, eliminate the intake of red and processed meat, and aid in achieving and maintaining a healthy weight. The direct and indirect evidence taken together suggests that vegetarian diets are a useful strategy for reducing risk of cancer.

  20. THE INFORMATION CONFIDENTIALITY AND CYBER SECURITY IN MEDICAL INSTITUTIONS

    Directory of Open Access Journals (Sweden)

    SABAU-POPA CLAUDIA DIANA

    2015-07-01

    Full Text Available The information confidentiality and cyber security risk affects the right to confidentiality and privacy of the patient, as regulated in Romania by the Law 46/2002. The manifestation of the cyber security risk event affects the reputation of the healthcare institution and is becoming more and more complex and often due to the: development of network technology, the medical equipment connected to wifi and the electronic databases. The databases containing medical records were implemented due to automation. Thus, transforming data into medical knowledge contribute to a better understanding of the disease. Due to these factors, the measures taken by the hospital management for this type of risk are adapted to the cyber changes. The hospital objectives aim: the implementation of a robust information system, the early threats identifications and the incident reporting. Neglecting this type of risk can generate financial loss, inability to continue providing health care services for a certain period of time, providing an erroneous diagnosis, medical equipment errors etc. Thus, in a digital age the appropriate risk management for the information security and cyber risk represent a necessity. The main concern of hospitals worldwide is to align with international requirements and obtain credentials in terms of data security from the International Organisation for Standardization, which regulates the management of this type of risk. Romania is at the beginning in terms of concerns regarding the management, avoidance and mitigation of information security, the health system being most highly exposed to its manifestation. The present paper examines the concerns of the health system to the confidentiality of information and cyber security risk and its management arrangements. Thus, a set of key risk indicators is implemented and monitored for 2011-2013, using a user interface, a Dashboard, which acts as an early warning system of the manifestation of the

  1. Reducing the risk of Legionnaires' disease associated with cooling towers

    Energy Technology Data Exchange (ETDEWEB)

    Freije, M.R. [HC Information Resources Inc., Carlsbad, CA (United States)

    2008-08-15

    To reduce the health and legal risks associated with Legionnaires' disease, facility managers should take steps to minimize Legionella bacteria in plumbing systems, open industrial equipment, water features, cooling towers, and other aerosolizing water systems. The risk of Legionnaires' disease associated with cooling towers can be reduced by controlling Legionella bacteria in cooling water and preventing transmission of the bacteria from towers to people. This paper presents nine reasonable ways to accomplish these goals. (orig.)

  2. 46 CFR 308.507 - Security for payment of premiums.

    Science.gov (United States)

    2010-10-01

    ....507 Shipping MARITIME ADMINISTRATION, DEPARTMENT OF TRANSPORTATION EMERGENCY OPERATIONS WAR RISK INSURANCE War Risk Cargo Insurance Ii-Open Policy War Risk Cargo Insurance § 308.507 Security for payment of... collateral deposit fund or a surety bond, to secure the payment of the premiums, in an amount which shall at...

  3. XMSS : a practical forward secure signature scheme based on minimal security assumptions

    NARCIS (Netherlands)

    Buchmann, Johannes; Dahmen, Erik; Hülsing, Andreas; Yang, B.-Y.

    2011-01-01

    We present the hash-based signature scheme XMSS. It is the first provably (forward) secure and practical signature scheme with minimal security requirements: a pseudorandom and a second preimage resistant (hash) function family. Its signature size is reduced to less than 25% compared to the best

  4. Sustainable Survival for adolescents living with HIV: do SDG-aligned provisions reduce potential mortality risk?

    Science.gov (United States)

    Cluver, Lucie; Pantelic, Marija; Orkin, Mark; Toska, Elona; Medley, Sally; Sherr, Lorraine

    2018-02-01

    The Sustainable Development Goals (SDGs) present a groundbreaking global development agenda to protect the most vulnerable. Adolescents living with HIV in Sub-Saharan Africa continue to experience extreme health vulnerabilities, but we know little about the impacts of SDG-aligned provisions on their health. This study tests associations of provisions aligned with five SDGs with potential mortality risks. Clinical and interview data were gathered from N = 1060 adolescents living with HIV in rural and urban South Africa in 2014 to 2015. All ART-initiated adolescents from 53 government health facilities were identified, and traced in their communities to include those defaulting and lost-to-follow-up. Potential mortality risk was assessed as either: viral suppression failure (1000+ copies/ml) using patient file records, or adolescent self-report of diagnosed but untreated tuberculosis or symptomatic pulmonary tuberculosis. SDG-aligned provisions were measured through adolescent interviews. Provisions aligned with SDGs 1&2 (no poverty and zero hunger) were operationalized as access to basic necessities, social protection and food security; An SDG 3-aligned provision (ensure healthy lives) was having a healthy primary caregiver; An SDG 8-aligned provision (employment for all) was employment of a household member; An SDG 16-aligned provision (protection from violence) was protection from physical, sexual or emotional abuse. Research partners included the South African national government, UNICEF and Pediatric and Adolescent Treatment for Africa. 20.8% of adolescents living with HIV had potential mortality risk - i.e. viral suppression failure, symptomatic untreated TB, or both. All SDG-aligned provisions were significantly associated with reduced potential mortality risk: SDG 1&2 (OR 0.599 CI 0.361 to 0.994); SDG 3 (OR 0.577 CI 0.411 to 0.808); SDG 8 (OR 0.602 CI 0.440 to 0.823) and SDG 16 (OR 0.686 CI 0.505 to 0.933). Access to multiple SDG-aligned provisions showed a

  5. Risk in the Clouds?: Security Issues Facing Government Use of Cloud Computing

    Science.gov (United States)

    Wyld, David C.

    Cloud computing is poised to become one of the most important and fundamental shifts in how computing is consumed and used. Forecasts show that government will play a lead role in adopting cloud computing - for data storage, applications, and processing power, as IT executives seek to maximize their returns on limited procurement budgets in these challenging economic times. After an overview of the cloud computing concept, this article explores the security issues facing public sector use of cloud computing and looks to the risk and benefits of shifting to cloud-based models. It concludes with an analysis of the challenges that lie ahead for government use of cloud resources.

  6. Policies for Reducing Coastal Risk on the East and Gulf Coasts

    Science.gov (United States)

    Glickson, D.; Johnson, S.

    2014-12-01

    Hurricane- and coastal storm-related economic losses have increased substantially over the past century, largely due to expanding population and development in susceptible coastal areas. Concurrent with this growth, the federal government has assumed an increasing proportion of the financial responsibility associated with U.S. coastal storms, which may discourage state and local governments from taking appropriate actions to reduce risk and enhance resilience. Strategies to manage coastal storm risks fall into two categories: reducing the probability of flooding or wave impact (such as seawalls, storm surge barriers, beach nourishment, dune building, restoration/expansion of oyster reefs, salt marshes, and mangroves) and reducing the number or vulnerability of people or structures (such as relocation, land-use planning, and elevating or floodproofing buildings). Over the past century, most coastal risk management programs have emphasized coastal armoring, while doing little to decrease development in harm's way. This National Research Council report calls for the development of a national vision for managing coastal risks that includes a long-term view, regional solutions, and recognition of all benefits. A national coastal risk assessment is needed to identify high priority areas. Benefit-cost analysis provides a reasonable framework to evaluate national investments in coastal risk reduction, if constrained by other important environmental, social, and life-safety factors. Extensive collaboration and additional policy changes will be necessary to move from a nation that is primarily reactive to coastal disasters to one that invests wisely in coastal risk reduction and builds resilience among coastal communities.

  7. BYOD Security: A New Business Challenge

    OpenAIRE

    Downer, K.; Bhattacharya, Maumita

    2016-01-01

    Bring Your Own Device (BYOD) is a rapidly growing trend in businesses concerned with information technology. BYOD presents a unique list of security concerns for businesses implementing BYOD policies. Recent publications indicate a definite awareness of risks involved in incorporating BYOD into business, however it is still an underrated issue compared to other IT security concerns. This paper focuses on two key BYOD security issues: security challenges and available frameworks. A taxonomy sp...

  8. Reducing mortality risk by targeting specific air pollution sources: Suva, Fiji.

    Science.gov (United States)

    Isley, C F; Nelson, P F; Taylor, M P; Stelcer, E; Atanacio, A J; Cohen, D D; Mani, F S; Maata, M

    2018-01-15

    Health implications of air pollution vary dependent upon pollutant sources. This work determines the value, in terms of reduced mortality, of reducing ambient particulate matter (PM 2.5 : effective aerodynamic diameter 2.5μm or less) concentration due to different emission sources. Suva, a Pacific Island city with substantial input from combustion sources, is used as a case-study. Elemental concentration was determined, by ion beam analysis, for PM 2.5 samples from Suva, spanning one year. Sources of PM 2.5 have been quantified by positive matrix factorisation. A review of recent literature has been carried out to delineate the mortality risk associated with these sources. Risk factors have then been applied for Suva, to calculate the possible mortality reduction that may be achieved through reduction in pollutant levels. Higher risk ratios for black carbon and sulphur resulted in mortality predictions for PM 2.5 from fossil fuel combustion, road vehicle emissions and waste burning that surpass predictions for these sources based on health risk of PM 2.5 mass alone. Predicted mortality for Suva from fossil fuel smoke exceeds the national toll from road accidents in Fiji. The greatest benefit for Suva, in terms of reduced mortality, is likely to be accomplished by reducing emissions from fossil fuel combustion (diesel), vehicles and waste burning. Copyright © 2017. Published by Elsevier B.V.

  9. Critical Success Factors for an Effective Security Risk Management Program in an Organization: An Exploratory Case Study

    Science.gov (United States)

    Zafar, Humayun

    2010-01-01

    This study investigates differences in perception between layers of management (executive, middle, and lower) and staff with regard to the influence of critical success factors (CSFs) on security risk management (SRM) effectiveness. This is an in-depth case study conducted at a Fortune 500 company. Rockart's (1979) CSF method is modified through…

  10. Profiles of Food Security for US Farmworker Households and Factors Related to Dynamic of Change.

    Science.gov (United States)

    Ip, Edward H; Saldana, Santiago; Arcury, Thomas A; Grzywacz, Joseph G; Trejo, Grisel; Quandt, Sara A

    2015-10-01

    We recruited 248 farmworker families with preschool-aged children in North Carolina and examined food security indicators over 24 months to identify food security patterns and examine the dynamic of change over time. Participants in the Niños Sanos study, conducted 2011 to 2014, completed quarterly food security assessments. Based on responses to items in the US Household Food Security Survey Module, we identified different states of food security by using hidden Markov model analysis, and examined factors associated with different states. We delineated factors associated with changes in state by using mixed-effect ordinal logistic regression. About half of the households (51%) consistently stayed in the most food-secure state. The least food-secure state was transient, with only 29% probability of this state for 2 consecutive quarters. Seasonal (vs migrant) work status, having immigration documents (vs not documented), and season predicted higher levels of food security. Heterogeneity in food security among farmworker households calls for tailoring intervention strategies. The transiency and unpredictability of low food security suggest that access to safety-net programs could reduce low food security risk in this population.

  11. Information Security Risk Analysis

    CERN Document Server

    Peltier, Thomas R

    2010-01-01

    Offers readers with the knowledge and the skill-set needed to achieve a highly effective risk analysis assessment. This title demonstrates how to identify threats and then determine if those threats pose a real risk. It is suitable for industry and academia professionals.

  12. Breast-feeding reduces the risk for childhood eczema.

    Science.gov (United States)

    Kull, Inger; Böhme, Maria; Wahlgren, Carl-Fredrik; Nordvall, Lennart; Pershagen, Göran; Wickman, Magnus

    2005-09-01

    The evidence for a preventive effect of breast-feeding on the development of eczema in childhood remains controversial. To investigate the effect of breast-feeding in various phenotypes of eczema to 4 years. A birth cohort of 4089 children made up the study base. Data on breast-feeding, allergic symptoms, and potential confounders were obtained from questionnaires when the children were 2 months and 1, 2, and 4 years old. At 4 years, blood specific IgE was analyzed. Children with symptoms of eczema and asthma during the period of breast-feeding were excluded in most analyses on risk assessment of eczema and asthma, respectively, to avoid disease-related modification of exposure. Exclusive breast-feeding for >or=4 months reduced the risk for eczema at the age of 4 years (odds ratio [OR], 0.78; 95% CI, 0.63--0.96) irrespective of combination with asthma, sensitization to common allergens, or parental allergic disease. This decreased risk was most evident for children with onset of eczema during the first 2 years persisting to 4 years (OR, 0.59; 95% CI, 0.45--0.77). Among children with early-onset eczema, irrespective of persistency, followed by late onset of asthma or early-onset asthma irrespective of persistency, followed by late-onset eczema to 4 years, a protective effect of breast-feeding was also seen (OR, 0.48; 95% CI, 0.30--0.76). Breast-feeding 4 months or more reduces the risk for eczema and onset of the allergy march to age 4.

  13. Walk the Talk: Progress in Building a Supply Chain Security Culture

    Energy Technology Data Exchange (ETDEWEB)

    Hund, Gretchen [Pacific Northwest National Lab. (PNNL), Richland, WA (United States)

    2016-08-31

    Pacific Northwest National Laboratory (PNNL) has engaged industry to “go beyond compliance” for over a decade in controlling and securing their supply chains to ensure their goods are not diverted to nuclear weapons programs. This work has focused on dual-use industries that manufacture products that can be used in both commercial applications and in the development of a nuclear weapon. The team encourages industry to self-regulate to reduce proliferation risks. As part of that work, PNNL interviewed numerous companies about their compliance practices to understand their business and to build awareness around best practices to ensure security of goods, technology, and information along their supply chains. From conducting this work, PNNL identified indicators that a company can adopt as part of its commitment to nonproliferation ideals with a focus on supply chain security.

  14. Walk the Talk: Progress in Building a Supply Chain Security Culture

    International Nuclear Information System (INIS)

    Hund, Gretchen

    2016-01-01

    Pacific Northwest National Laboratory (PNNL) has engaged industry to ''go beyond compliance'' for over a decade in controlling and securing their supply chains to ensure their goods are not diverted to nuclear weapons programs. This work has focused on dual-use industries that manufacture products that can be used in both commercial applications and in the development of a nuclear weapon. The team encourages industry to self-regulate to reduce proliferation risks. As part of that work, PNNL interviewed numerous companies about their compliance practices to understand their business and to build awareness around best practices to ensure security of goods, technology, and information along their supply chains. From conducting this work, PNNL identified indicators that a company can adopt as part of its commitment to nonproliferation ideals with a focus on supply chain security.

  15. Security risks in IP telephony

    OpenAIRE

    Řezáč, Filip; Vozňák, Miroslav

    2010-01-01

    This paper deals with VoIP communication security and various techniques of VoIP attacks. We divided these threats in several categories according to their specific behaviour and their impact on the affected system. We also tried to find effective methods to prevent or mitigate these attacks. We focused our work on Spam over Internet Telephony (SPIT) as a real threat for the future. We have developed both a tool generating SPIT attacks and AntiSPIT tool defending communication systems against...

  16. A Review and Comparative Analysis of Security Risks and Safety Measures of Mobile Health Apps

    Directory of Open Access Journals (Sweden)

    Karen Scott

    2015-11-01

    Full Text Available In line with a patient-centred model of healthcare, Mobile Health applications (mhealth apps provide convenient and equitable access to health and well-being resources and programs that can enable consumers to monitor their health related problems, understand specific medical conditions and attain personal fitness goals. This increase in access and control comes with an increase in risk and responsibility to identify and manage the associated risks, such as the privacy and security of consumers’ personal and health information. Based on a review of the literature, this paper identifies a set of risk and safety features for evaluating mHealth apps and uses those features to conduct a comparative analysis of the 20 most popular mHealth apps. The comparative analysis reveals that current mHealth apps do pose a risk to consumers. To address the safety and privacy concerns, recommendations to consumers and app developers are offered together with consideration of mHealth app future trends.

  17. Safeguard and security issues for the U.S. Fissile Materials Disposition Program

    International Nuclear Information System (INIS)

    Jaeger, C.D.; Moya, R.W.; Duggan, R.A.

    1995-01-01

    The Department of Energy's Office of Materials Disposition (MD) is analyzing long-term storage and disposition options for fissile materials, preparing a Programmatic Environmental Impact Statement (PEIS), preparing for a Record of Decision (ROD) regarding this material, and conducting other related activities. A primary objective of this program is to support U.S. nonproliferation policy by reducing major security risks. Particular areas of concern are the acquisition of this material by unauthorized persons and preventing the reintroduction of the material for use in weapons. This paper presents some of the issues, definitions, and assumptions addressed by the Safeguards and Security Project Team in support of the Fissile Materials Disposition Program (FMDP). The discussion also includes some preliminary ideas regarding safeguards and security criteria that are applicable to the screening of disposition options

  18. Safeguards and security issues for the U.S. Fissile Materials Disposition Program

    International Nuclear Information System (INIS)

    Jaeger, C.D.; Moya, R.W.; Duggan, R.A.

    1995-01-01

    The Department of Energy's Office of Materials Disposition (MD) is analyzing long-term storage and disposition options for fissile materials, preparing a Programmatic Environmental Impact Statement (PEIS), preparing for a Record of Decision (ROD) regarding this material, and conducting other related activities. A primary objective of this program is to support US nonproliferation policy by reducing major security risks. Particular areas of concern are the acquisition of this material by unauthorized persons and preventing the reintroduction of the material for use in weapons. This paper presents some of the issues, definitions, and assumptions addressed by the Safeguards and Security Project Team in support of the Fissile Materials Disposition Program (FMDP). The discussion also includes some preliminary ideas regarding safeguards and security criteria that are applicable to the screening of disposition options

  19. SYMMETRIC ENCRYPTION USING PRE-SHARED PUBLIC PARAMETERS FOR A SECURE TFTP PROTOCOL

    Directory of Open Access Journals (Sweden)

    N. N. MOHAMED

    2017-01-01

    Full Text Available Advances in the communication technology of embedded systems have led to the situation where nowadays almost all systems should implement security for data safety. Trivial File Transfer Protocol (TFTP has advantages for use in embedded systems due to its speed and simplicity, however without security mechanisms, it is vulnerable to various attacks. As an example, during upgrading of Wireless Access Points (WAPs, attackers can access the information and modify it, and then install malicious code to interrupt the system. This work proposes security implementation of Diffie Hellman Key Exchange in TFTP by pre-sharing public parameters that enable two parties to achieve same secret key without the risk of Man-In-The-Middle (MITM attacks. The implementation is integrated with compression and encryption methods to significantly reduce computational requirements in TFTP communication.

  20. Secure or Insure: An Economic Analysis of Security Interdependencies and Investment Types

    Science.gov (United States)

    Grossklags, Jens

    2009-01-01

    Computer users express a strong desire to prevent attacks, and to reduce the losses from computer and information security breaches. However, despite the widespread availability of various technologies, actual investments in security remain highly variable across the Internet population. As a result, attacks such as distributed denial-of-service…