49 CFR 659.21 - System security plan: general requirements.

Science.gov (United States)

2010-10-01

... 49 Transportation 7 2010-10-01 2010-10-01 false System security plan: general requirements. 659.21... State Oversight Agency § 659.21 System security plan: general requirements. (a) The oversight agency shall require the rail transit agency to implement a system security plan that, at a minimum, complies...

Towards a Relation Extraction Framework for Cyber-Security Concepts

Energy Technology Data Exchange (ETDEWEB)

Jones, Corinne L [ORNL; Bridges, Robert A [ORNL; Huffer, Kelly M [ORNL; Goodall, John R [ORNL

2015-01-01

In order to assist security analysts in obtaining information pertaining to their network, such as novel vulnerabilities, exploits, or patches, information retrieval methods tailored to the security domain are needed. As labeled text data is scarce and expensive, we follow developments in semi-supervised NLP and implement a bootstrapping algorithm for extracting security entities and their relationships from text. The algorithm requires little input data, specifically, a few relations or patterns (heuristics for identifying relations), and incorporates an active learning component which queries the user on the most important decisions to prevent drifting the desired relations. Preliminary testing on a small corpus shows promising results, obtaining precision of .82.

Security requirements engineering : the SI* modeling language and the Secure Tropos methodology

NARCIS (Netherlands)

Massacci, F.; Mylopoulos, J.; Zannone, N.; Ras, Z.W.; Tsay, L.-S.

2010-01-01

Security Requirements Engineering is an emerging field which lies at the crossroads of Security and Software Engineering. Much research has focused on this field in recent years, spurred by the realization that security must be dealt with in the earliest phases of the software development process as

Security and Privacy in Video Surveillance: Requirements and Challenges

DEFF Research Database (Denmark)

Mahmood Rajpoot, Qasim; Jensen, Christian D.

2014-01-01

observed by the system. Several techniques to protect the privacy of individuals have therefore been proposed, but very little research work has focused on the specific security requirements of video surveillance data (in transit or in storage) and on authorizing access to this data. In this paper, we...... present a general model of video surveillance systems that will help identify the major security and privacy requirements for a video surveillance system and we use this model to identify practical challenges in ensuring the security of video surveillance data in all stages (in transit and at rest). Our...... study shows a gap between the identified security requirements and the proposed security solutions where future research efforts may focus in this domain....

7 CFR 3550.108 - Security requirements (loans only).

Science.gov (United States)

2010-01-01

... 7 Agriculture 15 2010-01-01 2010-01-01 false Security requirements (loans only). 3550.108 Section..., DEPARTMENT OF AGRICULTURE DIRECT SINGLE FAMILY HOUSING LOANS AND GRANTS Section 504 Origination and Section 306C Water and Waste Disposal Grants § 3550.108 Security requirements (loans only). When the total...

A Study of Cyber Security Activities for Development of Safety-related Controller

Energy Technology Data Exchange (ETDEWEB)

Lee, Myeongkyun; Song, Seunghwan; Yoo, Kwanwoo; Yun, Donghwa [Korea Univ., Seoul (Korea, Republic of)

2014-05-15

Nuclear Power Plant Regulatory guide describes the regulatory requirements to implement cyber security activities to ensure that design and operate to respond to cyber threats that exploited to vulnerability of digital-based technologies associated with safety-related digital instrumentation and control systems at nuclear power plants. Cyber security activities coverage is instrumentation and control systems to perform safety functions and digital-based equipment to use development, test, analysis and asset for instrumentation and control systems. Regulatory guidance is required to the cyber security activities that should be performed in each development phase of safety-related controller. Development organization should establish and implement to cyber security plans for responding to cyber threats throughout each lifecycle phase and the result of the cyber security activities should be generated to the documents. In addition, the independent verification and validation organization should perform simulated penetration test for enhancing response capabilities to cyber security threats and development organization should establish and implement response hardening solutions for the cyber security vulnerabilities identified in the simulated penetration test.

A Study of Cyber Security Activities for Development of Safety-related Controller

International Nuclear Information System (INIS)

Lee, Myeongkyun; Song, Seunghwan; Yoo, Kwanwoo; Yun, Donghwa

2014-01-01

Nuclear Power Plant Regulatory guide describes the regulatory requirements to implement cyber security activities to ensure that design and operate to respond to cyber threats that exploited to vulnerability of digital-based technologies associated with safety-related digital instrumentation and control systems at nuclear power plants. Cyber security activities coverage is instrumentation and control systems to perform safety functions and digital-based equipment to use development, test, analysis and asset for instrumentation and control systems. Regulatory guidance is required to the cyber security activities that should be performed in each development phase of safety-related controller. Development organization should establish and implement to cyber security plans for responding to cyber threats throughout each lifecycle phase and the result of the cyber security activities should be generated to the documents. In addition, the independent verification and validation organization should perform simulated penetration test for enhancing response capabilities to cyber security threats and development organization should establish and implement response hardening solutions for the cyber security vulnerabilities identified in the simulated penetration test

Multilevel security for relational databases

CERN Document Server

Faragallah, Osama S; El-Samie, Fathi E Abd

2014-01-01

Concepts of Database Security Database Concepts Relational Database Security Concepts Access Control in Relational Databases      Discretionary Access Control      Mandatory Access Control      Role-Based Access Control Work Objectives Book Organization Basic Concept of Multilevel Database Security IntroductionMultilevel Database Relations Polyinstantiation      Invisible Polyinstantiation      Visible Polyinstantiation      Types of Polyinstantiation      Architectural Consideration

A vulnerability-centric requirements engineering framework : Analyzing security attacks, countermeasures, and requirements based on vulnerabilities

NARCIS (Netherlands)

Elahi, G.; Yu, E.; Zannone, N.

2010-01-01

Many security breaches occur because of exploitation of vulnerabilities within the system. Vulnerabilities are weaknesses in the requirements, design, and implementation, which attackers exploit to compromise the system. This paper proposes a methodological framework for security requirements

48 CFR 1337.110-70 - Personnel security processing requirements.

Science.gov (United States)

2010-10-01

... information technology (IT) system, as required by the Department of Commerce Security Manual and Department of Commerce Security Program Policy and Minimum Implementation Standards. (b) Insert clause 1352.237... as National Security Contracts that will be performed on or within a Department of Commerce facility...

Information security requirements in patient-centred healthcare support systems.

Science.gov (United States)

Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

2013-01-01

Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

Security Requirements for New Threats at International Airports

Directory of Open Access Journals (Sweden)

Gabriel Nowacki

2018-03-01

Full Text Available The paper refers to security requirements for new threats international airports, taking specifically into consideration current challenges within processing of passengers, in light of types of current major threats, in a way ensuring positive passenger experience within their journey. In addition, within the scope of this paper, presented initial outcome of study research among professional aviation stakeholder?s environment, on current threats in the area of security and protection of airport infrastructure. The airports are a very demanding environment: seasonal traffic, fluctuating passenger volumes and last minute changes mean there is a lot of flexibility required in order to meet specific needs of airport authorities and their clients or the passengers (Dolnik, 2009. Therefore, security in aviation sector has been a big issue for civil aviation authorities, as airports are susceptible targets for terrorist attacks. The list of incidents is extensive and gets longer every year despite strict security measures. Within decades, aviation has become the backbone of our global economy bringing people to business, tourists to vacation destinations and products to markets. Statistically flying remains the safest mode of travelling compared to other modes of transportation. However, simultaneously terrorists and criminals continue in their quest to explore new ways of disrupting air transportation and the challenge to secure airports and airline assets remain real. This calls for greater awareness of security concerns in the aviation sector. The key element, how to protects against terrorist modus operandi, is to stay ahead of recent threats, incidents and breaches occurring worldwide. It requires implementation of effective data sharing systems, in order to proactively monitor potential risks and vulnerabilities within different type of aviation ecosystems.

SecureCore Software Architecture: Trusted Path Application (TPA) Requirements

National Research Council Canada - National Science Library

Clark, Paul C; Irvine, Cynthia E; Levin, Timothy E; Nguyen, Thuy D; Vidas, Timothy M

2007-01-01

.... The purpose of the SecureCore research project is to investigate fundamental architectural features required for the trusted operation of mobile computing devices so the security is built-in, transparent and flexible...

Cloud computing security requirements: a systematic review

NARCIS (Netherlands)

Iankoulova, Iliana; Daneva, Maia; Rolland, C; Castro, J.; Pastor, O

Many publications have dealt with various types of security requirements in cloud computing but not all types have been explored in sufficient depth. It is also hard to understand which types of requirements have been under-researched and which are most investigated. This paper's goal is to provide

AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

Directory of Open Access Journals (Sweden)

JAE-GU SONG

2013-10-01

Full Text Available Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

RiskREP: Risk-Based Security Requirements Elicitation and Prioritization (extended version)

NARCIS (Netherlands)

Herrmann, Andrea; Morali, A.

2010-01-01

Today, companies are required to be in control of the security of their IT assets. This is especially challenging in the presence of limited budgets and conflicting requirements. Here, we present Risk-Based Requirements Elicitation and Prioritization (RiskREP), a method for managing IT security

Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

Energy Technology Data Exchange (ETDEWEB)

Robert P. Evans

2005-09-01

Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was

7 CFR 774.18 - Interest rate, terms and security requirements.

Science.gov (United States)

2010-01-01

... 7 Agriculture 7 2010-01-01 2010-01-01 false Interest rate, terms and security requirements. 774.18..., DEPARTMENT OF AGRICULTURE SPECIAL PROGRAMS EMERGENCY LOAN FOR SEED PRODUCERS PROGRAM § 774.18 Interest rate, terms and security requirements. (a) Interest rate. (1) The interest rate on the loan will be zero...

A Business Goal Driven Approach for Understanding and Specifying Information Security Requirements

NARCIS (Netherlands)

Su, X.; Bolzoni, D.; van Eck, Pascal

In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most

Measuring relational security in forensic mental health services.

Science.gov (United States)

Chester, Verity; Alexander, Regi T; Morgan, Wendy

2017-12-01

Aims and method Relational security is an important component of care and risk assessment in mental health services, but the utility of available measures remains under-researched. This study analysed the psychometric properties of two relational security tools, the See Think Act (STA) scale and the Relational Security Explorer (RSE). Results The STA scale had good internal consistency and could highlight differences between occupational groups, whereas the RSE did not perform well as a psychometric measure. Clinical implications The measures provide unique and complimentary perspectives on the quality of relational security within secure services, but have some limitations. Use of the RSE should be restricted to its intended purpose; to guide team discussions about relational security, and services should refrain from collecting and aggregating this data. Until further research validates their use, relational security measurement should be multidimensional and form part of a wider process of service quality assessment.

Measuring relational security in forensic mental health services

Science.gov (United States)

Chester, Verity; Alexander, Regi T.; Morgan, Wendy

2017-01-01

Aims and method Relational security is an important component of care and risk assessment in mental health services, but the utility of available measures remains under-researched. This study analysed the psychometric properties of two relational security tools, the See Think Act (STA) scale and the Relational Security Explorer (RSE). Results The STA scale had good internal consistency and could highlight differences between occupational groups, whereas the RSE did not perform well as a psychometric measure. Clinical implications The measures provide unique and complimentary perspectives on the quality of relational security within secure services, but have some limitations. Use of the RSE should be restricted to its intended purpose; to guide team discussions about relational security, and services should refrain from collecting and aggregating this data. Until further research validates their use, relational security measurement should be multidimensional and form part of a wider process of service quality assessment. PMID:29234515

14 CFR 1274.937 - Security requirements for unclassified information technology resources.

Science.gov (United States)

2010-01-01

... information technology resources. 1274.937 Section 1274.937 Aeronautics and Space NATIONAL AERONAUTICS AND... Conditions § 1274.937 Security requirements for unclassified information technology resources. Security Requirements for Unclassified Information Technology Resources July 2002 (a) The Recipient shall be responsible...

An analysis of Technical Security Control Requirements For Digital I and C Systems in Nuclear Power Plants

International Nuclear Information System (INIS)

Song, Jaegu; Lee, Jungwoon; Park, Geeyong; Kwon, Keechoon; Lee, Dongyoung; Lee, Cheolkwon

2013-01-01

Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system

An analysis of Technical Security Control Requirements For Digital I and C Systems in Nuclear Power Plants

Energy Technology Data Exchange (ETDEWEB)

Song, Jaegu; Lee, Jungwoon; Park, Geeyong; Kwon, Keechoon; Lee, Dongyoung; Lee, Cheolkwon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

2013-10-15

Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

What Isn’t Working and New Requirements. The Need to Harmonize Safety and Security Requirements

International Nuclear Information System (INIS)

Flory, D.

2016-01-01

This paper sets out the key issues for consideration at the transport conference. It will introduce each of the aspects of the framework for safe, secure and sustainable transport, building on the description of the existing situation presented in Session 1A. It will discuss purpose of the IAEA framework, and examine the scientific basis, the IAEA recommendations and requirements, the UN interface, the use of conventions, national implementation, industry compliance, communication and information, response and restoration. It will also look at the activities and related requirements outside of transport which could influence the transport frameworks either in a positive or negative manner. (author)

Reconsidering relations between nuclear energy and security concepts

International Nuclear Information System (INIS)

Irie, Kazutomo

2004-01-01

Relations between nuclear energy and security concepts can be clarified through investigation into the multivocal nature of security concepts. While military uses of nuclear energy significantly influence national security, peaceful uses of nuclear energy contribute energy security, which is an expanded concept of national security. Military and peaceful uses of nuclear energy have reciprocal actions, thus influencing national security and energy security, respectively. Nuclear security, which means security of nuclear systems themselves, recently attracts the attention of the international society. Nuclear security directly influences national security issues. On the other hand, along with nuclear safety, nuclear security becomes a prerequisite for energy security through peaceful uses of nuclear energy. In investigating into relations between nuclear energy and security concepts, the difficulty of translating the English word of 'nuclear security' into Japanese as well as other languages is found. (author)

On Business-Driven IT Security Management and Mismatches between Security Requirements in Firms, Industry Standards and Research Work

Science.gov (United States)

Frühwirth, Christian

Industry managers have long recognized the vital importance of information security for their businesses, but at the same time they perceived security as a technology-driven rather then a business-driven field. Today, this notion is changing and security management is shifting from technology- to business-oriented approaches. Whereas there is evidence of this shift in the literature, this paper argues that security standards and academic work have not yet taken it fully into account. We examine whether this disconnect has lead to a misalignment of IT security requirements in businesses versus industry standards and academic research. We conducted 13 interviews with practitioners from 9 different firms to investigate this question. The results present evidence for a significant gap between security requirements in industry standards and actually reported security vulnerabilities. We further find mismatches between the prioritization of security factors in businesses, standards and real-world threats. We conclude that security in companies serves the business need of protecting information availability to keep the business running at all times.

19 CFR 113.1 - Authority to require security or execution of bond.

Science.gov (United States)

2010-04-01

... 19 Customs Duties 1 2010-04-01 2010-04-01 false Authority to require security or execution of bond. 113.1 Section 113.1 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY CUSTOMS BONDS General Provisions § 113.1 Authority to require security or...

7 CFR 773.19 - Interest rate, terms, security requirements, and repayment.

Science.gov (United States)

2010-01-01

... 7 Agriculture 7 2010-01-01 2010-01-01 false Interest rate, terms, security requirements, and... SERVICE AGENCY, DEPARTMENT OF AGRICULTURE SPECIAL PROGRAMS SPECIAL APPLE LOAN PROGRAM § 773.19 Interest rate, terms, security requirements, and repayment. (a) Interest rate. The interest rate will be fixed...

28 CFR 105.11 - Individuals not requiring a security risk assessment.

Science.gov (United States)

2010-07-01

... requiring a security risk assessment. (a) Citizens and nationals of the United States. A citizen or national... 28 Judicial Administration 2 2010-07-01 2010-07-01 false Individuals not requiring a security risk assessment. 105.11 Section 105.11 Judicial Administration DEPARTMENT OF JUSTICE (CONTINUED) CRIMINAL HISTORY...

7 CFR 771.9 - Interest rates, terms, security requirements, and repayment.

Science.gov (United States)

2010-01-01

... 7 Agriculture 7 2010-01-01 2010-01-01 false Interest rates, terms, security requirements, and... Interest rates, terms, security requirements, and repayment. (a) Interest rate. The interest rate will be fixed for the term of the loan. The rate will be established by FSA, based upon the cost of Government...

Windows Security patch required

CERN Multimedia

3004-01-01

This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables,... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

78 FR 77606 - Security Requirements for Facilities Storing Spent Nuclear Fuel

Science.gov (United States)

2013-12-24

... NUCLEAR REGULATORY COMMISSION 10 CFR Parts 72 and 73 [NRC-2009-0558] RIN 3150-AI78 Security... rulemaking that would revise the security requirements for storing spent nuclear fuel (SNF) in an independent... Nuclear Security and Incident Response, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001...

C2 Link Security for UAS: Technical Literature Study and Preliminary Functional Requirements. Version 0.9 (Working Draft)

Science.gov (United States)

2005-01-01

This document provides a study of the technical literature related to Command and Control (C2) link security for Unmanned Aircraft Systems (UAS) for operation in the National Airspace System (NAS). Included is a preliminary set of functional requirements for C2 link security.

48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

Science.gov (United States)

2010-10-01

... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Security requirements for unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information technology...

12 CFR 208.35 - Qualification requirements for transactions in certain securities. [Reserved

Science.gov (United States)

2010-01-01

... requirements for transactions in certain securities. [Reserved] ... 12 Banks and Banking 2 2010-01-01 2010-01-01 false Qualification requirements for transactions in certain securities. [Reserved] 208.35 Section 208.35 Banks and Banking FEDERAL RESERVE SYSTEM BOARD OF...

Infant emotion regulation: relations to bedtime emotional availability, attachment security, and temperament.

Science.gov (United States)

Kim, Bo-Ram; Stifter, Cynthia A; Philbrook, Lauren E; Teti, Douglas M

2014-11-01

The present study examines the influences of mothers' emotional availability toward their infants during bedtime, infant attachment security, and interactions between bedtime parenting and attachment with infant temperamental negative affectivity, on infants' emotion regulation strategy use at 12 and 18 months. Infants' emotion regulation strategies were assessed during a frustration task that required infants to regulate their emotions in the absence of parental support. Whereas emotional availability was not directly related to infants' emotion regulation strategies, infant attachment security had direct relations with infants' orienting toward the environment and tension reduction behaviors. Both maternal emotional availability and security of the mother-infant attachment relationship interacted with infant temperamental negative affectivity to predict two strategies that were less adaptive in regulating frustration. Copyright © 2014 Elsevier Inc. All rights reserved.

How to Compare the Security Quality Requirements Engineering (SQUARE) Method with Other Methods

National Research Council Canada - National Science Library

Mead, Nancy R

2007-01-01

The Security Quality Requirements Engineering (SQUARE) method, developed at the Carnegie Mellon Software Engineering Institute, provides a systematic way to identify security requirements in a software development project...

21 CFR 1301.71 - Security requirements generally.

Science.gov (United States)

2010-04-01

... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Security requirements generally. 1301.71 Section 1301.71 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF..., cooperative buying, etc.); (2) The type and form of controlled substances handled (e.g., bulk liquids or...

Security Vulnerability Profiles of NASA Mission Software: Empirical Analysis of Security Related Bug Reports

Science.gov (United States)

Goseva-Popstojanova, Katerina; Tyo, Jacob P.; Sizemore, Brian

2017-01-01

NASA develops, runs, and maintains software systems for which security is of vital importance. Therefore, it is becoming an imperative to develop secure systems and extend the current software assurance capabilities to cover information assurance and cybersecurity concerns of NASA missions. The results presented in this report are based on the information provided in the issue tracking systems of one ground mission and one flight mission. The extracted data were used to create three datasets: Ground mission IVV issues, Flight mission IVV issues, and Flight mission Developers issues. In each dataset, we identified the software bugs that are security related and classified them in specific security classes. This information was then used to create the security vulnerability profiles (i.e., to determine how, why, where, and when the security vulnerabilities were introduced) and explore the existence of common trends. The main findings of our work include:- Code related security issues dominated both the Ground and Flight mission IVV security issues, with 95 and 92, respectively. Therefore, enforcing secure coding practices and verification and validation focused on coding errors would be cost effective ways to improve mission's security. (Flight mission Developers issues dataset did not contain data in the Issue Category.)- In both the Ground and Flight mission IVV issues datasets, the majority of security issues (i.e., 91 and 85, respectively) were introduced in the Implementation phase. In most cases, the phase in which the issues were found was the same as the phase in which they were introduced. The most security related issues of the Flight mission Developers issues dataset were found during Code Implementation, Build Integration, and Build Verification; the data on the phase in which these issues were introduced were not available for this dataset.- The location of security related issues, as the location of software issues in general, followed the Pareto

76 FR 15874 - Beneficial Ownership Reporting Requirements and Security-Based Swaps

Science.gov (United States)

2011-03-22

... conversion of any derivative security, whether or not presently exercisable.'' \\40\\ ``Derivative securities... ``any equity security or derivative security relating to an issuer, whether or not issued by that issuer... securities, except that the acquisition or disposition of any derivative security must be separately reported...

Security research roadmap; Security-tutkimuksen roadmap

Energy Technology Data Exchange (ETDEWEB)

Naumanen, M.; Rouhiainen, V. (eds.)

2006-02-15

Requirements for increasing security have arisen in Europe after highly visible and tragic events in Madrid and in London. While responsibility for security rests largely with the national activities, the EU has also started planning a research area .Space and security. as a part of the 7th Framework Programme. As the justification for this research area it has been presented that technology alone can not assure security, but security can not be assured without the support of technology. Furthermore, the justification highlights that security and military research are becoming ever closer. The old separation between civil and military research is decreasing, because it has been noticed that both areas are nowadays utilising the same knowledge. In Finland, there is already now noteworthy entrepreneurship related to security. Although some of the companies are currently only operating in Finland, others are already international leaders in their area. The importance of the security area is increasing and remarkable potential for new growth business areas can already be identified. This however also requires an increase in research efforts. VTT has a broad range of security research ongoing in many technology areas. The main areas have been concentrating on public safety and security, but VTT is participating also in several research projects related to the defence technology. For identifying and defining in more detail the expertise and research goals, the Security research roadmap was developed. The roadmap identified three particularly significant areas related to security. The assurance of critical infrastructure emphasises the protection of energy networks, information networks, water supply, traffic and transport, and obviously also the citizens. For assuring the activities of entrepreneurship, significant areas include the security of production and services, the security of sites and assets, and information security for embedded systems. The most important

What Isn't Working and New Requirements. The Need to Harmonize Safety and Security Requirements

International Nuclear Information System (INIS)

Flory, D.

2011-01-01

The year 2011 marks the 50th anniversary of the first IAEA regulations governing the transport of radioactive material. However transport safety at the IAEA obviously predates this, since the regulations took time to develop. In 1957, GC. 1/1 already states: 'The Agency should undertake studies with a view to the establishment of regulations relating to the international transportation of radioactive materials. ...'. And goes further: 'The transport of radioisotopes and radiation sources has brought to light many problems and involves the need for uniform packaging and shipping regulations ... facilitate the acceptance of such materials by sea and air carriers'. This conference reiterates the challenge given then through the sub-title 'The next fifty years - Creating a Safe, Secure and Sustainable Framework'. Looking back, we can see that the sustainable framework was a goal in 1957, where radioactive material could be transported should it be desired. Since these early days we have added to safety the need to ensure security. However we still see the same calls today to eradicate denial of shipment, which might suggest we have not progressed. But the picture today is very different - we have today well established requirements for safe transport of radioactive material, and the recommendations for security in transport are coming of age for all radioactive materials. The outstanding issue would seem to be harmonisation, not just between safety and security in IAEA documents, but also harmonisation between Member States.

Liberty, Security and Power: Some Reflections on Transatlantic Relations

Directory of Open Access Journals (Sweden)

Angela Liberatore

2009-08-01

Full Text Available The leitmotiv of the tensions between security and liberty is recurrent in democratic debate – especially in connection with wars, but also in relation to other cases where internal or external threats are seen as requiring the sacrifice of liberty to guarantee survival. Such tension can hardly arise in non-democracies, where liberties are seen as a threat themselves by those in power, while a democracy cannot survive as such without safeguarding liberty – including to criticise and ‘send back home’ those in power. Following the terrorist attacks of 11 September 2001 the issue became especially acute, and heavily reflected on policies in the European Union (EU as well as in the relation between the EU and the USA. The changes taking place in the USA with the election of President Obama and those, admittedly less visible, taking place in the EU – including the election of the new European Parliament and the fate of the Lisbon Treaty – provide an interesting occasion for some reflection on the kind of continuity or change that may be expected in EU-US relations in handling the relations between security and liberty.

Teaching Case: IS Security Requirements Identification from Conceptual Models in Systems Analysis and Design: The Fun & Fitness, Inc. Case

Science.gov (United States)

Spears, Janine L.; Parrish, James L., Jr.

2013-01-01

This teaching case introduces students to a relatively simple approach to identifying and documenting security requirements within conceptual models that are commonly taught in systems analysis and design courses. An introduction to information security is provided, followed by a classroom example of a fictitious company, "Fun &…

DOE Integrated Safeguards and Security (DISS) historical document archival and retrieval analysis, requirements and recommendations

Energy Technology Data Exchange (ETDEWEB)

Guyer, H.B.; McChesney, C.A.

1994-10-07

The overall primary Objective of HDAR is to create a repository of historical personnel security documents and provide the functionality needed for archival and retrieval use by other software modules and application users of the DISS/ET system. The software product to be produced from this specification is the Historical Document Archival and Retrieval Subsystem The product will provide the functionality to capture, retrieve and manage documents currently contained in the personnel security folders in DOE Operations Offices vaults at various locations across the United States. The long-term plan for DISS/ET includes the requirement to allow for capture and storage of arbitrary, currently undefined, clearance-related documents that fall outside the scope of the ``cradle-to-grave`` electronic processing provided by DISS/ET. However, this requirement is not within the scope of the requirements specified in this document.

Privacy and data security in E-health: requirements from the user's perspective.

Science.gov (United States)

Wilkowska, Wiktoria; Ziefle, Martina

2012-09-01

In this study two currently relevant aspects of using medical assistive technologies were addressed-security and privacy. In a two-step empirical approach that used focus groups (n = 19) and a survey (n = 104), users' requirements for the use of medical technologies were collected and evaluated. Specifically, we focused on the perceived importance of data security and privacy issues. Outcomes showed that both security and privacy aspects play an important role in the successful adoption of medical assistive technologies in the home environment. In particular, analysis of data with respect to gender, health-status and age (young, middle-aged and old users) revealed that females and healthy adults require, and insist on, the highest security and privacy standards compared with males and the ailing elderly.

International Security in the World Economic Relations

Directory of Open Access Journals (Sweden)

Otenko Iryna P

2016-05-01

Full Text Available The article discusses the urgent topic of the evolution of international relations, the issue of establishing international security, and the development of international economic cooperation based on the principles of security. In order to analyze the current status of international security in the world and to identify key factors that hinder the way of establishing a positive global community, researches by the international analytical centers together with the institutes for international security and cooperation have been generalized. To this end, both the status of and changes in the Global Peace Index in the recent years has been disclosed, the position of Ukraine in the world according to this index has been examined. It has been proven that the main international security problems are related to the armed conflicts, civil wars, political violence, terrorism impacting the development of humanity as a whole, the status of international relations, the evolution of the world economy as well as national economies. Further researches should be focused on how the status of peace in the countries impacts their economic status and the status of international cooperation in other areas of economic cooperation, excluding the military. It should be answered particularly, how the above indicated status affects strengthening the Ukraine's position in the world.

13 CFR 102.22 - Requirements relating to systems of records.

Science.gov (United States)

2010-01-01

... to insure the security and confidentiality of records and to protect against any anticipated threats... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Requirements relating to systems of records. 102.22 Section 102.22 Business Credit and Assistance SMALL BUSINESS ADMINISTRATION RECORD...

45 CFR 164.514 - Other requirements relating to uses and disclosures of protected health information.

Science.gov (United States)

2010-10-01

... HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of... mail addresses; (G) Social security numbers; (H) Medical record numbers; (I) Health plan beneficiary... Locators (URLs); (O) Internet Protocol (IP) address numbers; (P) Biometric identifiers, including finger...

How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns

NARCIS (Netherlands)

Compagna, L.; El Khoury, P.; Krausová, A.; Massacci, F.; Zannone, N.

2009-01-01

Laws set requirements that force organizations to assess the security and privacy of their IT systems and impose them to implement minimal precautionary security measures. Several IT solutions (e.g., Privacy Enhancing Technologies, Access Control Infrastructure, etc.) have been proposed to address

Civil-military relations : enhancing international security

OpenAIRE

Fekete, Florian

2003-01-01

Approved for public release; distribution is unlimited The thesis describes how civil-military relations at the international level enhance international security, in particular, the way of development of international society in trying to orient its progress towards international peace, security and sustainable development. It focuses upon civil-military relationships in the League of Nations and the United Nations, the North Atlantic Treaty Organization, The International Committee of Re...

Mining known attack patterns from security-related events

Directory of Open Access Journals (Sweden)

Nicandro Scarabeo

2015-10-01

Full Text Available Managed Security Services (MSS have become an essential asset for companies to have in order to protect their infrastructure from hacking attempts such as unauthorized behaviour, denial of service (DoS, malware propagation, and anomalies. A proliferation of attacks has determined the need for installing more network probes and collecting more security-related events in order to assure the best coverage, necessary for generating incident responses. The increase in volume of data to analyse has created a demand for specific tools that automatically correlate events and gather them in pre-defined scenarios of attacks. Motivated by Above Security, a specialized company in the sector, and by National Research Council Canada (NRC, we propose a new data mining system that employs text mining techniques to dynamically relate security-related events in order to reduce analysis time, increase the quality of the reports, and automatically build correlated scenarios.

75 FR 28046 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-002...

Science.gov (United States)

2010-05-19

... security, law enforcement, immigration, intelligence, or other functions consistent with the routine uses... transportation operators, flight students, and others, where appropriate, for services related to security threat.... Enforce safety- and security-related regulations and requirements; 3. Assess and distribute intelligence...

New safety and security requirements for the transport of nuclear and other radioactive materials in Hungary

International Nuclear Information System (INIS)

Katona, T.; Horvath, K.; Safar, J.

2016-01-01

In addition to the promulgation of mode-specific regulations of international transport of dangerous goods, some Hungarian governmental and ministerial decrees impose further conditions upon the transport of nuclear and other radioactive materials. One of these ministerial decrees on the transport, carriage and packaging of radioactive materials is under revision and it will require • approval of emergency response plan (including security and safety contingency plan); • report on transport incidents and accidents for classifying them in accordance with the INES scale; • the competent authority to request experts’ support for the approval of package designs, radioactive material designs and shipments. Regarding the security of the transport of nuclear and other radioactive materials a new Hungarian governmental decree and a related guidance are about to be published which will supply additional requirements in the field of the transport security especially concerning radioactive materials, implementing - among others - IAEA recommendations of the NSS No9 and No14. The main and relevant features of the Hungarian nuclear regulatory system and the details of both new decrees regarding the safety and security issues of transport of nuclear and other radioactive materials will be discussed. (author)

Critical water requirements for food, methodology and policy consequences for food security

NARCIS (Netherlands)

Gerbens-Leenes, P.W.; Nonhebel, S.

2004-01-01

Food security and increasing water scarcity have a dominant place on the food policy agenda. Food security requires sufficient water of adequate quality because water is a prerequisite for plant growth. Nowadays, agriculture accounts for 70% of the worldwide human fresh water use. The expected

75 FR 65881 - Ownership Limitations and Governance Requirements for Security-Based Swap Clearing Agencies...

Science.gov (United States)

2010-10-26

... it determines they are necessary or appropriate to improve the governance of, or to mitigate systemic... Part IV Securities and Exchange Commission 17 CFR Part 242 Ownership Limitations and Governance... Ownership Limitations and Governance Requirements for Security- Based Swap Clearing Agencies, Security-Based...

13 CFR 107.1505 - Liquidity requirements for Licensees issuing Participating Securities.

Science.gov (United States)

2010-01-01

... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Liquidity requirements for... (Leverage) Participating Securities Leverage § 107.1505 Liquidity requirements for Licensees issuing... liquidity to avoid a condition of Liquidity Impairment. Such a condition will constitute noncompliance with...

The Concept of Security in International Relations Theory

Directory of Open Access Journals (Sweden)

Gabriel Orozco

2006-01-01

Full Text Available The end of the Cold War and the emergence of globalisation have transformed the reality of International Relations, which has meant a change in the theories which this reality had assumed. The concept of security reveals itself as an organisational idea on the different phenomena of globalisation, carrying out a programme of research that goes beyond the realistic presumptions of military power or of the idealistic principles of research for peace. This article explores the new meanings of security for International Relations theory and discusses the theoretical models that influence policy design and that aim to confront the problems and challenges of security in globalisation.

General Approaches and Requirements on Safety and Security of Radioactive Materials Transport in Russian Federation

International Nuclear Information System (INIS)

Ershov, V.N.; Buchel'nikov, A.E.; Komarov, S.V.

2016-01-01

Development and implementation of safety and security requirements for transport of radioactive materials in the Russian Federation are addressed. At the outset it is worth noting that the transport safety requirements implemented are in full accordance with the IAEA's ''Regulations for the Safe Transport of Radioactive Material (2009 Edition)''. However, with respect to security requirements for radioactive material transport in some cases the Russian Federation requirements for nuclear material are more stringent compared to IAEA recommendations. The fundamental principles of safety and security of RM managements, recommended by IAEA documents (publications No. SF-1 and GOV/41/2001) are compared. Its correlation and differences concerning transport matters, the current level and the possibility of harmonization are analysed. In addition a reflection of the general approaches and concrete transport requirements is being evaluated. Problems of compliance assessment, including administrative and state control problems for safety and security provided at internal and international shipments are considered and compared. (author)

Information Security Maturity Model

OpenAIRE

Information Security Maturity Model

2011-01-01

To ensure security, it is important to build-in security in both the planning and the design phases andadapt a security architecture which makes sure that regular and security related tasks, are deployedcorrectly. Security requirements must be linked to the business goals. We identified four domains thataffect security at an organization namely, organization governance, organizational culture, thearchitecture of the systems, and service management. In order to identify and explore the strengt...

SOME LEGAL ASPECTS OF ENERGY SECURITY IN THE RELATIONS BETWEEN EU AND RUSSIA

Directory of Open Access Journals (Sweden)

Ovidiu-Horia Maican

2009-12-01

Full Text Available The need for a sustainable, secure and competitive energy supply has long been recognized within the Community, and has been addressed on numerous occasions, notably in the Green Papers elaborated by the Commission in 2000 and 2006. Recent supply crises and rapidly escalating fuel prices have focused the minds of leaders across the European Union, as well as those of businesses and individual energy consumers. Energy policy transcends a range of different policy areas, including competition, transport, environment and energy itself. Decisions relating to energy policy in Europe are primarily within the remit of individual Member State governments, with the European Commission’s powers limited to two specific areas (creation of the European single market and matters relating to nuclear safety and security under the EURATOM Treaty. The extent of the transfer of powers towards Europe is clearly a critical decision point and in practice a sensitive balance is likely to be required between those matters for which the Commission should have responsibility and those where Member State governments retain sole authority. European officials are putting into evidence their belief that Europe’s energy predicament is acute and mention energy security as a priority issue for the Common Foreign and Security Policy. Policy commitments say that energy strategy must move beyond the internal sphere and become systematically a part of EU external relations. The Commission’s 2006 Energy Green Paper promised “a better integration of energy objectives into broader relations with third countries”.

5 CFR 9701.508 - Homeland Security Labor Relations Board.

Science.gov (United States)

2010-01-01

... MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations § 9701.508 Homeland Security Labor... impression or a major policy. (2) In cases where the full HSLRB acts, a vote of the majority of the HSLRB (or...

The government as a client for security support services. A commercial security contractor's perspective

International Nuclear Information System (INIS)

Leith, H.M.

1984-01-01

This paper presents a look at the challenges confronting security management personnel contracting with the U.S. government to provide security and related support services. From the corporate decision to enter the ''Big Leagues'' via proposal submission, through commitments and required expertise necessary to achieve ''outstanding'' ratings, this paper is an overview of a broad spectrum of security related topics including: the proposal process, the first step; oral review boards and ''Catch-22'' dilemmas; contractual requirements vs. court orders; personnel, the human factor; the carousel approach to fiscal accountability; and avoiding communication barriers

Addressing security issues related to virtual institute distributed activities

Science.gov (United States)

Stytz, Martin R.; Banks, Sheila B.

2008-03-01

One issue confounding the development and experimentation of distributed modeling and simulation environments is the inability of the project team to identify and collaborate with resources, both human and technical, from outside the United States. This limitation is especially significant within the human behavior representation area where areas such as cultural effects research and joint command team behavior modeling require the participation of various cultural and national representatives. To address this limitation, as well as other human behavior representation research issues, NATO Research and Technology Organization initiated a project to develop a NATO virtual institute that enables more effective and more collaborative research into human behavior representation. However, in building and operating a virtual institute one of the chief concerns must be the cyber security of the institute. Because the institute "exists" in cyberspace, all of its activities are susceptible to cyberattacks, subterfuge, denial of service and all of the vulnerabilities that networked computers must face. In our opinion, for the concept of virtual institutes to be successful and useful, their operations and services must be protected from the threats in the cyber environment. A key to developing the required protection is the development and promulgation of standards for cyber security. In this paper, we discuss the types of cyber standards that are required, how new internet technologies can be exploited and can benefit the promulgation, development, maintenance, and robustness of the standards. This paper is organized as follows. Section One introduces the concept of the virtual institutes, the expected benefits, and the motivation for our research and for research in this area. Section Two presents background material and a discussion of topics related to VIs, uman behavior and cultural modeling, and network-centric warfare. Section Three contains a discussion of the

Inter-organizational future proof EHR systems. A review of the security and privacy related issues.

Science.gov (United States)

van der Linden, Helma; Kalra, Dipak; Hasman, Arie; Talmon, Jan

2009-03-01

Identification and analysis of privacy and security related issues that occur when health information is exchanged between health care organizations. Based on a generic scenario questions were formulated to reveal the occurring issues. Possible answers were verified in literature. Ensuring secure health information exchange across organizations requires a standardization of security measures that goes beyond organizational boundaries, such as global definitions of professional roles, global standards for patient consent and semantic interoperable audit logs. As to be able to fully address the privacy and security issues in interoperable EHRs and the long-life virtual EHR it is necessary to realize a paradigm shift from storing all incoming information in a local system to retrieving information from external systems whenever that information is deemed necessary for the care of the patient.

METHOD FOR SECURITY SPECIFICATION SOFTWARE REQUIREMENTS AS A MEANS FOR IMPLEMENTING A SOFTWARE DEVELOPMENT PROCESS SECURE - MERSEC

Directory of Open Access Journals (Sweden)

Castro Mecías, L.T.

2015-06-01

Full Text Available Often security incidents that have the object or use the software as a means of causing serious damage and legal, economic consequences, etc. Results of a survey by Kaspersky Lab reflectvulnerabilities in software are the main cause of security incidents in enterprises, the report shows that 85% of them have reported security incidents and vulnerabilities in software are the main reason is further estimated that incidents can cause significant losses estimated from 50,000 to $ 649.000. (1 In this regard academic and industry research focuses on proposals based on reducing vulnerabilities and failures of technology, with a positive influence on how the software is developed. A development process for improved safety practices and should include activities from the initial phases of the software; so that security needs are identified, manage risk and appropriate measures are implemented. This article discusses a method of analysis, acquisition and requirements specification of the software safety analysis on the basis of various proposals and deficiencies identified from participant observation in software development teams. Experiments performed using the proposed yields positive results regarding the reduction of security vulnerabilities and compliance with the safety objectives of the software.

Secure Transportation Management

International Nuclear Information System (INIS)

Gibbs, P. W.

2014-01-01

Secure Transport Management Course (STMC) course provides managers with information related to procedures and equipment used to successfully transport special nuclear material. This workshop outlines these procedures and reinforces the information presented with the aid of numerous practical examples. The course focuses on understanding the regulatory framework for secure transportation of special nuclear materials, identifying the insider and outsider threat(s) to secure transportation, organization of a secure transportation unit, management and supervision of secure transportation units, equipment and facilities required, training and qualification needed.

Model-based security testing

OpenAIRE

Schieferdecker, Ina; Großmann, Jürgen; Schneider, Martin

2012-01-01

Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security...

78 FR 78470 - Registration and Financial Security Requirements for Freight Forwarders; International...

Science.gov (United States)

2013-12-26

...). See, e.g., Motor Carrier Financial Information Reporting Requirements-Request for Public Comments, 68...] Registration and Financial Security Requirements for Freight Forwarders; International Association of Movers... FURTHER INFORMATION CONTACT: Mr. Thomas Yager, Chief of Driver and Carrier Operations, (202) 366-4001 or...

The National Security Education Program and Its Service Requirement: An Exploratory Study of What Areas of Government and for What Duration National Security Education Program Recipients Have Worked

Science.gov (United States)

Comp, David J.

2013-01-01

The National Security Education Program, established under the National Security Education Act of 1991, has had a post-funding service requirement in the Federal Government for undergraduate scholarship and graduate fellowship recipients since its inception. The service requirement, along with the concern that the National Security Education…

Requirements for Secure Logging of Decentralized Cross-Organizational Workflow Executions

NARCIS (Netherlands)

Wombacher, Andreas; Wieringa, Roelf J.; Jonker, Willem; Knezevic, P.; Pokraev, S.; meersman, R; Tari, Z; herrero, p; Méndez, G.; Cavedon, L.; Martin, D.; Hinze, A.; Buchanan, G.

2005-01-01

The control of actions performed by parties involved in a decentralized cross-organizational workflow is done by several independent workflow engines. Due to the lack of a centralized coordination control, an auditing is required which supports a reliable and secure detection of malicious actions

Computer security engineering management

International Nuclear Information System (INIS)

McDonald, G.W.

1988-01-01

For best results, computer security should be engineered into a system during its development rather than being appended later on. This paper addresses the implementation of computer security in eight stages through the life cycle of the system; starting with the definition of security policies and ending with continuing support for the security aspects of the system throughout its operational life cycle. Security policy is addressed relative to successive decomposition of security objectives (through policy, standard, and control stages) into system security requirements. This is followed by a discussion of computer security organization and responsibilities. Next the paper directs itself to analysis and management of security-related risks, followed by discussion of design and development of the system itself. Discussion of security test and evaluation preparations, and approval to operate (certification and accreditation), is followed by discussion of computer security training for users is followed by coverage of life cycle support for the security of the system

10 CFR 73.58 - Safety/security interface requirements for nuclear power reactors.

Science.gov (United States)

2010-01-01

... requirements for nuclear power reactors. (a) Each operating nuclear power reactor licensee with a license... 10 Energy 2 2010-01-01 2010-01-01 false Safety/security interface requirements for nuclear power reactors. 73.58 Section 73.58 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) PHYSICAL PROTECTION OF...

NERSC Cyber Security Challenges That Require DOE Development andSupport

Energy Technology Data Exchange (ETDEWEB)

Draney, Brent; Campbell, Scott; Walter, Howard

2007-01-16

Traditional security approaches do not adequately addressall the requirements of open, scientific computing facilities. Many ofthe methods used for more restricted environments, including almost allcorporate/commercial systems, do not meet the needs of today's science.Use of only the available "state of the practice" commercial methods willhave adverse impact on the ability of DOE to accomplish its sciencegoals, and impacts the productivity of the DOE Science community. Inparticular, NERSC and other high performance computing (HPC) centers havespecial security challenges that are unlikely to be met unless DOE fundsdevelopment and support of reliable and effective tools designed to meetthe cyber security needs of High Performance Science. The securitychallenges facing NERSC can be collected into three basic problem sets:network performance and dynamics, application complexity and diversity,and a complex user community that can have transient affiliations withactual institutions. To address these problems, NERSC proposes thefollowing four general solutions: auditing user and system activityacross sites; firewall port configuration in real time;cross-site/virtual organization identity management and access control;and detecting security issues in application middleware. Solutions arealsoproposed for three general long term issues: data volume,application complexity, and information integration.

Analysis of impact of noncompliance with physical-security requirements at nuclear facilities

International Nuclear Information System (INIS)

Green, J.N.

1982-03-01

Inspectors are required to analyze the impact of instances of noncompliance with physical security requirements at licensed nuclear facilities. A scoring procedure for components and a method for evaluating the effectiveness of the subsystems involved are proposed to reinforce an inspector's judgment about the remaining level of safeguards

Proposing a Holistic Model for Formulating the Security Requirements of e-learning based on Stakeholders’ Point of Veiw

Directory of Open Access Journals (Sweden)

Abouzar Arabsorkhi Mishabi

2016-03-01

Full Text Available Development of e-learning applications and services in the context of information and communication networks –beside qualitative and quantitative improvement in the scope and range of services they provide – has increased veriety of threats which are emerged from these networks and telecommunications infrastructure. This kind of issue have mad the effective and accurate analysing of security issues nessesary to managers and decision makers. Accordingly, in this study, using findings of other studies in the field of e-learning security, using methasyntesis, attempted to define a holistic model for classification and organization of security requirements. A structure that defines the origin of security requirements of e-learning and rolplays as a reference for formulating security requirements for this area.

Draft secure medical database standard.

Science.gov (United States)

Pangalos, George

2002-01-01

Medical database security is a particularly important issue for all Healthcare establishments. Medical information systems are intended to support a wide range of pertinent health issues today, for example: assure the quality of care, support effective management of the health services institutions, monitor and contain the cost of care, implement technology into care without violating social values, ensure the equity and availability of care, preserve humanity despite the proliferation of technology etc.. In this context, medical database security aims primarily to support: high availability, accuracy and consistency of the stored data, the medical professional secrecy and confidentiality, and the protection of the privacy of the patient. These properties, though of technical nature, basically require that the system is actually helpful for medical care and not harmful to patients. These later properties require in turn not only that fundamental ethical principles are not violated by employing database systems, but instead, are effectively enforced by technical means. This document reviews the existing and emerging work on the security of medical database systems. It presents in detail the related problems and requirements related to medical database security. It addresses the problems of medical database security policies, secure design methodologies and implementation techniques. It also describes the current legal framework and regulatory requirements for medical database security. The issue of medical database security guidelines is also examined in detailed. The current national and international efforts in the area are studied. It also gives an overview of the research work in the area. The document also presents in detail the most complete to our knowledge set of security guidelines for the development and operation of medical database systems.

Model-Based Security Testing

Directory of Open Access Journals (Sweden)

Ina Schieferdecker

2012-02-01

Full Text Available Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.

7 CFR 764.355 - Security requirements.

Science.gov (United States)

2010-01-01

... through the use of marketing contracts, hedging, options, or other revenue protection mechanisms, and includes a marketing plan or similar risk management practice; (3) The applicant has had positive net cash... applicant has pledged as security for the loan all available personal and business security, except as...

European Security through EU-Russian Relations: Towards a New Multilateral Order?

Directory of Open Access Journals (Sweden)

Sandra Fernandes

2011-05-01

Full Text Available Since the end of the Cold War, the EU and Russia have managed to create an original framework for institutionalised cooperation despite asymmetric characteristics. Yet, the way these two main security actors interact has an impact on the (non-resolution of security issues in Europe, ranging from ‘‘frozen conflicts’’ to the discussion of the security architecture. Since the second mandate of President Putin, the relation has been characterised by two paradoxical features. On the one hand, the methodology and the domains of cooperation have reached a high degree of achievement. On the other hand, the political quality of the relationship has deteriorated and it is not able to achieve the desired ‘‘strategic partnership’’ that should be based on a common set of values and principles. This article aims to define multilateralism as a paradigm applicable to EU-Russian relations. It examines their relationship in the security and defence realm and the Union’s reactions to a new security approach by Russia since the 2008 Medvedev proposal. The article questions how the EU-Russian political dialogue impacts on multilateralism in the security field. The conclusion considers EU-Russian relations as a peculiar multilateral playground addressing common security challenges, which still needs to be developed further in order to be instrumental in the search for collective and legitimate solutions.

Bourdieu, International Relations and European Security

DEFF Research Database (Denmark)

Berling, Trine Villumsen

2012-01-01

Despite promising attempts to apply the sociology of Pierre Bourdieu to International Relations (IR), the field could still profit from unexplored potential in his thinking for understanding pivotal theoretical and empirical puzzles. This article takes the failure to fully grasp the paradigmatic...... case of European security after the Cold War as an example of how IR would benefit from reformulating not only its empirical research questions but also several of its central conceptual building blocks with the aid of Bourdieusian sociology. The separation between theory and practice...... and the overemphasis on military power and state actors blind IR from seeing the power struggles that reshaped European security. Instead, a Bourdieusian reformulation adds new types of agency, focuses on the social production of forms of power, and stresses the processual rather than the substantive character...

The secure base script: associated with early maladaptive schemas related to attachment.

Science.gov (United States)

McLean, Heather R; Bailey, Heidi N; Lumley, Margaret N

2014-12-01

To examine the relations between traditionally assessed early maladaptive schemas and the attachment-specific secure base script (a script-like representation of what individuals expect to happen when they face distress), to inform our understanding of beliefs about the self in relation to others. The present study took an ecologically driven approach, assessing knowledge of the secure base script from descriptions of current relationships. A cross-sectional design was used. One hundred forty-six undergraduate students, recruited as part of a larger study on adversity and self-concept, provided narrative descriptions of their current relationships. Narratives were coded for attachment-related 'secure base' content using a secure base script scale for relationship narratives. Early maladaptive schemas were assessed with the Young Schema Questionnaire, and attachment was additionally evaluated using the Experiences in Close Relationships questionnaire. Self-reported attachment avoidance and anxiety were related to secure base script content in theory-consistent ways. The extent to which participants described secure base script content was inversely associated with four out of five maladaptive schemas characterized most centrally by disconnection from others. Furthermore, these associations remained significant when controlling for self-reported attachment style. Self-reported attachment avoidance and anxiety also were related to maladaptive schemas in a predictable pattern. Results bridge cognitive and attachment theories, supporting the interrelatedness of secure base script knowledge assessed in current relationships, and schema-related content regarding connectedness with others. Better integration of theories regarding internal representations may serve to enrich psychotherapeutic formulation from a variety of clinical perspectives. Schema Therapy's (Young, Klosko, & Weishaar, 2003 , Schema therapy: A practitioner's guide. New York: Guilford Press) early

RiskREP: Risk-Based Security Requirements Elicitation and Prioritization

OpenAIRE

Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

2011-01-01

Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. In this paper, we present a Risk-Based Requirements Prioritization method (RiskREP) that extends misuse case-based methods with IT architecture based risk assessment and countermeasure definition and prioritization. Countermeasure prioritizati...

Theft of Virtual Property — Towards Security Requirements for Virtual Worlds

Science.gov (United States)

Beyer, Anja

The article is focused to introduce the topic of information technology security for Virtual Worlds to a security experts’ audience. Virtual Worlds are Web 2.0 applications where the users cruise through the world with their individually shaped avatars to find either amusement, challenges or the next best business deal. People do invest a lot of time but beyond they invest in buying virtual assets like fantasy witcheries, wepaons, armour, houses, clothes,...etc with the power of real world money. Although it is called “virtual” (which is often put on the same level as “not existent”) there is a real value behind it. In November 2007 dutch police arrested a seventeen years old teenager who was suspicted to have stolen virtual items in a Virtual World called Habbo Hotel [Reuters07]. In order to successfully provide security mechanisms into Virtual Worlds it is necessarry to fully understand the domain for which the security mechansims are defined. As Virtual Worlds must be clasified into the domain of Social Software the article starts with an overview of how to understand Web 2.0 and gives a short introduction to Virtual Worlds. The article then provides a consideration of assets of Virtual Worlds participants, describes how these assets can be threatened and gives an overview of appopriate security requirements and completes with an outlook of possible countermeasures.

17 CFR 240.17a-23 - Recordkeeping and reporting requirements relating to broker-dealer trading systems.

Science.gov (United States)

2010-04-01

... requirements relating to broker-dealer trading systems. 240.17a-23 Section 240.17a-23 Commodity and Securities... relating to broker-dealer trading systems. (a) Scope of section. This section shall apply to any registered broker or dealer that acts as the sponsor of a broker-dealer trading system. (b) Definitions. For...

Security Vulnerability Profiles of Mission Critical Software: Empirical Analysis of Security Related Bug Reports

Science.gov (United States)

Goseva-Popstojanova, Katerina; Tyo, Jacob

2017-01-01

While some prior research work exists on characteristics of software faults (i.e., bugs) and failures, very little work has been published on analysis of software applications vulnerabilities. This paper aims to contribute towards filling that gap by presenting an empirical investigation of application vulnerabilities. The results are based on data extracted from issue tracking systems of two NASA missions. These data were organized in three datasets: Ground mission IVV issues, Flight mission IVV issues, and Flight mission Developers issues. In each dataset, we identified security related software bugs and classified them in specific vulnerability classes. Then, we created the security vulnerability profiles, i.e., determined where and when the security vulnerabilities were introduced and what were the dominating vulnerabilities classes. Our main findings include: (1) In IVV issues datasets the majority of vulnerabilities were code related and were introduced in the Implementation phase. (2) For all datasets, around 90 of the vulnerabilities were located in two to four subsystems. (3) Out of 21 primary classes, five dominated: Exception Management, Memory Access, Other, Risky Values, and Unused Entities. Together, they contributed from 80 to 90 of vulnerabilities in each dataset.

48 CFR 1252.239-70 - Security requirements for unclassified information technology resources.

Science.gov (United States)

2010-10-01

... unclassified information technology resources. 1252.239-70 Section 1252.239-70 Federal Acquisition Regulations... of Provisions and Clauses 1252.239-70 Security requirements for unclassified information technology... Unclassified Information Technology Resources (APR 2005) (a) The Contractor shall be responsible for...

48 CFR 3052.204-70 - Security requirements for unclassified information technology resources.

Science.gov (United States)

2010-10-01

... unclassified information technology resources. 3052.204-70 Section 3052.204-70 Federal Acquisition Regulations... for unclassified information technology resources. As prescribed in (HSAR) 48 CFR 3004.470-3, insert a clause substantially the same as follows: Security Requirements for Unclassified Information Technology...

Knowledge Base for an Intelligent System in order to Identify Security Requirements for Government Agencies Software Projects

Directory of Open Access Journals (Sweden)

Adán Beltrán G.

2016-01-01

Full Text Available It has been evidenced that one of the most common causes in the failure of software security is the lack of identification and specification of requirements for information security, it is an activity with an insufficient importance in the software development or software acquisition We propose the knowledge base of CIBERREQ. CIBERREQ is an intelligent knowledge-based system used for the identification and specification of security requirements in the software development cycle or in the software acquisition. CIBERREQ receives functional software requirements written in natural language and produces non-functional security requirements through a semi-automatic process of risk management. The knowledge base built is formed by an ontology developed collaboratively by experts in information security. In this process has been identified six types of assets: electronic data, physical data, hardware, software, person and service; as well as six types of risk: competitive disadvantage, loss of credibility, economic risks, strategic risks, operational risks and legal sanctions. In addition there are defined 95 vulnerabilities, 24 threats, 230 controls, and 515 associations between concepts. Additionally, automatic expansion was used with Wikipedia for the asset types Software and Hardware, obtaining 7125 and 5894 software and hardware subtypes respectively, achieving thereby an improvement of 10% in the identification of the information assets candidates, one of the most important phases of the proposed system.

New security and privacy laws require basic changes in professional practice

Science.gov (United States)

Sykes, David M.

2005-09-01

Everybody knows about HIPAA-but what about GLBA? FIPA? The Patriot Act? Homeland Security? NCLB? FCRA? CASB1? PIPEDA? All of these are recent laws that impact acoustical design. Throw in the American Hospital Association/ASHE and AIA's about-to-be-released ``Guidelines for the Design of Healthcare Facilities'' as well as the redrafting of DCID 6/9 and it looks like time for careful examination of some professional practices relating to security and privacy. Should INCE members join with and endorse the ASA's recently formed Joint TCAA/TCN Subcommittee which aims to fill a policy vacuum in Washington and Ottawa relating to the fundamental protection of citizens' rights to privacy? This group will formulate consistent guidelines to enable federal and state agencies in the US and Canada to enforce and monitor their laws-will their guidelines affect INCE members? Those who advise or give expert testimony to government agencies, defense/security organizations, courts, and large institutions in financial services, healthcare or education likely find themselves in a rapidly shifting landscape and recognize the need to respond with new research and professional practices.

Modeling the Non-functional Requirements in the Context of Usability, Performance, Safety and Security

OpenAIRE

Sadiq, Mazhar

2007-01-01

Requirement engineering is the most significant part of the software development life cycle. Until now great emphasis has been put on the maturity of the functional requirements. But with the passage of time it reveals that the success of software development does not only pertain to the functional requirements rather non-functional requirements should also be taken into consideration. Among the non-functional requirements usability, performance, safety and security are considered important. ...

Analysis of the security and privacy requirements of cloud-based electronic health records systems.

Science.gov (United States)

Rodrigues, Joel J P C; de la Torre, Isabel; Fernández, Gonzalo; López-Coronado, Miguel

2013-08-21

The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients' medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access

17 CFR 240.3a43-1 - Customer-related government securities activities incidental to the futures-related business of a...

Science.gov (United States)

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Customer-related government securities activities incidental to the futures-related business of a futures commission merchant registered with the Commodity Futures Trading Commission. 240.3a43-1 Section 240.3a43-1 Commodity and Securities...

A Development Framework for Software Security in Nuclear Safety Systems: Integrating Secure Development and System Security Activities

Energy Technology Data Exchange (ETDEWEB)

Park, Jaekwan; Suh, Yongsuk [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

2014-02-15

The protection of nuclear safety software is essential in that a failure can result in significant economic loss and physical damage to the public. However, software security has often been ignored in nuclear safety software development. To enforce security considerations, nuclear regulator commission recently issued and revised the security regulations for nuclear computer-based systems. It is a great challenge for nuclear developers to comply with the security requirements. However, there is still no clear software development process regarding security activities. This paper proposes an integrated development process suitable for the secure development requirements and system security requirements described by various regulatory bodies. It provides a three-stage framework with eight security activities as the software development process. Detailed descriptions are useful for software developers and licensees to understand the regulatory requirements and to establish a detailed activity plan for software design and engineering.

Competitive Cyber-Insurance and Internet Security

Science.gov (United States)

Shetty, Nikhil; Schwartz, Galina; Felegyhazi, Mark; Walrand, Jean

This paper investigates how competitive cyber-insurers affect network security and welfare of the networked society. In our model, a user's probability to incur damage (from being attacked) depends on both his security and the network security, with the latter taken by individual users as given. First, we consider cyberinsurers who cannot observe (and thus, affect) individual user security. This asymmetric information causes moral hazard. Then, for most parameters, no equilibrium exists: the insurance market is missing. Even if an equilibrium exists, the insurance contract covers only a minor fraction of the damage; network security worsens relative to the no-insurance equilibrium. Second, we consider insurers with perfect information about their users' security. Here, user security is perfectly enforceable (zero cost); each insurance contract stipulates the required user security. The unique equilibrium contract covers the entire user damage. Still, for most parameters, network security worsens relative to the no-insurance equilibrium. Although cyber-insurance improves user welfare, in general, competitive cyber-insurers fail to improve network security.

77 FR 61771 - Facility Security Officer Training Requirements

Science.gov (United States)

2012-10-11

... following: (1) Draft model FSO training course; (2) Computer-based training and distance learning; (3... DEPARTMENT OF HOMELAND SECURITY Coast Guard [Docket No. USCG-2012-0908] Facility Security Officer... Security Officer training program, with the primary focus on developing the curriculum for such a program...

Design impacts of safeguards and security requirements for a US MOX fuel fabrication facility

International Nuclear Information System (INIS)

Erkkila, B.H.; Rinard, P.M.; Thomas, K.E.; Zack, N.R.; Jaeger, C.D.

1998-01-01

The disposition of plutonium that is no longer required for the nation's defense is being structured to mitigate risks associated with the material's availability. In the 1997 Record of Decision, the US Government endorsed a dual-track approach that could employ domestic commercial reactors to effect the disposition of a portion of the plutonium in the form of mixed oxide (MOX) reactor fuels. To support this decision, the Office of Materials Disposition requested preparation of a document that would review US requirements for safeguards and security and describe their impact on the design of a MOX fuel fabrication facility. The intended users are potential bidders for the construction and operation of the facility. The document emphasizes the relevant DOE Orders but also considers the Nuclear Regulatory Commission (NRC) requirements. Where they are significantly different, the authors have highlighted this difference and provided guidance on the impact to the facility design. Finally, the impacts of International Atomic Energy Agency (IAEA) safeguards on facility design are discussed. Security and materials control and accountability issues that influence facility design are emphasized in each area of discussion. This paper will discuss the prepared report and the issues associated with facility design for implementing practical, modern safeguards and security systems into a new MOX fuel fabrication facility

Page THE ROLE OF SECURITIES AND EXCHANGE COMMISSION

African Journals Online (AJOL)

Fr. Ikenga

Exchange Commission requires that important information concerning the issuer and the securities ... role of the Securities and Exchange Commission in regulating investments and securities ... relatively long periods for use by economic units with deficit funds. ..... (including bank account) of any person whose assets were.

17 CFR 41.21 - Requirements for underlying securities.

Science.gov (United States)

2010-04-01

... underlying security is: (i) Common stock, (ii) Such other equity security as the Commission and the SEC jointly deem appropriate, or (iii) A note, bond, debenture, or evidence of indebtedness; and (3) The... Exchange Act of 1934; (3) The securities in the index are: (i) Common stock, (ii) Such other equity...

Managing domino effect-related security of industrial areas

NARCIS (Netherlands)

Reniers, Genserik L L; Dullaert, W.; Audenaert, Amaryllis; Ale, B. J.M.; Soudan, K.

In chemical enterprises, security managers are interested in easy-to-handle and user-friendly decision-support tools, providing them with straightforward information ready for implementation. Therefore, a theoretical conceptualization on how to manage-in a relatively simple way-the prevention and

Security aspects of database systems implementation

OpenAIRE

Pokorný, Tomáš

2009-01-01

The aim of this thesis is to provide a comprehensive overview of database systems security. Reader is introduced into the basis of information security and its development. Following chapter defines a concept of database system security using ISO/IEC 27000 Standard. The findings from this chapter form a complex list of requirements on database security. One chapter also deals with legal aspects of this domain. Second part of this thesis offers a comparison of four object-relational database s...

Agrofuels Production and its Relation with Food Security and Food Sovereignty

Directory of Open Access Journals (Sweden)

Caroline Vargas Barbosa

2016-10-01

Full Text Available The article discusses agrofuels production as a reason for increasing the dissociation between the human being, the land and the environment, considering the issues involving food security and food sovereignty. By using the deductive method, it aims to demonstrate that the growing distance between men and land is one of the results determined by capitalism, which is based on exploitation and maximized land production in order to obtain profit, interfering thereas in national food security and food sovereignty. Thus, it first deals with the relation between the human being, land, the environment, economy, State and politics, focusing on environmental  human  rights  protagonism  such  as  side  for  recognizing  and  developing /enveloping fundamental rights material. Secondly, it brings agrofuels production scenario and its relation with food security and sovereignty. Finally, it concepts food security and food sovereignty, establishing its differences in order to permit the build up a solid reality that is also able to secure their implement in an economy of family polycultural basis even if there is an opposite side oriented by capitalism and protected by State, specially in which concerns to productions and environmental excessive exploitation. The article concludes that to secure fundamental rights the being needs to recognize oneself as part of the environment in order to develop a significant State behavior which will reflect on economical politics that favors food security and food sovereignty.

Data security in genomics: A review of Australian privacy requirements and their relation to cryptography in data storage.

Science.gov (United States)

Schlosberg, Arran

2016-01-01

The advent of next-generation sequencing (NGS) brings with it a need to manage large volumes of patient data in a manner that is compliant with both privacy laws and long-term archival needs. Outside of the realm of genomics there is a need in the broader medical community to store data, and although radiology aside the volume may be less than that of NGS, the concepts discussed herein are similarly relevant. The relation of so-called "privacy principles" to data protection and cryptographic techniques is explored with regards to the archival and backup storage of health data in Australia, and an example implementation of secure management of genomic archives is proposed with regards to this relation. Readers are presented with sufficient detail to have informed discussions - when implementing laboratory data protocols - with experts in the fields.

Work-related violence against security guards--who is most at risk?

Science.gov (United States)

Leino, Tuula; Selin, Risto; Summala, Heikki; Virtanen, Marianna

2011-01-01

Studies on violence in the work of security guards are largely lacking. This study is unique in that it focuses on security guards (n=1,010) in Finland, and assesses the different forms, prevalence, and risk factors of the work-related violence they often face. Information to a survey instrument was obtained by first interviewing 30 volunteers. Then we made a cross-sectional mailed survey that was sent to a randomized group of 2,000 security guards. The response rate was 52. We found the prevalence of verbal aggression, threats of assault, and physical acts against security guards at least once a month to be 39%, 19%, and 15% respectively. As regards risk factors and who is most at risk, our results show that male gender, young age, low work experience, late working hours, and time pressure were associated with all three forms of work-related violence. Unlike other forms of violence, verbal aggression was highly prevalent outside the metropolitan area and directed towards both more and less experienced security guards. In prevention policies for violence, it is important to identify high-risk groups such as those who have less work experience.

Towards the Development of a Methodology for the Cyber Security Analysis of Safety Related Nuclear Digital I and C Systems

International Nuclear Information System (INIS)

Khand, Parvaiz Ahmed; Seong, Poong Hyun

2007-01-01

In nuclear power plants the redundant safety related systems are designed to take automatic action to prevent and mitigate accident conditions if the operators and the non-safety systems fail to maintain the plant within normal operating conditions. In case of an event, the failure of these systems has catastrophic consequences. The tendency in the industry over the past 10 years has been to use of commercial of the shelf (COTS) technologies in these systems. COTS software was written with attention to function and performance rather than security. COTS hardware usually designed to fail safe, but security vulnerabilities could be exploited by an attacker to disable the fail safe mechanisms. Moreover, the use of open protocols and operating systems in these technologies make the plants to become vulnerable to a host of cyber attacks. An effective security analysis process is required during all life cycle phases of these systems in order to ensure the security from cyber attacks. We are developing a methodology for the cyber security analysis of safety related nuclear digital I and C Systems. This methodology will cover all phases of development, operation and maintenance processes of software life cycle. In this paper, we will present a security analysis process for the concept stage of software development life cycle

5 CFR 1312.3 - Classification requirements.

Science.gov (United States)

2010-01-01

..., DOWNGRADING, DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Classification and Declassification of National Security Information § 1312.3 Classification requirements. United States citizens must...; (5) Scientific, technological, or economic matters relating to the national security; (6) United...

Developing a secured social networking site using information security awareness techniques

Directory of Open Access Journals (Sweden)

Julius O. Okesola

2014-11-01

Full Text Available Background: Ever since social network sites (SNS became a global phenomenon in almost every industry, security has become a major concern to many SNS stakeholders. Several security techniques have been invented towards addressing SNS security, but information security awareness (ISA remains a critical point. Whilst very few users have used social circles and applications because of a lack of users’ awareness, the majority have found it difficult to determine the basis of categorising friends in a meaningful way for privacy and security policies settings. This has confirmed that technical control is just part of the security solutions and not necessarily a total solution. Changing human behaviour on SNSs is essential; hence the need for a privately enhanced ISA SNS. Objective: This article presented sOcialistOnline – a newly developed SNS, duly secured and platform independent with various ISA techniques fully implemented. Method: Following a detailed literature review of the related works, the SNS was developed on the basis of Object Oriented Programming (OOP approach, using PhP as the coding language with the MySQL database engine at the back end. Result: This study addressed the SNS requirements of privacy, security and services, and attributed them as the basis of architectural design for sOcialistOnline. SNS users are more aware of potential risk and the possible consequences of unsecured behaviours. Conclusion: ISA is focussed on the users who are often the greatest security risk on SNSs, regardless of technical securities implemented. Therefore SNSs are required to incorporate effective ISA into their platform and ensure users are motivated to embrace it.

Security, privacy and trust in cloud systems

CERN Document Server

Nepal, Surya

2013-01-01

The book compiles technologies for enhancing and provisioning security, privacy and trust in cloud systems based on Quality of Service requirements. It is a timely contribution to a field that is gaining considerable research interest, momentum, and provides a comprehensive coverage of technologies related to cloud security, privacy and trust. In particular, the book includes - Cloud security fundamentals and related technologies to-date, with a comprehensive coverage of evolution, current landscape, and future roadmap. - A smooth organization with introductory, advanced and specialist content

Meeting the security requirements of electronic medical records in the ERA of high-speed computing.

Science.gov (United States)

Alanazi, H O; Zaidan, A A; Zaidan, B B; Kiah, M L Mat; Al-Bakri, S H

2015-01-01

This study has two objectives. First, it aims to develop a system with a highly secured approach to transmitting electronic medical records (EMRs), and second, it aims to identify entities that transmit private patient information without permission. The NTRU and the Advanced Encryption Standard (AES) cryptosystems are secured encryption methods. The AES is a tested technology that has already been utilized in several systems to secure sensitive data. The United States government has been using AES since June 2003 to protect sensitive and essential information. Meanwhile, NTRU protects sensitive data against attacks through the use of quantum computers, which can break the RSA cryptosystem and elliptic curve cryptography algorithms. A hybrid of AES and NTRU is developed in this work to improve EMR security. The proposed hybrid cryptography technique is implemented to secure the data transmission process of EMRs. The proposed security solution can provide protection for over 40 years and is resistant to quantum computers. Moreover, the technique provides the necessary evidence required by law to identify disclosure or misuse of patient records. The proposed solution can effectively secure EMR transmission and protect patient rights. It also identifies the source responsible for disclosing confidential patient records. The proposed hybrid technique for securing data managed by institutional websites must be improved in the future.

Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

Energy Technology Data Exchange (ETDEWEB)

Hadley, Mark D.; Clements, Samuel L.

2009-01-01

Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets are considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.

Safeguards and security requirements for weapons plutonium disposition in light water reactors

International Nuclear Information System (INIS)

Thomas, L.L.; Strait, R.S.

1994-10-01

This paper explores the issues surrounding the safeguarding of the plutonium disposition process in support of the United States nuclear weapons dismantlement program. It focuses on the disposition of the plutonium by burning mixed oxide fuel in light water reactors (LWR) and addresses physical protection, material control and accountability, personnel security and international safeguards. The S and S system needs to meet the requirements of the DOE Orders, NRC Regulations and international safeguards agreements. Experience has shown that incorporating S and S measures into early facility designs and integrating them into operations provides S and S that is more effective, more economical, and less intrusive. The plutonium disposition safeguards requirements with which the US has the least experience are the implementation of international safeguards on plutonium metal; the large scale commercialization of the mixed oxide fuel fabrication; and the transportation to and loading in the LWRs of fresh mixed oxide fuel. It is in these areas where the effort needs to be concentrated if the US is to develop safeguards and security systems that are effective and efficient

Work-related illness, work-related accidents, and lack of social security in Colombia.

Science.gov (United States)

Buitrago Echeverri, María Teresa; Abadía-Barrero, César Ernesto; Granja Palacios, Consuelo

2017-08-01

The impacts of neoliberal or market-based social security reforms in health have been extensively studied. How such reforms transformed employment-related insurance and entitlements, however, has received significantly less attention. This study aims to understand how the employment insurance system operates in Colombia and to assess how the experience of workers seeking social security entitlements relates to the system's structure. We conducted an ethnographic study of the Colombian Occupational Risk System between May 2014 and March 2016, with two main components: 1) analysis of the system itself through in-depth interviews with 32 people working in leadership positions and a systematic review of the system's most important legislation, and 2) a study of people who experienced problems receiving entitlements and were challenging the assessment of their work-related illness or accident. We conducted in-depth interviews with 22 people, followed up with half of them, and reviewed their case files. We found that difficulties accessing health care services, payments for medical leave, job reassignments, severance packages, and filing for pension benefits were common to all cases and resulted from overwhelming bureaucratic and administrative demands. Regional and national evaluation bodies dictate whether a given illness or accident is work-related, and establish a percentage of Loss of Wage Earning Capacity (LWEC). People's disabled bodies rarely reached the threshold of 50% LWEC to qualify for disability pensions. The lengthy process that workers were forced to endure to obtain work-related entitlements always involved the judiciary. The three competing for-profit financial sectors (health insurance, pension funds, and Occupational Risk Administrators) actively challenged workers' demands in order to increase their profits. We conclude that these for-profit sectors work contrary to the principles that sustain social security. Indeed, they push sick and disabled

Site security personnel training manual

International Nuclear Information System (INIS)

1978-10-01

As required by 10 CFR Part 73, this training manual provides guidance to assist licensees in the development of security personnel training and qualifications programs. The information contained in the manual typifies the level and scope of training for personnel assigned to perform security related tasks and job duties associated with the protection of nuclear fuel cycle facilities and nuclear power reactors

Specifying Information Security Needs for the Delivery of High Quality Security Services

NARCIS (Netherlands)

Su, X.; Bolzoni, D.; van Eck, Pascal

In this paper we present an approach for specifying and prioritizing information security requirements in organizations. We propose to explicitly link security requirements with the organizations' business vision, i.e. to provide business rationale for security requirements. The rationale is then

Computer security at ukrainian nuclear facilities: interface between nuclear safety and security

International Nuclear Information System (INIS)

Chumak, D.; Klevtsov, O.

2015-01-01

Active introduction of information technology, computer instrumentation and control systems (I and C systems) in the nuclear field leads to a greater efficiency and management of technological processes at nuclear facilities. However, this trend brings a number of challenges related to cyber-attacks on the above elements, which violates computer security as well as nuclear safety and security of a nuclear facility. This paper considers regulatory support to computer security at the nuclear facilities in Ukraine. The issue of computer and information security considered in the context of physical protection, because it is an integral component. The paper focuses on the computer security of I and C systems important to nuclear safety. These systems are potentially vulnerable to cyber threats and, in case of cyber-attacks, the potential negative impact on the normal operational processes can lead to a breach of the nuclear facility security. While ensuring nuclear security of I and C systems, it interacts with nuclear safety, therefore, the paper considers an example of an integrated approach to the requirements of nuclear safety and security

Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production

DEFF Research Database (Denmark)

Coles, Graeme D; Wratten, Stephen D; Porter, John Roy

2016-01-01

Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively...... and nutritional security will largely be an outcome of national or regional agroeconomies addressing their own food needs. We hope that our model will be used for similar analyses of food production systems in other countries, agroecological zones and economies....

WIRELESS SENSOR NETWORKS – ARCHITECTURE, SECURITY REQUIREMENTS, SECURITY THREATS AND ITS COUNTERMEASURES

OpenAIRE

Ranjit Panigrahi; Kalpana Sharma; M.K. Ghose

2013-01-01

Wireless Sensor Network (WSN) has a huge range of applications such as battlefield, surveillance, emergency rescue operation and smart home technology etc. Apart from its inherent constraints such as limited memory and energy resources, when deployed in hostile environmental conditions, the sensor nodes are vulnerable to physical capture and other security constraints. These constraints put security as a major challenge for the researchers in the field of computer networking. T...

College law enforcement and security department responses to alcohol-related incidents: a national study.

Science.gov (United States)

Bernat, Debra H; Lenk, Kathleen M; Nelson, Toben F; Winters, Ken C; Toomey, Traci L

2014-08-01

Campus police and security personnel are often the first to respond to alcohol-related incidents on campus. The purpose of this study is to examine how campus law enforcement and security respond to alcohol-related incidents, and how consequences and communication differ based on characteristics of the incident. Directors of campus police/security from 343 colleges across the United States completed a survey regarding usual practice following serious, underage, and less serious alcohol incidents on and off campus. Campus law enforcement and security most commonly reported contacting campus officials. A minority reported issuing citations and referring students to the health center. Enforcement actions were more commonly reported for serious and underage incidents than for less serious incidents. Large (vs. small) colleges, public (vs. private) colleges, and those located in small (vs. large) towns more consistently reported taking actions against drinkers. Understanding how campus police and security respond to alcohol-related incidents is essential for reducing alcohol-related problems on college campuses. Copyright © 2014 by the Research Society on Alcoholism.

29 CFR 2580.412-8 - The nature of the duties or activities to which the bonding requirement relates.

Science.gov (United States)

2010-07-01

... 29 Labor 9 2010-07-01 2010-07-01 false The nature of the duties or activities to which the bonding requirement relates. 2580.412-8 Section 2580.412-8 Labor Regulations Relating to Labor (Continued) EMPLOYEE... INCOME SECURITY ACT OF 1974 TEMPORARY BONDING RULES Scope and Form of the Bond § 2580.412-8 The nature of...

Technologies to counter aviation security threats

Science.gov (United States)

Karoly, Steve

2017-11-01

The Aviation and Transportation Security Act (ATSA) makes TSA responsible for security in all modes of transportation, and requires that TSA assess threats to transportation, enforce security-related regulations and requirements, and ensure the adequacy of security measures at airports and other transportation facilities. Today, TSA faces a significant challenge and must address a wide range of commercial, military grade, and homemade explosives and these can be presented in an infinite number of configurations and from multiple vectors. TSA screens 2 million passengers and crew, and screens almost 5 million carry-on items and 1.2 million checked bags daily. As TSA explores new technologies for improving efficiency and security, those on the forefront of research and development can help identify unique and advanced methods to combat terrorism. Research and Development (R&D) drives the development of future technology investments that can address an evolving adversary and aviation threat. The goal is to rethink the aviation security regime in its entirety, and rather than focusing security at particular points in the enterprise, distribute security from the time a reservation is made to the time a passenger boards the aircraft. The ultimate objective is to reengineer aviation security from top to bottom with a continued focus on increasing security throughout the system.

Development of DSRC device and communication system performance measures recommendations for DSRC OBE performance and security requirements.

Science.gov (United States)

2016-05-22

This report presents recommendations for minimum DSRC device communication performance and security : requirements to ensure effective operation of the DSRC system. The team identified recommended DSRC : communications requirements aligned to use cas...

Goal-Equivalent Secure Business Process Re-engineering

DEFF Research Database (Denmark)

Acosta, Hugo Andrés Lópes; Massacci, Fabio; Zannone, Nicola

2008-01-01

that they are somehow “equivalent”. In this paper we propose a method for passing from SI*, a modeling language for capturing and modeling functional, security, and trust organizational and system requirements, to business process specifications and vice versa. In particular, starting from an old secure business......The introduction of information technologies in health care systems often requires to re-engineer the business processes used to deliver care. Obviously, the new and re-engineered processes are observationally different and thus we cannot use existing model-based techniques to argue...... process, we reconstruct the functional and security requirements at organizational level that such a business process was supposed to meet (including the trust relations that existed among the members of the organization). To ensure that the re-engineered business process meets the elicited requirements...

A deeper look at climate change and national security.

Energy Technology Data Exchange (ETDEWEB)

Baker, Arnold Barry; Backus, George A.; Romig, Alton Dale, Jr.

2010-03-01

Climate change is a long-term process that will trigger a range of multi-dimensional demographic, economic, geopolitical, and national security issues with many unknowns and significant uncertainties. At first glance, climate-change-related national security dimensions seem far removed from today's major national security threats. Yet climate change has already set in motion forces that will require U.S. attention and preparedness. The extent and uncertainty associated with these situations necessitate a move away from conventional security practices, toward a small but flexible portfolio of assets to maintain U.S. interests. Thoughtful action is required now if we are to acquire the capabilities, tools, systems, and institutions needed to meet U.S. national security requirements as they evolve with the emerging stresses and shifts of climate change.

Lemnos Interoperable Security Program

Energy Technology Data Exchange (ETDEWEB)

Stewart, John [Tennessee Valley Authority, Knoxville, TN (United States); Halbgewachs, Ron [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Chavez, Adrian [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Smith, Rhett [Schweitzer Engineering Laboratories, Chattanooga, TN (United States); Teumim, David [Teumim Technical, Allentown, PA (United States)

2012-01-31

The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relating to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or tunnels , to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock

Safety Evaluation Approach with Security Controls for Safety I and C Systems on Nuclear Power Plants

International Nuclear Information System (INIS)

Kim, D. H.; Jeong, S. Y.; Kim, Y. M.; Park, H. S.; Lee, M. S.; Kim, T. H.

2016-01-01

This paper addresses concepts of safety and security and relations between them for assessing effects of security features in safety systems. Also, evaluation approach for avoiding confliction with safety requirements and cyber security features which may be adopted in safety-related digital I and C system will be described. In this paper, safety-security life cycle model based confliction avoidance method was proposed to evaluate the effects when the cyber security control features are implemented in the safety I and C system. Also, safety effect evaluation results using the proposed evaluation method were described. In case of technical security controls, many of them are expected to conflict with safety requirements, otherwise operational and managerial controls are not relatively. Safety measures and cyber security measures for nuclear power plants should be implemented not to conflict with one another. Where safety function and security features are both required within the systems, and also where security features are implemented within safety systems, they should be justified

Safety Evaluation Approach with Security Controls for Safety I and C Systems on Nuclear Power Plants

Energy Technology Data Exchange (ETDEWEB)

Kim, D. H.; Jeong, S. Y.; Kim, Y. M.; Park, H. S. [KINS, Daejeon (Korea, Republic of); Lee, M. S.; Kim, T. H. [Formal Works Inc., Seoul (Korea, Republic of)

2016-05-15

This paper addresses concepts of safety and security and relations between them for assessing effects of security features in safety systems. Also, evaluation approach for avoiding confliction with safety requirements and cyber security features which may be adopted in safety-related digital I and C system will be described. In this paper, safety-security life cycle model based confliction avoidance method was proposed to evaluate the effects when the cyber security control features are implemented in the safety I and C system. Also, safety effect evaluation results using the proposed evaluation method were described. In case of technical security controls, many of them are expected to conflict with safety requirements, otherwise operational and managerial controls are not relatively. Safety measures and cyber security measures for nuclear power plants should be implemented not to conflict with one another. Where safety function and security features are both required within the systems, and also where security features are implemented within safety systems, they should be justified.

A platform for secure, safe, and sustainable logistics

NARCIS (Netherlands)

Hofman, W.J.; Bastiaansen, H.J.M.; Berg, J. van den; Pruksasri, P.

2012-01-01

In the current society, logistics is faced with at least two bigchallenges. The first challenge considers safety and security measurements dealing with terrorism, smuggling, and related security accidents with a high societal impact. The second challenge is to meet sustainability requirements

Technology transfer of dynamic IT outsourcing requires security measures in SLAs

NARCIS (Netherlands)

F. Dickmann (Frank); M. Brodhun (Maximilian); J. Falkner (Jürgen); T.A. Knoch (Tobias); U. Sax (Ulrich)

2010-01-01

textabstractFor the present efforts in dynamic IT outsourcing environments like Grid or Cloud computing security and trust are ongoing issues. SLAs are a proved remedy to build up trust in outsourcing relations. Therefore, it is necessary to determine whether SLAs can improve trust from the

77 FR 63849 - Facility Security Officer Training Requirements; Correction

Science.gov (United States)

2012-10-17

... DEPARTMENT OF HOMELAND SECURITY Coast Guard [Docket No. USCG-2012-0908] Facility Security Officer... comments on the development of a Facility Security Officer training program. The notice contains an inaccurate Internet link to RSVP for the public meeting. DATES: The notice of public meeting; request for...

Using a security requirements engineering methodology in practice: The compliance with the Italian data protection legislation

NARCIS (Netherlands)

Massacci, F.; Prest, M.; Zannone, N.

2005-01-01

Extending Requirements Engineering modelling and formal analysis methodologies to cope with Security Requirements has been a major effort in the past decade. Yet, only few works describe complex case studies that show the ability of the informal and formal approaches to cope with the level

Homeland Security-Related Education and the Private Liberal Arts College

OpenAIRE

Moore, Gregory; Hatzadony, John G.; Cronin, Kelley; Breckenridge, Mary B.

2010-01-01

This article appeared in Homeland Security Affairs (May 2010), v.6 no.2 Small private liberal arts colleges enjoy certain advantages when developing new academic programs, such as in homeland security-related education. These institutions offer students the opportunity to acquire a broad-based education in order to gain a holistic view of the world, a critical need in this age of global challenges. Smaller colleges can also adapt more quickly to changes in the marketplace and are able to d...

Deployment Models: Towards Eliminating Security Concerns From Cloud Computing

OpenAIRE

Zhao, Gansen; Chunming, Rong; Jaatun, Martin Gilje; Sandnes, Frode Eika

2010-01-01

Cloud computing has become a popular choice as an alternative to investing new IT systems. When making decisions on adopting cloud computing related solutions, security has always been a major concern. This article summarizes security concerns in cloud computing and proposes five service deployment models to ease these concerns. The proposed models provide different security related features to address different requirements and scenarios and can serve as reference models for deployment. D...

A platform for secure, safe, and sustainable logistics

NARCIS (Netherlands)

Hofman, W.; Bastiaansen, H.; Van den Berg, J.; Pruksasri, P.

2012-01-01

In the current society, logistics is faced with at least two big challenges. The first challenge considers safety and security measurements dealing with terrorism, smuggling, and related security accidents with a high societal impact. The second challenge is to meet sustainability requirements

Quality of Security Service: Adaptive Security

National Research Council Canada - National Science Library

Levin, Timothy E; Irvine, Cynthia E; Spyropoulou, Evdoxia

2004-01-01

The premise of Quality of Security Service is that system and network management functions can be more effective if variable levels of security services and requirements can be presented to users or network tasks...

Modeling Security Aspects of Network

Science.gov (United States)

Schoch, Elmar

With more and more widespread usage of computer systems and networks, dependability becomes a paramount requirement. Dependability typically denotes tolerance or protection against all kinds of failures, errors and faults. Sources of failures can basically be accidental, e.g., in case of hardware errors or software bugs, or intentional due to some kind of malicious behavior. These intentional, malicious actions are subject of security. A more complete overview on the relations between dependability and security can be found in [31]. In parallel to the increased use of technology, misuse also has grown significantly, requiring measures to deal with it.

Competence Requirements of ISO/IEC Standards for Information Security Professionals

Directory of Open Access Journals (Sweden)

Natalia G. Miloslavskaya

2017-11-01

Full Text Available The rapid progress in the filed of information security (IS puts one in a need of periodic revision of professional competencies (formulated in the federal state educational standards –FSESs and working functions (formulated in the professional standards – PSs. Under these conditions, a timely reaction to everything new that emerges or will appear in modern regulatory documents (primarily in standards is extremely important. We make a forecast for the content of the ISO/IEC 27021 and ISO/IEC 19896 standards drafted by the International Organization for Standardization (ISO, which should contain the requirements for the competencies of IS management system professionals and the competence of IS testers and evaluators. Our forecast takes into account the requirements of the ISO/IEC 27000 standard group and the recommendations of the European e-Competence Framework e-CF 3.0.

24 CFR 200.6 - Employer identification and social security numbers.

Science.gov (United States)

2010-04-01

... identification and social security numbers. The requirements set forth in 24 CFR part 5, regarding the disclosure and verification of social security numbers and employer identification numbers by applicants and... security numbers. 200.6 Section 200.6 Housing and Urban Development Regulations Relating to Housing and...

Establishing an Information Security System related to Physical Protection

International Nuclear Information System (INIS)

Jang, Sung Soon; Yoo, Ho Sik

2009-01-01

A physical protection system (PPS) integrates people, procedures and equipment for the protection of assets or facilities against theft, sabotage or other malevolent attacks. In the physical protection field, it is important the maintain confidentiality of PPS related information, such as the alarm system layout, detailed maps of buildings, and guard schedules. In this abstract, we suggest establishing a methodology for an information security system. The first step in this methodology is to determine the information to protect and possible adversaries. Next, system designers should draw all possible paths to the information and arrange appropriate protection elements. Finally he/she should analyze and upgrade their information security system

75 FR 10973 - Hazardous Materials: Risk-Based Adjustment of Transportation Security Plan Requirements

Science.gov (United States)

2010-03-09

... (explosive) material; (3) More than 1 L (1.06 qt.) per package of a material poisonous by inhalation in... controlled; and 6.1 materials poisonous by inhalation. We also proposed to require security plans for any... happens very rapidly, and in the process, the propane combines readily with air to form fuel air mixtures...

Public key infrastructure for DOE security research

Energy Technology Data Exchange (ETDEWEB)

Aiken, R.; Foster, I.; Johnston, W.E. [and others

1997-06-01

This document summarizes the Department of Energy`s Second Joint Energy Research/Defence Programs Security Research Workshop. The workshop, built on the results of the first Joint Workshop which reviewed security requirements represented in a range of mission-critical ER and DP applications, discussed commonalties and differences in ER/DP requirements and approaches, and identified an integrated common set of security research priorities. One significant conclusion of the first workshop was that progress in a broad spectrum of DOE-relevant security problems and applications could best be addressed through public-key cryptography based systems, and therefore depended upon the existence of a robust, broadly deployed public-key infrastructure. Hence, public-key infrastructure ({open_quotes}PKI{close_quotes}) was adopted as a primary focus for the second workshop. The Second Joint Workshop covered a range of DOE security research and deployment efforts, as well as summaries of the state of the art in various areas relating to public-key technologies. Key findings were that a broad range of DOE applications can benefit from security architectures and technologies built on a robust, flexible, widely deployed public-key infrastructure; that there exists a collection of specific requirements for missing or undeveloped PKI functionality, together with a preliminary assessment of how these requirements can be met; that, while commercial developments can be expected to provide many relevant security technologies, there are important capabilities that commercial developments will not address, due to the unique scale, performance, diversity, distributed nature, and sensitivity of DOE applications; that DOE should encourage and support research activities intended to increase understanding of security technology requirements, and to develop critical components not forthcoming from other sources in a timely manner.

76 FR 10205 - Department of Homeland Security Implementation of OMB Guidance on Drug-Free Workplace Requirements

Science.gov (United States)

2011-02-24

... Flexibility Act, 5 U.S.C. 605(b), as amended by the Small Business Regulatory Enforcement and Fairness Act of... Guidance on Drug-Free Workplace Requirements AGENCY: Department of Homeland Security (DHS). ACTION: Final... consolidate all Federal regulations on drug-free workplace requirements for financial assistance into one...

Moving towards Cloud Security

Directory of Open Access Journals (Sweden)

Edit Szilvia Rubóczki

2015-01-01

Full Text Available Cloud computing hosts and delivers many different services via Internet. There are a lot of reasons why people opt for using cloud resources. Cloud development is increasing fast while a lot of related services drop behind, for example the mass awareness of cloud security. However the new generation upload videos and pictures without reason to a cloud storage, but only few know about data privacy, data management and the proprietary of stored data in the cloud. In an enterprise environment the users have to know the rule of cloud usage, however they have little knowledge about traditional IT security. It is important to measure the level of their knowledge, and evolve the training system to develop the security awareness. The article proves the importance of suggesting new metrics and algorithms for measuring security awareness of corporate users and employees to include the requirements of emerging cloud security.

How strong is the Social Security safety net? Using the Elder Index to assess gaps in economic security.

Science.gov (United States)

Mutchler, Jan E; Li, Yang; Xu, Ping

2018-04-16

Older Americans rely heavily on Social Security benefits (SSBs) to support independent lifestyles, and many have few or no additional sources of income. We establish the extent to which SSBs adequately support economic security, benchmarked by the Elder Economic Security Standard Index. We document variability across U.S. counties in the adequacy levels of SSBs among older adults. We find that the average SSBs fall short of what is required for economic security in every county in the United States, but the level of shortfall varies considerably by location. Policy implications relating to strengthening Social Security and other forms of retirement income are discussed.

Strategic information security

CERN Document Server

Wylder, John

2003-01-01

Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

76 FR 12645 - Ownership Limitations and Governance Requirements for Security-Based Swap Clearing Agencies...

Science.gov (United States)

2011-03-08

... 3235-AK74 Ownership Limitations and Governance Requirements for Security- Based Swap Clearing Agencies... the Dodd-Frank Act, the Commission shall adopt such rules if it determines that they are necessary or appropriate to improve the governance of, or to mitigate systemic risk, promote competition or mitigate...

77 FR 70213 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

Science.gov (United States)

2012-11-23

...-market value of the proprietary positions (e.g., securities, money market instruments, and commodities... the deductions for securities and money market positions as compared with the standardized haircuts... and Markets, Securities and Exchange Commission, 100 F Street, NE., Washington, DC 20549-7010...

76 FR 34579 - Beneficial Ownership Reporting Requirements and Security-Based Swaps

Science.gov (United States)

2011-06-14

... beneficial ownership of the equity securities underlying derivative securities exercisable or convertible... exercise or conversion of any derivative security, whether or not presently exercisable.'' \\40\\ ``Derivative securities'' are ``any option, warrant, convertible security, stock appreciation right, or similar...

EPICS: Channel Access security design

International Nuclear Information System (INIS)

Kraimer, M.; Hill, J.

1994-05-01

This document presents the design for implementing the requirements specified in: EPICS -- Channel Access Security -- functional requirements, Ned. D. Arnold, 03/09/92. Use of the access security system is described along with a summary of the functional requirements. The programmer's interface is given. Security protocol is described and finally aids for reading the access security code are provided

29 CFR 2509.75-3 - Interpretive bulletin relating to investments by employee benefit plans in securities of...

Science.gov (United States)

2010-07-01

... Regulations Relating to Labor (Continued) EMPLOYEE BENEFITS SECURITY ADMINISTRATION, DEPARTMENT OF LABOR... Interpretive bulletin relating to investments by employee benefit plans in securities of registered investment.... That section provides that an investment by an employee benefit plan in securities issued by an...

Process Control/SCADA system vendor security awareness and security posture.

NARCIS (Netherlands)

Luiijf, H.A.M.; Lüders, S.

2009-01-01

A starting point for the adequate security of process control/SCADA systems is the security awareness and security posture by the manufacturers, vendors, system integrators, and service organisations. The results of a short set of questions indicate that major security improvements are required in

Application distribution model and related security attacks in VANET

Science.gov (United States)

Nikaein, Navid; Kanti Datta, Soumya; Marecar, Irshad; Bonnet, Christian

2013-03-01

In this paper, we present a model for application distribution and related security attacks in dense vehicular ad hoc networks (VANET) and sparse VANET which forms a delay tolerant network (DTN). We study the vulnerabilities of VANET to evaluate the attack scenarios and introduce a new attacker`s model as an extension to the work done in [6]. Then a VANET model has been proposed that supports the application distribution through proxy app stores on top of mobile platforms installed in vehicles. The steps of application distribution have been studied in detail. We have identified key attacks (e.g. malware, spamming and phishing, software attack and threat to location privacy) for dense VANET and two attack scenarios for sparse VANET. It has been shown that attacks can be launched by distributing malicious applications and injecting malicious codes to On Board Unit (OBU) by exploiting OBU software security holes. Consequences of such security attacks have been described. Finally, countermeasures including the concepts of sandbox have also been presented in depth.

Effective Electronic Security: Process for the Development and Validation from Requirements to Testing

Science.gov (United States)

2013-06-01

ABBREVIATIONS ANSI American National Standards Institute ASIS American Society of Industrial Security CCTV Closed Circuit Television CONOPS...is globally recognized for the development and maintenance of standards. ASTM defines a specification as an explicit set of requirements...www.rkb.us/saver/. One of the SAVER reports titled CCTV Technology Handbook has a chapter on system design. The report uses terms like functional

77 FR 52692 - NIST Federal Information Processing Standard (FIPS) 140-3 (Second Draft), Security Requirements...

Science.gov (United States)

2012-08-30

...-03] NIST Federal Information Processing Standard (FIPS) 140-3 (Second Draft), Security Requirements....'' Authority: Federal Information Processing Standards (FIPS) are issued by the National Institute of Standards... Standards and Technology (NIST) seeks additional comments on specific sections of Federal Information...

Security Measures in Data Mining

OpenAIRE

Anish Gupta; Vimal Bibhu; Rashid Hussain

2012-01-01

Data mining is a technique to dig the data from the large databases for analysis and executive decision making. Security aspect is one of the measure requirement for data mining applications. In this paper we present security requirement measures for the data mining. We summarize the requirements of security for data mining in tabular format. The summarization is performed by the requirements with different aspects of security measure of data mining. The performances and outcomes are determin...

Holographic optical security systems

Science.gov (United States)

Fagan, William F.

1990-06-01

One of the most successful applications of Holography,in recent years,has been its use as an optical security technique.Indeed the general public's awareness of holograms has been greatly enhanced by the incorporation of holographic elements into the VISA and MASTERCHARGE credit cards.Optical techniques related to Holography,are also being used to protect the currencies of several countries against the counterfeiter. The mass production of high quality holographic images is by no means a trivial task as a considerable degree of expertise is required together with an optical laboratory and embossing machinery.This paper will present an overview of the principal holographic and related optical techniques used for security purposes.Worldwide, over thirty companies are involved in the production of security elements utilising holographic and related optical technologies.Counterfeiting of many products is a major criminal activity with severe consequences not only for the manufacturer but for the public in general as defective automobile parts,aircraft components,and pharmaceutical products, to cite only a few of the more prominent examples,have at one time or another been illegally copied.

Operating System Security

CERN Document Server

Jaeger, Trent

2008-01-01

Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build "secure" operating systems - operating systems whose mechanisms protect the system against a motivated adversary. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems. In this book, we examine past research that outlines the requirements for a secure operating system and research that implements example systems that aim for such requirements. For system designs that aimed to

Core security requirements of DRM systems

NARCIS (Netherlands)

Jonker, H.L.; Mauw, S.; Satish, D.

2008-01-01

The use of Digital Rights Management (DRM) systems involves several stakeholders, such as the content provider, the license provider and the user, each having their own incentives to use the system. Proper use of the system implies that these incentives can only be met if certain security

PCI DSS: Security Standard and Security in Fact

OpenAIRE

M. V. Kuzin

2011-01-01

The article focuses on Payment Card Industry Data Security Standard (PCI DSS) requirements and practices, especially it’s issues and disadvantages to achieve the main goal — security of payment cards infrastructure.

A Research on the Determination of the Perception Levels of Shipyard Workers Related To Occupational Health and Security: Yalova Case

Directory of Open Access Journals (Sweden)

Ersin Kavi

2011-06-01

Full Text Available Shipbuilding sector, which has an important employment and export potential, is getting importance in Turkey. In this sector, the number of employees who work directly is 35.000 and the numbers of employees who work indirectly 100.000 are employed. The sector requires obligations and necessary activities in terms of vocational health and security since it includes working risks and has an increasing importance. Because of the lack of the vocational health and security measures, it has been seen many deaths and accidents in Tuzla Shipyards. Especially, the lack of trainings and measures to prevent to the industrial accident is an indication that there is a perception problem towards vocational health and security. Contrary to this, though it is taught on vocational health and security, the perceptions of the workers may not be enough. In this mean, it needs to be studied what to extend and how the workers perceive and apply the vocational health and security trainings or applications, which are taught at the shipyards, in workplace. In this paper, it is going to be studied the knowledge level of the workers related to the vocational health and security, determined training needs and if they satisfied with the trainings and measures by a survey in the Yalova shipyards.

Children's Emotional Security and Sleep: Longitudinal Relations and Directions of Effects

Science.gov (United States)

Keller, Peggy; El-Sheikh, Mona

2011-01-01

Background: We examined longitudinal relations between children's sleep and their emotional security in the mother-child, father-child, and parental marital relationships, with the goal of explicating the direction of association over time. Gender-related effects were also examined. Method: Sleep duration was examined through actigraphy, and sleep…

Task-related Interactions between Kindergarten Children and their Teachers : The Role of Emotional Security

NARCIS (Netherlands)

Thijs, Jochem T.; Koomen, Helma M.Y.

2008-01-01

This study examined the emotional security of kindergarten children in dyadic task-related interactions with their teachers. In particular, it examined the interrelations between security, task behaviours (persistence and independence), social inhibition, and teachers’ support. Participants were 79

Task-related interactions between kindergarten children and their teachers: the role of emotional security.

NARCIS (Netherlands)

Thijs, J.T.; Koomen, H.M.Y.

2008-01-01

This study examined the emotional security of kindergarten children in dyadic task-related interactions with their teachers. In particular, it examined the interrelations between security, task behaviours (persistence and independence), social inhibition, and teachers' support. Participants were 79

INFORMATION SECURITY IN LOGISTICS COOPERATION

Directory of Open Access Journals (Sweden)

Tomasz Małkus

2015-03-01

Full Text Available Cooperation of suppliers of raw materials, semi-finished products, finished products, wholesalers, retailers in the form of the supply chain, as well as outsourcing of specialized logistics service require ensuring adequate support of information. It concerns the use of appropriate computer tools. The security of information in such conditions of collaboration becomes the important problem for parties of contract. The objective of the paper is to characterize main issues relating to security of information in logistics cooperation.

A novel quantum solution to secure two-party distance computation

Science.gov (United States)

Peng, Zhen-wan; Shi, Run-hua; Wang, Pan-hong; Zhang, Shun

2018-06-01

Secure Two-Party Distance Computation is an important primitive of Secure Multiparty Computational Geometry that it involves two parties, where each party has a private point, and the two parties want to jointly compute the distance between their points without revealing anything about their respective private information. Secure Two-Party Distance Computation has very important and potential applications in settings of high secure requirements, such as privacy-preserving Determination of Spatial Location-Relation, Determination of Polygons Similarity, and so on. In this paper, we present a quantum protocol for Secure Two-Party Distance Computation by using QKD-based Quantum Private Query. The security of the protocol is based on the physical principles of quantum mechanics, instead of difficulty assumptions, and therefore, it can ensure higher security than the classical related protocols.

Cyber security

CERN Document Server

Voeller, John G

2014-01-01

Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

The concept of “Comprehensive security” as a draft for reconstructing security in a system of international relations

Directory of Open Access Journals (Sweden)

MSc. Dritëro Arifi

2011-03-01

Full Text Available To explain how applicable the concept of "comprehensive secu-rity" is in Kosovo, at first, I will try to analyze the term of security, and development of international relations in relation to the phe-nomenon of "Security". Initially the term “security” is to be elabo-rated, in theoretical terms, the impact "national security" had du-ring the Cold War, and the development of the international rela-tions system, especially after "the fall of the Berlin Wall,” and the fall of communism. In the broadest sense, the post- modern securi-ty is characterized by many threats, such as terrorism, failing sta-tes, climate change etc. The elements of comprehensive security will be part of the analysis of developments in Kosovo after the war and briefly transformation of the security sector after inde-pendence.

Metric-Aware Secure Service Orchestration

Directory of Open Access Journals (Sweden)

Gabriele Costa

2012-12-01

Full Text Available Secure orchestration is an important concern in the internet of service. Next to providing the required functionality the composite services must also provide a reasonable level of security in order to protect sensitive data. Thus, the orchestrator has a need to check whether the complex service is able to satisfy certain properties. Some properties are expressed with metrics for precise definition of requirements. Thus, the problem is to analyse the values of metrics for a complex business process. In this paper we extend our previous work on analysis of secure orchestration with quantifiable properties. We show how to define, verify and enforce quantitative security requirements in one framework with other security properties. The proposed approach should help to select the most suitable service architecture and guarantee fulfilment of the declared security requirements.

17 CFR 230.488 - Effective date of registration statements relating to securities to be issued in certain business...

Science.gov (United States)

2010-04-01

... statements relating to securities to be issued in certain business combination transactions. 230.488 Section... REGULATIONS, SECURITIES ACT OF 1933 Investment Companies; Business Development Companies § 230.488 Effective date of registration statements relating to securities to be issued in certain business combination...

Nuclear Security Management for Research Reactors and Related Facilities

International Nuclear Information System (INIS)

2016-03-01

This publication provides a single source guidance to assist those responsible for the implementation of nuclear security measures at research reactors and associated facilities in developing and maintaining an effective and comprehensive programme covering all aspects of nuclear security on the site. It is based on national experience and practices as well as on publications in the field of nuclear management and security. The scope includes security operations, security processes, and security forces and their relationship with the State’s nuclear security regime. The guidance is provided for consideration by States, competent authorities and operators

PCI DSS: Security Standard and Security in Fact

Directory of Open Access Journals (Sweden)

M. V. Kuzin

2011-12-01

Full Text Available The article focuses on Payment Card Industry Data Security Standard (PCI DSS requirements and practices, especially it’s issues and disadvantages to achieve the main goal — security of payment cards infrastructure.

20 CFR 703.203 - Application for security deposit determination; information to be submitted; other requirements.

Science.gov (United States)

2010-04-01

... 20 Employees' Benefits 3 2010-04-01 2010-04-01 false Application for security deposit determination; information to be submitted; other requirements. 703.203 Section 703.203 Employees' Benefits... each insurance rating service designated by the Branch and posted on the Internet at http://www.dol.gov...

33 CFR 105.305 - Facility Security Assessment (FSA) requirements.

Science.gov (United States)

2010-07-01

... evacuation routes and assembly stations; and (viii) Existing security and safety equipment for protection of... protection systems; (iv) Procedural policies; (v) Radio and telecommunication systems, including computer... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Facility Security Assessment (FSA...

The concept of “Comprehensive security” as a draft for reconstructing security in a system of international relations

OpenAIRE

MSc. Dritëro Arifi

2011-01-01

To explain how applicable the concept of "comprehensive secu-rity" is in Kosovo, at first, I will try to analyze the term of security, and development of international relations in relation to the phe-nomenon of "Security". Initially the term “security” is to be elabo-rated, in theoretical terms, the impact "national security" had du-ring the Cold War, and the development of the international rela-tions system, especially after "the fall of the Berlin Wall,” and the fall of communism. In the ...

Maritime supply chain security: navigating through a sea of compliance requirements

CSIR Research Space (South Africa)

Maspero, EL

2008-11-01

Full Text Available MTSA Maritime Transportation Security Act RFID Radio Frequency Identification SAFE Security and Accountability For Every port SOLAS Safety Of Life At Sea SST Smart and Secure Tradelane UNCTAD United Nations Conference on Trade and Development... for increased security within maritime shipping and so the SOLAS (the Safety of Lives at Sea) Convention Chapter 11 was amended to provide for the inclusion of the International Ships and Port Facilities Security Code (ISPS Code), which was internationally...

Privacy and security in teleradiology

International Nuclear Information System (INIS)

Ruotsalainen, Pekka

2010-01-01

Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.

Privacy and security in teleradiology

Energy Technology Data Exchange (ETDEWEB)

Ruotsalainen, Pekka [National Institute for Health and Welfare, Helsinki (Finland)], E-mail: pekka.ruotsalainen@THL.fi

2010-01-15

Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.

Challenges to regional security and disarmament measures

International Nuclear Information System (INIS)

Clements, K.P.

1993-01-01

The new agenda for peace is providing an extremely useful road map for current international and regional discussions about new ways and means of securing and maintaining peace and security. It underlines the central role of the United nations Security Council in relation to international conflicts and the maintenance of the peace, but it underlines an increasingly important role of the regional organisations as well. In all, there is a recognition that the end of the cold war has generated possibilities for peace-building that have not existed before. To take advantage of these opportunities requires an enhancement of consultation and dialogue at national, regional and global levels so that all nations and all peoples feel and know that they have a stake in the new peace and security architecture that will govern international relations into the twenty first century

Incorporating Security Quality Requirements Engineering (SQUARE) into Standard Life-Cycle Models

National Research Council Canada - National Science Library

Mead, Nancy R; Viswanathan, Venkatesh; Padmanabhan, Deepa; Raveendran, Anusha

2008-01-01

...). This report is for information technology managers and security professionals, management personnel with technical and information security knowledge, and any personnel who manage security-critical...

AVIATION SECURITY AS AN OBJECT OF MATHEMATICAL MODELING

Directory of Open Access Journals (Sweden)

N. Elisov Lev

2017-01-01

Full Text Available The paper presents a mathematical formulation of the problem formalization of the subject area related to aviation security in civil aviation. The formalization task is determined by the modern issue of providing aviation security. Aviationsecurity in modern systems is based upon organizational standard of security control. This standard doesn’t require calcu- lating the security level. It allows solving the aviation security task without estimating the solution and evaluating the per- formance of security facilities. The issue of acceptable aviation security level stays unsolved, because its control lies in inspections that determine whether the object security facilities meet the requirements or not. The pending problem is also in whether the requirements are calculable and the evaluation is subjective.Lately, there has been determined quite a certain tendency to consider aviation security issues from the perspective of its level optimal control with the following identification, calculation and evaluation problems solving and decision mak- ing. The obtained results analysis in this direction shows that it’s strongly recommended to move to object formalization problem, which provides a mathematical modeling for aviation security control optimization.In this case, the authors assume to find the answer in the process of object formalization. Therefore aviation secu- rity is presented as some security environment condition, which defines the parameters associated with the object protec-tion system quality that depends on the use of protective equipment in conditions of counteraction to factors of external andinternal threats. It is shown that the proposed model belongs to a class of boundary value problems described by differential equations in partial derivatives. The classification of boundary value problems is presented.

Information security fundamentals

CERN Document Server

Peltier, Thomas R

2013-01-01

Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise's effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.The book examines the elements of computer security, employee roles and r

IAEA Nuclear Security Human Resource Development Program

International Nuclear Information System (INIS)

Braunegger-Guelich, A.

2009-01-01

The IAEA is at the forefront of international efforts to strengthen the world's nuclear security framework. The current Nuclear Security Plan for 2006-2009 was approved by the IAEA Board of Governors in September 2005. This Plan has three main points of focus: needs assessment, prevention, detection and response. Its overall objective is to achieve improved worldwide security of nuclear and other radioactive material in use, storage and transport, and of their associated facilities. This will be achieved, in particular, through the provision of guidelines and recommendations, human resource development, nuclear security advisory services and assistance for the implementation of the framework in States, upon request. The presentation provides an overview of the IAEA nuclear security human resource development program that is divided into two parts: training and education. Whereas the training program focuses on filling gaps between the actual performance of personnel working in the area of nuclear security and the required competencies and skills needed to meet the international requirements and recommendations described in UN and IAEA documents relating to nuclear security, the Educational Program in Nuclear Security aims at developing nuclear security experts and specialists, at fostering a nuclear security culture and at establishing in this way sustainable knowledge in this field within a State. The presentation also elaborates on the nuclear security computer based learning component and provides insights into the use of human resource development as a tool in achieving the IAEA's long term goal of improving sustainable nuclear security in States. (author)

FOOD SECURITY

Directory of Open Access Journals (Sweden)

Dorina Ardelean

2013-12-01

Full Text Available The assurance of food security at the individual level doesn’t implicitly provide for the one at family level as the concepts of hunger, malnutrition and food insecurity are the steps of the same process of access restricted to a sufficient supply of food. In order to achieve food security at the individual level the following is necessary: ensuring food availability (production, reserve stocks; redistribution of food availability within the country or out through international exchanges; effective access of the population to purchase food consumer goods, by ensuring its effective demand as required. Food security of families (FFS is required for assuring individual food security (IFS, but it is not sufficient because the food available may be unevenly distributed between family members. National food security (NFS corresponds to the possibilities that different countries have to ensure both FFS and IFS without sacrificing other important objectives. Under the name of GAS is defined the global food security which represents permanent access for the entire population of the globe to the necessary food for a healthy and active life.

Securing remote services by integrating SecurID strong authentication technology in EFDA-Federation infrastructure

Energy Technology Data Exchange (ETDEWEB)

Castro, R., E-mail: rodrigo.castro@visite.es [Asociacion EURATOM/CIEMAT para Fusion, Madrid (Spain); Barbato, P. [Consorzio RFX, Euratom ENEA Association, Corso Stati Uniti 4, 35127 Padova (Italy); Vega, J. [Asociacion EURATOM/CIEMAT para Fusion, Madrid (Spain); Taliercio, C. [Consorzio RFX, Euratom ENEA Association, Corso Stati Uniti 4, 35127 Padova (Italy)

2011-10-15

Remote participation facilities among fusion laboratories require access control solutions with two main objectives: to preserve the usability of the systems and to guaranty the required level of security for accessing to shared services. On one hand, this security solution has to be: single-sign-on, transparent for users, compatible with user mobility, and compatible with used client applications. On the other hand, it has to be compatible with shared services and resources among organisations, providing in each case the required access security level. EFDA-Federation is a security infrastructure that integrates a set of fusion laboratories and enables to share resources and services fulfilling the requirements previously described. In EFDA community, JET and RFX have security access policies to some of their services that require strong authentication mechanisms. In both cases, strong authentication is based on RSA SecurID tokens. This is a hardware device that is supplied to and generates a new password every minute. The job presents two main results. The first one is the integration of RSA SecurID into EFDA-Federation. Thanks to it, federated organisations are able to offer SecurID to their users as an alternative strong authentication mechanism, with the corresponding increase of security level. The second result is the development of a new access control mechanism based on port knocking techniques and its integration into EFDA-Federation. Additionally, a real application in RFX is presented and includes the integration of its SecurID infrastructure as federated authentication mechanism, and the application of the new access control mechanism to its MDSplus server.

Securing remote services by integrating SecurID strong authentication technology in EFDA-Federation infrastructure

International Nuclear Information System (INIS)

Castro, R.; Barbato, P.; Vega, J.; Taliercio, C.

2011-01-01

Remote participation facilities among fusion laboratories require access control solutions with two main objectives: to preserve the usability of the systems and to guaranty the required level of security for accessing to shared services. On one hand, this security solution has to be: single-sign-on, transparent for users, compatible with user mobility, and compatible with used client applications. On the other hand, it has to be compatible with shared services and resources among organisations, providing in each case the required access security level. EFDA-Federation is a security infrastructure that integrates a set of fusion laboratories and enables to share resources and services fulfilling the requirements previously described. In EFDA community, JET and RFX have security access policies to some of their services that require strong authentication mechanisms. In both cases, strong authentication is based on RSA SecurID tokens. This is a hardware device that is supplied to and generates a new password every minute. The job presents two main results. The first one is the integration of RSA SecurID into EFDA-Federation. Thanks to it, federated organisations are able to offer SecurID to their users as an alternative strong authentication mechanism, with the corresponding increase of security level. The second result is the development of a new access control mechanism based on port knocking techniques and its integration into EFDA-Federation. Additionally, a real application in RFX is presented and includes the integration of its SecurID infrastructure as federated authentication mechanism, and the application of the new access control mechanism to its MDSplus server.

Security for grids

Energy Technology Data Exchange (ETDEWEB)

Humphrey, Marty; Thompson, Mary R.; Jackson, Keith R.

2005-08-14

Securing a Grid environment presents a distinctive set of challenges. This paper groups the activities that need to be secured into four categories: naming and authentication; secure communication; trust, policy, and authorization; and enforcement of access control. It examines the current state of the art in securing these processes and introduces new technologies that promise to meet the security requirements of Grids more completely.

The Security Email Based on Smart Card

Science.gov (United States)

Lina, Zhang; Jiang, Meng Hai.

Email has become one of the most important communication tools in modern internet society, and its security is an important issue that can't be ignored. The security requirements of Email can be summarized as confidentiality, integrity, authentication and non-repudiation. Recently many researches on IBE (identify based encrypt) have been carried out to solve these security problems. However, because of IBE's fatal flaws and great advantages of PKI (Public Key Infrastructure), PKI is found to be still irreplaceable especially in the applications based on smart card. In this paper, a construction of security Email is presented, then the design of relatively cryptography algorithms and the configuration of certificates are elaborated, and finally the security for the proposed system is discussed.

Task-Related Interactions between Kindergarten Children and Their Teachers: The Role of Emotional Security

Science.gov (United States)

Thijs, Jochem T.; Koomen, Helma M. Y.

2008-01-01

This study examined the emotional security of kindergarten children in dyadic task-related interactions with their teachers. In particular, it examined the interrelations between security, task behaviours (persistence and independence), social inhibition, and teachers' support. Participants were 79 kindergartners (mean age = 69.7 months) and their…

Unix Security Cookbook

Science.gov (United States)

Rehan, S. C.

This document has been written to help Site Managers secure their Unix hosts from being compromised by hackers. I have given brief introductions to the security tools along with downloading, configuring and running information. I have also included a section on my recommendations for installing these security tools starting from an absolute minimum security requirement.

RiskREP : risk-based security requirements elicitation and prioritization

NARCIS (Netherlands)

Herrmann, A.; Morali, A.; Etalle, S.; Wieringa, R.J.

2011-01-01

Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement "good-enough security" but need to be able to justify their security investment plans. In this paper, we present a Risk-Based

Enhancing implementation security of QKD

Science.gov (United States)

Tamaki, Kiyoshi

2017-10-01

Quantum key distribution (QKD) can achieve information-theoretic security, which is a provable security against any eavesdropping, given that all the devices the sender and the receiver employ operate exactly as the theory of security requires. Unfortunately, however, it is difficult for practical devices to meet all such requirements, and therefore more works have to be done toward guaranteeing information-theoretic security in practice, i.e., implementation security. In this paper, we review our recent efforts to enhance implementation security. We also have a brief look at a flaw in security proofs and present how to fix it.

Privacy and security in teleradiology.

Science.gov (United States)

Ruotsalainen, Pekka

2010-01-01

Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper. Copyright (c) 2009 Elsevier Ireland Ltd. All rights reserved.

Foreign Under-Investment in US Securities and the Role of Relational Capital

OpenAIRE

Michael, Bryane

2015-01-01

Over 70 academic papers attempt to explain why foreigners invest in US securities. All ignore the vital role of the US broker-dealer. Macroeconomic factors like a trade balance or corporate governance may guide foreign investors toward certain markets. But US broker-dealers provide information to foreign investors and execute the actual trades. We hypothesize that particular foreign investors under-invest in US securities because of a lack of relational capital with US broker-dealers. We find...

My, your and our needs for safety and security: relatives' reflections on using information and communication technology in dementia care.

Science.gov (United States)

Olsson, Annakarin; Engström, Maria; Skovdahl, Kirsti; Lampic, Claudia

2012-03-01

The present paper reports on a study aimed at describing relatives' reflections on different kinds of information and communication technology (ICT) devices that are used or can be used in the daily care of persons with dementia. Many persons with dementia continue living in their own homes, which requires the support of their relatives. One way to meet the needs of relatives and persons with dementia is to use ICT. An interview study was conducted in Sweden (2007-2008) with a purposive sample of 14 spouses of a person with dementia. Qualitative content analysis was used to identify categories and themes in the data. Relatives' reflections on the use of ICT were described as ICT - a support in daily life, ICT - internal and external conditions and ICT - the decision to use or not use. Based on these categories, a theme was revealed: shifting between different perspectives: my, your and our needs for safety and security. Relatives struggle to create a situation of safety and security in daily life for themselves and the persons with dementia. ICT devices with the right functionality and used at the right time are regarded as useful in solving everyday problems. In the decision to use or not use ICT, the opportunity to create a safe and secure environment overshadows potential ethical problems. Providing early information about ICT to persons with dementia and their relatives could facilitate joint decision-making regarding use of ICT. © 2011 The Authors. Scandinavian Journal of Caring Sciences © 2011 Nordic College of Caring Science.

Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

NARCIS (Netherlands)

Su, X.; Bolzoni, D.; van Eck, Pascal

2006-01-01

In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most

Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

NARCIS (Netherlands)

Su, X.; Bolzoni, D.; van Eck, Pascal

2007-01-01

In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most

Network Security Validation Using Game Theory

Science.gov (United States)

Papadopoulou, Vicky; Gregoriades, Andreas

Non-functional requirements (NFR) such as network security recently gained widespread attention in distributed information systems. Despite their importance however, there is no systematic approach to validate these requirements given the complexity and uncertainty characterizing modern networks. Traditionally, network security requirements specification has been the results of a reactive process. This however, limited the immunity property of the distributed systems that depended on these networks. Security requirements specification need a proactive approach. Networks' infrastructure is constantly under attack by hackers and malicious software that aim to break into computers. To combat these threats, network designers need sophisticated security validation techniques that will guarantee the minimum level of security for their future networks. This paper presents a game-theoretic approach to security requirements validation. An introduction to game theory is presented along with an example that demonstrates the application of the approach.

Security model for VM in cloud

Science.gov (United States)

Kanaparti, Venkataramana; Naveen K., R.; Rajani, S.; Padmvathamma, M.; Anitha, C.

2013-03-01

Cloud computing is a new approach emerged to meet ever-increasing demand for computing resources and to reduce operational costs and Capital Expenditure for IT services. As this new way of computation allows data and applications to be stored away from own corporate server, it brings more issues in security such as virtualization security, distributed computing, application security, identity management, access control and authentication. Even though Virtualization forms the basis for cloud computing it poses many threats in securing cloud. As most of Security threats lies at Virtualization layer in cloud we proposed this new Security Model for Virtual Machine in Cloud (SMVC) in which every process is authenticated by Trusted-Agent (TA) in Hypervisor as well as in VM. Our proposed model is designed to with-stand attacks by unauthorized process that pose threat to applications related to Data Mining, OLAP systems, Image processing which requires huge resources in cloud deployed on one or more VM's.

A novel quantum scheme for secure two-party distance computation

Science.gov (United States)

Peng, Zhen-wan; Shi, Run-hua; Zhong, Hong; Cui, Jie; Zhang, Shun

2017-12-01

Secure multiparty computational geometry is an essential field of secure multiparty computation, which computes a computation geometric problem without revealing any private information of each party. Secure two-party distance computation is a primitive of secure multiparty computational geometry, which computes the distance between two points without revealing each point's location information (i.e., coordinate). Secure two-party distance computation has potential applications with high secure requirements in military, business, engineering and so on. In this paper, we present a quantum solution to secure two-party distance computation by subtly using quantum private query. Compared to the classical related protocols, our quantum protocol can ensure higher security and better privacy protection because of the physical principle of quantum mechanics.

Security By Design

OpenAIRE

Tanner, M. James

2009-01-01

Securing a computer from unwanted intrusion requires astute planning and effort to effectively minimize the security invasions computers are plagued with today. While all of the efforts to secure a computer are needed, it seems that the underlying issue of what is being secured has been overlooked. The operating system is at the core of the security issue. Many applications and devices have been put into place to add layers of protection to an already weak operating system. Security did not u...

Security Awareness of the Digital Natives

Directory of Open Access Journals (Sweden)

Vasileios Gkioulos

2017-04-01

Full Text Available Young generations make extensive use of mobile devices, such as smartphones, tablets and laptops, while a plethora of security risks associated with such devices are induced by vulnerabilities related to user behavior. Furthermore, the number of security breaches on or via portable devices increases exponentially. Thus, deploying suitable risk treatments requires the investigation of how the digital natives (young people, born and bred in the digital era use their mobile devices and their level of security awareness, in order to identify common usage patterns with negative security impact. In this article, we present the results of a survey performed across a multinational sample of digital natives with distinct backgrounds and levels of competence in terms of security, to identify divergences in user behavior due to regional, educational and other factors. Our results highlight significant influences on the behavior of digital natives, arising from user confidence, educational background, and parameters related to usability and accessibility. The outcomes of this study justify the need for further analysis of the topic, in order to identify the influence of fine-grained semantics, but also the consolidation of wide and robust user-models.

Internet Banking Security Strategy: Securing Customer Trust

OpenAIRE

Frimpong Twum; Kwaku Ahenkora

2012-01-01

Internet banking strategies should enhance customers¡¯ online experiences which are affected by trust and security issues. This study provides perspectives of users and nonusers on internet banking security with a view to understanding trust and security factors in relation to adoption and continuous usage. Perception of internet banking security influenced usage intentions. Nonusers viewed internet banking to be insecure but users perceived it to be secure with perceived ease of use influenc...

Securing Chinese nuclear power development: further strengthening nuclear security

International Nuclear Information System (INIS)

Zhang Hui

2014-01-01

Chinese President Xi Jinping addresses China's new concept of nuclear security with four 'equal emphasis' at the third Nuclear Security Summit, and makes four commitments to strengthen nuclear security in the future. To convert President Xi's political commitments into practical, sustainable reality, China should take further steps to install a complete, reliable, and effective security system to ensure that all its nuclear materials and nuclear facilities are effectively protected against the full spectrum of plausible terrorist and criminal threats. This paper suggests the following measures be taken to improve China's existing nuclear security system, including updating and clarifying the requirements for a national level DBT; updating and enforcing existing regulations; further promoting nuclear security culture; balancing the costs of nuclear security, and further strengthening international cooperation on nuclear security. (author)

Smart grid security

Energy Technology Data Exchange (ETDEWEB)

Cuellar, Jorge (ed.) [Siemens AG, Muenchen (Germany). Corporate Technology

2013-11-01

The engineering, deployment and security of the future smart grid will be an enormous project requiring the consensus of many stakeholders with different views on the security and privacy requirements, not to mention methods and solutions. The fragmentation of research agendas and proposed approaches or solutions for securing the future smart grid becomes apparent observing the results from different projects, standards, committees, etc, in different countries. The different approaches and views of the papers in this collection also witness this fragmentation. This book contains the following papers: 1. IT Security Architecture Approaches for Smart Metering and Smart Grid. 2. Smart Grid Information Exchange - Securing the Smart Grid from the Ground. 3. A Tool Set for the Evaluation of Security and Reliability in Smart Grids. 4. A Holistic View of Security and Privacy Issues in Smart Grids. 5. Hardware Security for Device Authentication in the Smart Grid. 6. Maintaining Privacy in Data Rich Demand Response Applications. 7. Data Protection in a Cloud-Enabled Smart Grid. 8. Formal Analysis of a Privacy-Preserving Billing Protocol. 9. Privacy in Smart Metering Ecosystems. 10. Energy rate at home Leveraging ZigBee to Enable Smart Grid in Residential Environment.

The Arctic Region: A Requirement for New Security Architecture?

Science.gov (United States)

2013-03-01

cooperation and mutually beneficial partnerships . Denmark’s security policy states that existing international law and established forums of cooperation...increase leadership in multinational forum and, develop comprehensive partnerships without the need to create a new security organization. Figure 3...Arctic region. Endnotes 1 Government of Canada, “Canada’s Arctic foreign policy” (Ottawa, Canada, 2007), 2. 2 WWF Global, “Arctic oil and gas”, http

The relation of attachment security status to effortful self-regulation: A meta-analysis.

Science.gov (United States)

Pallini, Susanna; Chirumbolo, Antonio; Morelli, Mara; Baiocco, Roberto; Laghi, Fiorenzo; Eisenberg, Nancy

2018-05-01

Secure attachment relationships have been described as having a regulatory function in regard to children's emotions, social cognition, and behavior. Although some theorists and researchers have argued that attachment affects children's self-regulation, most attachment theorists have not strongly emphasized this association. The goal of the current meta-analysis was to determine the magnitude of the relation between attachment security status and effortful control (EC)/top-down self-regulation in children up to 18 years of age. One hundred six papers met the inclusion criteria and 101 independent samples were used in analyses. When secure attachment status was compared with insecure attachment status, a significant relation (effect size [ES]) with EC favoring children with a secure attachment was found (100 studies; 20,350 participants; r = .20). A stronger relation was found when the same coder evaluated attachment than when the coder was different and when the measure of attachment was continuous; other moderators were not significant. Securely attached children were higher in EC than their avoidant (r = .10) or resistant (r = .17) counterparts. Children with organized attachments were higher in EC than those with disorganized attachments (r = .17), although this finding could be due to publication bias. For some comparisons of subgroups (B vs. A, B vs. C, and/or D vs. all others), moderation was found by source of information (higher ES for same reporter), age at assessment of EC and/or attachment (higher ES at older ages), method of attachment (lower ES for observational measures), time difference between assessments or research design (higher ESs for smaller time differences and concurrent findings), and published versus unpublished studies (higher ES for unpublished studies for A vs. B). (PsycINFO Database Record (c) 2018 APA, all rights reserved).

I and C security program for nuclear facilities: implementation guide - TAFICS/IG/2

International Nuclear Information System (INIS)

2016-04-01

This is the second in a series of documents being developed by TAFICS for protecting computer-based I and C systems of Indian nuclear facilities from cyber attacks. The document provides guidance to nuclear facility management to establish, implement and maintain a robust I and C security program - consisting of security plan and a set of security controls. In order to provide a firm basis for the security program, the document also identifies the fundamental security principles and foundational security requirements related to computer-based I and C systems of nuclear facilities. It is recommended that all applicable Indian nuclear facilities should implement the security program - with required adaptation - so as to provide the necessary assurance that the I and C systems are adequately protected against cyber attacks. (author)

Microsoft Azure security

CERN Document Server

Freato, Roberto

2015-01-01

This book is intended for Azure administrators who want to understand the application of security principles in distributed environments and how to use Azure to its full capability to reduce the risks of security breaches. Only basic knowledge of the security processes and services of Microsoft Azure is required.

Parliamentary control of security information agency in terms of security culture: State and problems

Directory of Open Access Journals (Sweden)

Radivojević Nenad

2013-01-01

Full Text Available Even though security services have the same function as before, today they have different tasks and significantly more work than before. Modern security problems of the late 20th and early 21st century require states to reorganize their security services, adapting them to the new changes. The reorganization involves, among other things, giving wider powers of the security services, in order to effectively counter the growing and sophisticated security threats, which may also lead to violations of human rights and freedoms. It is therefore necessary to define the right competence, organization, authority and control of these services. In democratic countries, there are several institutions with different levels of control of security services. Parliament is certainly one of the most important institutions in that control, both in the world and in our country. Powers, finance, the use of special measures and the nature and scope of work of the Security Information Agency are certainly object of the control of the National Assembly. What seems to be the problem is achieving a balance between the need for control of security services and security services to have effective methods for combating modern security problems. This paper presents the legal framework related to the National Assembly control of the Security Intelligence Agency, as well as the practical problems associated with this type of control. We analyzed the role of security culture as one of the factors of that control. In this regard, it provides guidance for the practical work of the members of parliament who control the Security Intelligence Agency, noting in particular the importance of and the need for continuous improvement of security culture representatives.

Tenure security, social relations and contract choice: Endogenous matching in the Chinese land rental market

Science.gov (United States)

Ma, Xianlei; Zhou, Yuepeng; Shi, Xiaoping

2017-04-01

In China, land rental transactions have increased considerably since the 1990s, but there exists a high degree of segmentation and informal features. The rental transactions between partners with close social relations and the use of informal contracts remain a common phenomenon in many regions, which strongly reduce the potential of the land rental market to enhance productivity and equity. The current literature postulates that the insecurity of land property rights may restrict land transactions between members of same social relations. Studies conducted in China show that the land rentals between partners with closer social relations prefer informal contracts because these contracts are self-enforced based on trust and reputation. However, little literature has jointly examined the effect of land tenure security and social relations on joint decisions of partner and contract choice in the Chinese land rental market. Based on household data collected in Jiangxi and Liaoning provinces in 2015, this paper aims to examine the relationship between land tenure security perceptions, social relation and land rental contract choices in China. We differentiate between formal and informal contracts of land rental activities because they have different enforcement mechanisms and thus different risk-sharing strategy. With regards to social relations, we differ among relatives, villagers living in the same village and strangers according to social distance. In order to reduce estimation bias without accounting for endogenous matching between landlords and tenants, we investigate the joint partner and contract choices in the land rental market using a nested logit framework. The paper contributes to the literature on the effect of tenure security and social relations on land rental contracts by (i) taking into account endogenous matching between landlords and tenants, and estimating the joint decisions of partner and contract choice, and (ii) examining the effect of perceived

Russia’s Security Relations with Finland, Norway, and Sweden

Science.gov (United States)

2017-09-01

NAVAL POSTGRADUATE SCHOOL MONTEREY, CALIFORNIA THESIS Approved for public release. Distribution is unlimited. RUSSIA’S SECURITY... RELATIONS WITH FINLAND, NORWAY, AND SWEDEN by Rory J. Hayden September 2017 Thesis Advisor: Mikhail Tsypkin Co-Advisor: David S. Yost...THIS PAGE INTENTIONALLY LEFT BLANK i REPORT DOCUMENTATION PAGE Form Approved OMB No. 0704-0188 Public reporting burden for this collection of

Security engineering: Phisical security measures for high-risk personnel

Directory of Open Access Journals (Sweden)

Jelena S. Cice

2013-06-01

Full Text Available The design of physical security measures is a specialized technical area that does not fall in the normal skill record and resume of commanders, architects, engineers, and project managers. This document provides guidance to those parties tasked with implementing existing and emerging physical protection system requirements: -    Creation of a single-source reference for the design and construction of physical security measures for high-risk personnel (HRP. -    Promulgation of multi-service standard recommendations and considerations. -    Potential increase of productivity of HRP and reduced temporary housing costs through clarification of considerations, guidance on planning, and provision of design solutions. -    Reduction of facility project costs. -    Better performance of modernized facilities, in terms of force protection, than original facilities. Throughout this process you must ensure: confidentiality, appropriate Public Relations, sustainability, compliance with all industrial guidelines and legal and regulatory requirement, constant review and revision to accommodate new circumstances or threats. Introduction Physical security is an extremely broad topic. It encompasses access control devices such as smart cards, air filtration and fireproofing. It is also heavily reliant on infrastructure. This means that many of the ideal physical security measures may not be economically or physically feasible for existing sites. Many businesses do not have the option of building their own facility from the ground up; thus physical security often must be integrated into an existing structure. This limits the overall set of security measures that can be installed. There is an aspect of physical security that is often overlooked; the humans that interact with it. Humans commit crime for a number of reasons. The document focuses on two building types: the HRP office and the HRP residence. HRP are personnel who are likely to be

INFORMATION SECURITY IN MOBILE MODULAR MEASURING SYSTEMS

Directory of Open Access Journals (Sweden)

A. N. Tkhishev

2017-01-01

Full Text Available A special aspect of aircraft test is carrying out both flight evaluation and ground operation evaluation in a structure of flying aids and special tools equipment. The specific of flight and sea tests involve metering in offshore zone, which excludes the possibility of fixed geodetically related measuring tools. In this regard, the specific role is acquired by shipbased measurement systems, in particular the mobile modular measuring systems. Information processed in the mobile modular measurement systems is a critical resource having a high level of confidentiality. When carrying out their functions, it should be implemented a proper information control of the mobile modular measurement systems to ensure their protection from the risk of data leakage, modification or loss, i.e. to ensure a certain level of information security. Due to the specific of their application it is difficult to solve the problems of information security in such complexes. The intruder model, the threat model, the security requirements generated for fixed informatization objects are not applicable to mobile systems. It was concluded that the advanced mobile modular measuring systems designed for flight experiments monitoring and control should be created due to necessary information protection measures and means. The article contains a diagram of security requirements formation, starting with the data envelopment analysis and ending with the practical implementation. The information security probabilistic model applied to mobile modular measurement systems is developed. The list of current security threats based on the environment and specific of the mobile measurement system functioning is examined. The probabilistic model of the information security evaluation is given. The problems of vulnerabilities transformation of designed information system into the security targets with the subsequent formation of the functional and trust requirements list are examined.

Security and privacy of EHR systems--ethical, social and legal requirements.

Science.gov (United States)

Kluge, Eike-Henner W

2003-01-01

This paper addresses social, ethical and legal concerns about security and privacy that arise in the development of international interoperable health information systems. The paper deals with these concerns under four rubrics: the ethical status of electronic health records, the social and legal embedding of interoperable health information systems, the overall information-requirements healthcare as such, and the role of health information professionals as facilitators. It argues that the concerns that arise can be met if the development of interoperability protocols is guided by the seven basic principles of information ethics that have been enunciated in the IMIA Code of Ethics for Health Information Professionals and that are central to the ethical treatment of electronic health records.

A comparative approach to nuclear safety and nuclear security

International Nuclear Information System (INIS)

2009-01-01

The operators in charge of nuclear facilities or activities have to deal with nuclear and radiological risks, which implies implementing two complementary approaches - safety and security - each of which entails specific methods. Targeting the same ultimate purpose, these two approaches must interact to mutually reinforce each other, without compromising one another. In this report, IRSN presents its reflections on the subject, drawing on its expertise in assessing risks on behalf of the French safety and security authorities, together with the lessons learned from sharing experience at international level. Contents: 1 - Purpose and context: Definitions, Similar risks but different causes, Transparency and confidentiality, Synergy in dealing with sabotage, A common purpose: protecting Man and the environment; 2 - Organizational principles: A legislative and regulatory framework relative to safety as well as security, The competent nuclear safety and security authorities, A difference in the distribution of responsibilities between the operators and the State (Prime responsibility of operators, A different involvement of the State), Safety culture and security culture; 3 - Principles for the application of safety and security approaches: Similar design principles (The graded approach, Defence-in-depth, Synergy between safety and security), Similar operating principles (The same requirement regarding constant monitoring, The same need to take account of feedback, The same need to update the baseline, Sharing good practices is more restricted in the area of security, The need to deal with the respective requirements of safety and security), Similar emergency management (Developing emergency and contingency plans, Carrying out exercises), Activities subject to quality requirements; 4 - Conclusion

Achieving Security Assurance with Assertion-based Application Construction

Directory of Open Access Journals (Sweden)

Carlos E. Rubio-Medrano

2015-12-01

Full Text Available Modern software applications are commonly built by leveraging pre-fabricated modules, e.g. application programming interfaces (APIs, which are essential to implement the desired functionalities of software applications, helping reduce the overall development costs and time. When APIs deal with security-related functionality, it is critical to ensure they comply with their design requirements since otherwise unexpected flaws and vulnerabilities may consequently occur. Often, such APIs may lack sufficient specification details, or may implement a semantically-different version of a desired security model to enforce, thus possibly complicating the runtime enforcement of security properties and making it harder to minimize the existence of serious vulnerabilities. This paper proposes a novel approach to address such a critical challenge by leveraging the notion of software assertions. We focus on security requirements in role-based access control models and show how proper verification at the source-code level can be performed with our proposed approach as well as with automated state-of-the-art assertion-based techniques.

21 CFR 1309.71 - General security requirements.

Science.gov (United States)

2010-04-01

... I chemicals handled; (2) The location of the premises and the relationship such location bears on... employees having access to List I chemicals; (7) The procedures for handling business guests, visitors... materials and plans regarding the proposed security controls and procedures either to the Special Agent in...

The Gulf Security Dialogue and Related Arms Sale Proposals

National Research Council Canada - National Science Library

Blanchard, Christopher M; Grimmett, Richard F

2008-01-01

...) security cooperation under the auspices of a new Gulf Security Dialogue (GSD). The Dialogue now serves as the principal security coordination mechanism between the United States and the six countries of the Gulf Cooperation Council (GCC...

Kyrgyzstan's security problems today

OpenAIRE

Abduvalieva, Ryskul

2009-01-01

Regional stability and security consist of two levels-the external security of each country at the regional level and the internal security of each of them individually. A state's external and internal security are closely interrelated concepts. It stands to reason that ensuring internal security and stability is the primary and most important task. But the external aspect also requires attention. This article takes a look at the most important problems of ensuring Kyrgyzstan's security.

Integrated security system definition

International Nuclear Information System (INIS)

Campbell, G.K.; Hall, J.R. II

1985-01-01

The objectives of an integrated security system are to detect intruders and unauthorized activities with a high degree of reliability and the to deter and delay them until effective response/engagement can be accomplished. Definition of an effective integrated security system requires proper application of a system engineering methodology. This paper summarizes a methodology and describes its application to the problem of integrated security system definition. This process includes requirements identification and analysis, allocation of identified system requirements to the subsystem level and provides a basis for identification of synergistic subsystem elements and for synthesis into an integrated system. The paper discusses how this is accomplished, emphasizing at each step how system integration and subsystem synergism is considered. The paper concludes with the product of the process: implementation of an integrated security system

Computer-aided support for Secure Tropos

NARCIS (Netherlands)

Massacci, F.; Mylopoulos, J.; Zannone, N.

2007-01-01

In earlier work, we have introduced Secure Tropos, a requirements engineering methodology that extends the Tropos methodology and is intended for the design and analysis of security requirements. This paper briefly recaps the concepts proposed for capturing security aspects, and presents an

Demarcation of Security in Authentication Protocols

DEFF Research Database (Denmark)

Ahmed, Naveed; Jensen, Christian D.

2011-01-01

Security analysis of communication protocols is a slippery business; many “secure” protocols later turn out to be insecure. Among many, two complains are more frequent: inadequate definition of security and unstated assumptions in the security model. In our experience, one principal cause...... for such state of affairs is an apparent overlap of security and correctness, which may lead to many sloppy security definitions and security models. Although there is no inherent need to separate security and correctness requirements, practically, such separation is significant. It makes security analysis...... easier, and enables us to define security goals with a fine granularity. We present one such separation, by introducing the notion of binding sequence as a security primitive. A binding sequence, roughly speaking, is the only required security property of an authentication protocol. All other...

Safety and Security Interface Technology Initiative

International Nuclear Information System (INIS)

Dr. Michael A. Lehto; Kevin J. Carroll; Dr. Robert Lowrie

2007-01-01

Earlier this year, the Energy Facility Contractors Group (EFCOG) was asked to assist in developing options related to acceleration deployment of new security-related technologies to assist meeting design base threat (DBT) needs while also addressing the requirements of 10 CFR 830. NNSA NA-70, one of the working group participants, designated this effort the Safety and Security Interface Technology Initiative (SSIT). Relationship to Workshop Theme. ''Supporting Excellence in Operations Through Safety Analysis'', (workshop theme) includes security and safety personnel working together to ensure effective and efficient operations. One of the specific workshop elements listed in the call for papers is ''Safeguards/Security Integration with Safety''. This paper speaks directly to this theme. Description of Work. The EFCOG Safety Analysis Working Group (SAWG) and the EFCOG Security Working Group formed a core team to develop an integrated process involving both safety basis and security needs allowing achievement of the DBT objectives while ensuring safety is appropriately considered. This effort garnered significant interest, starting with a two day breakout session of 30 experts at the 2006 Safety Basis Workshop. A core team was formed, and a series of meetings were held to develop that process, including safety and security professionals, both contractor and federal personnel. A pilot exercise held at Idaho National Laboratory (INL) in mid-July 2006 was conducted as a feasibility of concept review. Work Results. The SSIT efforts resulted in a topical report transmitted from EFCOG to DOE/NNSA in August 2006. Elements of the report included: Drivers and Endstate, Control Selections Alternative Analysis Process, Terminology Crosswalk, Safety Basis/Security Documentation Integration, Configuration Control, and development of a shared ''tool box'' of information/successes. Specific Benefits. The expectation or end state resulting from the topical report and associated

7 CFR 1942.114 - Security.

Science.gov (United States)

2010-01-01

... 7 Agriculture 13 2010-01-01 2009-01-01 true Security. 1942.114 Section 1942.114 Agriculture... Security. Specific requirements for security for each loan will be included in the letter of conditions. Loans must be secured by the best security position practicable, in a manner which will adequately...

Cyber Security for Smart Grid, Cryptography, and Privacy

Directory of Open Access Journals (Sweden)

Swapna Iyer

2011-01-01

Full Text Available The invention of “smart grid” promises to improve the efficiency and reliability of the power system. As smart grid is turning out to be one of the most promising technologies, its security concerns are becoming more crucial. The grid is susceptible to different types of attacks. This paper will focus on these threats and risks especially relating to cyber security. Cyber security is a vital topic, since the smart grid uses high level of computation like the IT. We will also see cryptography and key management techniques that are required to overcome these attacks. Privacy of consumers is another important security concern that this paper will deal with.

Using the safety/security interface to the security manager's advantage

International Nuclear Information System (INIS)

Stapleton, B.W.

1993-01-01

Two aspects of the safety/security interface are discussed: (1) the personal safety of nuclear security officers; and (2) how the security manager can effectively deal with the safety/security interface in solving today's requirements yet supporting the overall mission of the facility. The basis of this presentation is the result of interviews, document analyses, and observations. The conclusion is that proper planning and communication between the players involved in the security/safety interface can benefit the two programs and help achieve overall system integration, ultimately contributing to the bottom line. This is especially important in today's cost conscious environment

Microsoft Security Bible A Collection of Practical Security Techniques

CERN Document Server

Mullen, Timothy "Thor"

2011-01-01

Thor's Microsoft® Security Bible provides a "one-stop-shop" for Microsoft-related security techniques and procedures as applied to the typical deployment of a Microsoft-based infrastructure. The book contains detailed security concepts and methodologies described at every level: Server, Client, Organizational Structure, Platform-specific security options, application specific security (IIS, SQL, Active Directory, etc.) and also includes new, never-before-published security tools complete with source code. Detailed technical information on security processes for all major Microsoft applications

Learning Puppet security

CERN Document Server

Slagle, Jason

2015-01-01

If you are a security professional whose workload is increasing, or a Puppet professional looking to increase your knowledge of security, or even an experienced systems administrator, then this book is for you. This book will take you to the next level of security automation using Puppet. The book requires no prior knowledge of Puppet to get started.

High-Performance Secure Database Access Technologies for HEP Grids

Energy Technology Data Exchange (ETDEWEB)

Matthew Vranicar; John Weicher

2006-04-17

The Large Hadron Collider (LHC) at the CERN Laboratory will become the largest scientific instrument in the world when it starts operations in 2007. Large Scale Analysis Computer Systems (computational grids) are required to extract rare signals of new physics from petabytes of LHC detector data. In addition to file-based event data, LHC data processing applications require access to large amounts of data in relational databases: detector conditions, calibrations, etc. U.S. high energy physicists demand efficient performance of grid computing applications in LHC physics research where world-wide remote participation is vital to their success. To empower physicists with data-intensive analysis capabilities a whole hyperinfrastructure of distributed databases cross-cuts a multi-tier hierarchy of computational grids. The crosscutting allows separation of concerns across both the global environment of a federation of computational grids and the local environment of a physicist’s computer used for analysis. Very few efforts are on-going in the area of database and grid integration research. Most of these are outside of the U.S. and rely on traditional approaches to secure database access via an extraneous security layer separate from the database system core, preventing efficient data transfers. Our findings are shared by the Database Access and Integration Services Working Group of the Global Grid Forum, who states that "Research and development activities relating to the Grid have generally focused on applications where data is stored in files. However, in many scientific and commercial domains, database management systems have a central role in data storage, access, organization, authorization, etc, for numerous applications.” There is a clear opportunity for a technological breakthrough, requiring innovative steps to provide high-performance secure database access technologies for grid computing. We believe that an innovative database architecture where the

High-Performance Secure Database Access Technologies for HEP Grids

International Nuclear Information System (INIS)

Vranicar, Matthew; Weicher, John

2006-01-01

The Large Hadron Collider (LHC) at the CERN Laboratory will become the largest scientific instrument in the world when it starts operations in 2007. Large Scale Analysis Computer Systems (computational grids) are required to extract rare signals of new physics from petabytes of LHC detector data. In addition to file-based event data, LHC data processing applications require access to large amounts of data in relational databases: detector conditions, calibrations, etc. U.S. high energy physicists demand efficient performance of grid computing applications in LHC physics research where world-wide remote participation is vital to their success. To empower physicists with data-intensive analysis capabilities a whole hyperinfrastructure of distributed databases cross-cuts a multi-tier hierarchy of computational grids. The crosscutting allows separation of concerns across both the global environment of a federation of computational grids and the local environment of a physicist's computer used for analysis. Very few efforts are on-going in the area of database and grid integration research. Most of these are outside of the U.S. and rely on traditional approaches to secure database access via an extraneous security layer separate from the database system core, preventing efficient data transfers. Our findings are shared by the Database Access and Integration Services Working Group of the Global Grid Forum, who states that 'Research and development activities relating to the Grid have generally focused on applications where data is stored in files. However, in many scientific and commercial domains, database management systems have a central role in data storage, access, organization, authorization, etc, for numerous applications'. There is a clear opportunity for a technological breakthrough, requiring innovative steps to provide high-performance secure database access technologies for grid computing. We believe that an innovative database architecture where the secure

Personal computer security: part 1. Firewalls, antivirus software, and Internet security suites.

Science.gov (United States)

Caruso, Ronald D

2003-01-01

Personal computer (PC) security in the era of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) involves two interrelated elements: safeguarding the basic computer system itself and protecting the information it contains and transmits, including personal files. HIPAA regulations have toughened the requirements for securing patient information, requiring every radiologist with such data to take further precautions. Security starts with physically securing the computer. Account passwords and a password-protected screen saver should also be set up. A modern antivirus program can easily be installed and configured. File scanning and updating of virus definitions are simple processes that can largely be automated and should be performed at least weekly. A software firewall is also essential for protection from outside intrusion, and an inexpensive hardware firewall can provide yet another layer of protection. An Internet security suite yields additional safety. Regular updating of the security features of installed programs is important. Obtaining a moderate degree of PC safety and security is somewhat inconvenient but is necessary and well worth the effort. Copyright RSNA, 2003

An Attack Model Development Process for the Cyber Security of Safety Related Nuclear Digital I and C Systems

Energy Technology Data Exchange (ETDEWEB)

Khand, Parvaiz Ahmed; Seong, Poong Hyun [Korea Advanced Institute of Science and Technology, Daejeon (Korea, Republic of)

2007-10-15

as a root node and different ways to achieve that attack as leaf nodes. The structure, syntax and semantics of attack trees can be seen in. In attack trees, the leaf nodes can take many kinds of values to evaluate different aspects of system security. For example, the possible/impossible value can be assigned to enumerate all sets of possible attacks that achieve the attack goal, probability values to evaluate the probability that the attack goal can be achieved, cost value to evaluate the minimum cost needed to reach attack goal, and the special equipment value to obtain the most probable attack sets with no special equipment required. Although it is possible to implement security controls almost any type of attack, it is not practical to protect everything. Attack trees also provide a systematic way to model security controls and plant specific procedures as a safeguard against attacks, and check their effectiveness. In this paper, we will present a process for developing an attack model for the cyber security of safety related nuclear digital I and C systems using attack trees.

An Attack Model Development Process for the Cyber Security of Safety Related Nuclear Digital I and C Systems

International Nuclear Information System (INIS)

Khand, Parvaiz Ahmed; Seong, Poong Hyun

2007-01-01

root node and different ways to achieve that attack as leaf nodes. The structure, syntax and semantics of attack trees can be seen in. In attack trees, the leaf nodes can take many kinds of values to evaluate different aspects of system security. For example, the possible/impossible value can be assigned to enumerate all sets of possible attacks that achieve the attack goal, probability values to evaluate the probability that the attack goal can be achieved, cost value to evaluate the minimum cost needed to reach attack goal, and the special equipment value to obtain the most probable attack sets with no special equipment required. Although it is possible to implement security controls almost any type of attack, it is not practical to protect everything. Attack trees also provide a systematic way to model security controls and plant specific procedures as a safeguard against attacks, and check their effectiveness. In this paper, we will present a process for developing an attack model for the cyber security of safety related nuclear digital I and C systems using attack trees

Data Security in Smart Cities: Challenges and Solutions

Directory of Open Access Journals (Sweden)

Daniela POPESCUL

2016-01-01

Full Text Available The purpose of this paper is to provide an extensive overview of security-related problems in the context of smart cities, seen as huge data consumers and producers. Trends as hyper connectivity, messy complexity, loss of boundary and industrialized hacking transform smart cities in complex environments in which the already-existing security analysis are not useful anymore. Specific data-security requirements and solutions are approached in a four-layer framework, with elements considered to be critical to the operation of a smart city: smart things, smart spaces, smart systems and smart citizens. As urban management should pay close attention to security and privacy protection, network protocols, identity management, standardization, trusted architecture etc., the paper will serve them as a start point for better decisions in security design and management.

Risk and business goal based security requirement and countermeasure prioritization

NARCIS (Netherlands)

Herrmann, A.; Morali, A.; Etalle, S.; Wieringa, R.J.; Niedrite, L.; Strazdina, R.; Wangler, B.

2012-01-01

Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement "good-enough security" but need to be able to justify their security investment plans. Currently companies achieve this by means of

Detecting conflicts between functional and security requirements with Secure Tropos: John Rusnak and the Allied Irish Bank (Chapter 9)

NARCIS (Netherlands)

Massacci, F.; Zannone, N.; Giorgini, P.; Maiden, N.; Mylopoulos, J.; Yu, E.

2011-01-01

The last years have seen a growing concern on the security of information systems and, consequently, a call to arms for including security aspects during the entire development process. Unfortunately, most proposals treat security in system-oriented terms and model information systems through the

Nuclear non-proliferation and security culture within EDF nuclear fleet

International Nuclear Information System (INIS)

Debes, M.

2013-01-01

This document describes the nuclear non-proliferation strategy and the safety culture of EDF. The author lists all the mandatory rules and regulations at international and national levels EDF has to comply with. All these requirements are applied in EDF nuclear facilities through adequate procedures that assure a nuclear material accountancy, a follow-up of any item containing nuclear material in the facility, and internal controls. External independent controls are also performed. The EDF security policy goal is to protect human, material and knowledge assets, and to preserve operational capacity, competitiveness and public confidence, within national regulatory framework and regulation on 'vital importance facilities'. The treatment of events or incident (detection, analysis, lessons drawn, experience feedback) is a tool to progress, along with reporting, internal control process and audits. The security requirements cover the different related domains important to EDF industrial assets: security of employees against assaults; security of data according to their sensibility level; security of the information system and telecom; awareness and training of employees; relations with external suppliers or contractors; business premises; security of staff and projects abroad. For industrial facilities and grids (facilities of 'vital importance'...), the defense in depth principles are applied against the different threat scenarios. Security measures are studied at the design stage in a consistent way with nuclear safety measures, while taking into account the protective means deployed by public authorities. These risk analysis are periodically reassessed. The paper is followed by the slides of the presentation. (A.C.)

Computer-Aided Sensor Development Focused on Security Issues.

Science.gov (United States)

Bialas, Andrzej

2016-05-26

The paper examines intelligent sensor and sensor system development according to the Common Criteria methodology, which is the basic security assurance methodology for IT products and systems. The paper presents how the development process can be supported by software tools, design patterns and knowledge engineering. The automation of this process brings cost-, quality-, and time-related advantages, because the most difficult and most laborious activities are software-supported and the design reusability is growing. The paper includes a short introduction to the Common Criteria methodology and its sensor-related applications. In the experimental section the computer-supported and patterns-based IT security development process is presented using the example of an intelligent methane detection sensor. This process is supported by an ontology-based tool for security modeling and analyses. The verified and justified models are transferred straight to the security target specification representing security requirements for the IT product. The novelty of the paper is to provide a patterns-based and computer-aided methodology for the sensors development with a view to achieving their IT security assurance. The paper summarizes the validation experiment focused on this methodology adapted for the sensors system development, and presents directions of future research.

Tentative job analysis for a high-level, fixed-site, nuclear security officer

International Nuclear Information System (INIS)

Adams, K.G.; Trujillo, A.A.

1977-10-01

A tentative job analysis for a high-level, fixed-site, nuclear security officer is presented. The primary objective of the report is to provide a framework for evaluating the functions of a security officer in physical protection systems. Several job requirements related to duties, basic skills, personal contacts, supervision, working conditions, and decision making are presented. Individual character traits desirable in security officers are described

The study and implementation of the wireless network data security model

Science.gov (United States)

Lin, Haifeng

2013-03-01

In recent years, the rapid development of Internet technology and the advent of information age, people are increasing the strong demand for the information products and the market for information technology. Particularly, the network security requirements have become more sophisticated. This paper analyzes the wireless network in the data security vulnerabilities. And a list of wireless networks in the framework is the serious defects with the related problems. It has proposed the virtual private network technology and wireless network security defense structure; and it also given the wireless networks and related network intrusion detection model for the detection strategies.

Security negotiation

OpenAIRE

Mitrović, Miroslav M.; Ivaniš, Željko

2013-01-01

Contemporary security challenges, risks and threats represent a resultant of the achieved level of interaction between various entities within the paradigm of global security relations. Asymmetry and nonlinearity are main features of contemporary challenges in the field of global security. Negotiation in the area of security, namely the security negotiation, thus goes beyond just the domain of negotiation in conflicts and takes into consideration particularly asymmetric forms of possible sour...

17 CFR 240.3a44-1 - Proprietary government securities transactions incidental to the futures-related business of a...

Science.gov (United States)

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Proprietary government securities transactions incidental to the futures-related business of a CFTC-regulated person. 240.3a44-1 Section 240.3a44-1 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED...

Information security management with ITIL V3

CERN Document Server

Cazemier, Jacques A; Peters, Louk

2010-01-01

This groundbreaking new title looks at Information Security from defining what security measures positively support the business, to implementation to maintaining the required level and anticipating required changes. It covers:Fundamentals of information security ? providing readers insight and give background about what is going to be managed. Topics covered include: types of security controls, business benefits and the perspectives of business, customers, partners, service providers, and auditors.Fundamentals of management of information security - explains what information security manageme

49 CFR 659.25 - Annual review of system safety program plan and system security plan.

Science.gov (United States)

2010-10-01

... system security plan. 659.25 Section 659.25 Transportation Other Regulations Relating to Transportation... and system security plan. (a) The oversight agency shall require the rail transit agency to conduct an annual review of its system safety program plan and system security plan. (b) In the event the rail...

Nuclear security. Improving correction of security deficiencies at DOE's weapons facilities

International Nuclear Information System (INIS)

Wells, James E.; Cannon, Doris E.; Fenzel, William F.; Lightner, Kenneth E. Jr.; Curtis, Lois J.; DuBois, Julia A.; Brown, Gail W.; Trujillo, Charles S.; Tumler, Pamela K.

1992-11-01

The US nuclear weapons research, development, and production are conducted at 10 DOE nuclear weapons facilities by contractors under the guidance and oversight of 9 DOE field offices. Because these facilities house special nuclear materials used in making nuclear weapons and nuclear weapons components, DOE administers a security program to protect (1) against theft, sabotage, espionage, terrorism, or other risks to national security and (2) the safety and health of DOE employees and the public. DOE spends almost $1 billion a year on this security program. DOE administers the security program through periodic inspections that evaluate and monitor the effectiveness of facilities' safeguards and security. Security inspections identify deficiencies, instances of noncompliance with safeguards and security requirements or poor performance of the systems being evaluated, that must be corrected to maintain adequate security. The contractors and DOE share responsibility for correcting deficiencies. Contractors, in correcting deficiencies, must comply with several DOE orders. The contractors' performances were not adequate in conducting four of the eight procedures considered necessary in meeting DOE's deficiency correction requirements. For 19 of the 20 deficiency cases we reviewed, contractors could not demonstrate that they had conducted three critical deficiency analyses (root cause, risk assessment, and cost-benefit) required by DOE. Additionally, the contractors did not always adequately verify that corrective actions taken were appropriate, effective, and complete. The contractors performed the remaining four procedures (reviewing deficiencies for duplication, entering deficiencies into a data base, tracking the status of deficiencies, and preparing and implementing a corrective action plan) adequately in all 20 cases. DOE's oversight of the corrective action process could be improved in three areas. The computerized systems used to track the status of security

Improving industrial process control systems security

CERN Document Server

Epting, U; CERN. Geneva. TS Department

2004-01-01

System providers are today creating process control systems based on remote connectivity using internet technology, effectively exposing these systems to the same threats as corporate computers. It is becoming increasingly difficult and costly to patch/maintain the technical infrastructure monitoring and control systems to remove these vulnerabilities. A strategy including risk assessment, security policy issues, service level agreements between the IT department and the controls engineering groups must be defined. In addition an increased awareness of IT security in the controls system engineering domain is needed. As consequence of these new factors the control system architectures have to take into account security requirements, that often have an impact on both operational aspects as well as on the project and maintenance cost. Manufacturers of industrial control system equipment do however also propose progressively security related solutions that can be used for our active projects. The paper discusses ...

Task-related Interactions between Kindergarten Children and their Teachers: The Role of Emotional Security

OpenAIRE

Thijs, Jochem T.; Koomen, Helma M.Y.

2008-01-01

This study examined the emotional security of kindergarten children in dyadic task-related interactions with their teachers. In particular, it examined the interrelations between security, task behaviours (persistence and independence), social inhibition, and teachers’ support. Participants were 79 kindergartners (mean age = 69.7 months) and their 40 regular teachers. Children were selected to approach a normal distribution of social inhibition. Children and teachers were filmed during a dyad...

Elements of ESA's policy on space and security

Science.gov (United States)

Giannopapa, Christina; Adriaensen, Maarten; Antoni, Ntorina; Schrogl, Kai-Uwe

2018-06-01

In the past decade Europe has been facing rising security threats, ranging from climate change, migrations, nearby conflicts and crises, to terrorism. The demand to tackle these critical challenges is increasing in Member States. Space is already contributing, and could further contribute with already existing systems and future ones. The increasing need for security in Europe and for safety and security of Europe's space activities has led to a growing number of activities in ESA in various domains. It has also driven new and strengthened partnerships with security stakeholders in Europe. At the European level, ESA is collaborating closely with the main European institutions dealing with space security. In addition, as an organisation ESA has evolved to conduct security-related projects and programmes and to address the threats to its own activities, thereby securing the investments of the Member States. Over the past years the Agency has set up a comprehensive regulatory framework in order to be able to cope with security related requirements. Over the past years, ESA has increased its exchanges with its Member States. The paper presents main elements of the ESA's policy on space and security. It introduces the current European context for space and security, the European goals in this domain and the specific objectives to which the Agency intends to contribute. Space and security in the ESA context is set out under two components: a) security from space and b) security in space, including the security of ESA's own activities (corporate security and the security of ESA's space missions). Subsequently, ESA's activities are elaborated around these two pillars, composed of different activities conducted in the most appropriate frameworks and in coordination with the relevant stakeholders and shareholders.

Security for 5G Mobile Wireless Networks

OpenAIRE

Fang, Dongfeng; Qian, Yi; Qingyang Hu, Rose

2017-01-01

The advanced features of 5G mobile wireless network systems yield new security requirements and challenges. This paper presents a comprehensive survey on security of 5G wireless network systems compared to the traditional cellular networks. The paper starts with a review on 5G wireless networks particularities as well as on the new requirements and motivations of 5G wireless security. The potential attacks and security services with the consideration of new service requirements and new use ca...

Security Analysis in the Migration to Cloud Environments

Directory of Open Access Journals (Sweden)

Eduardo Fernández-Medina

2012-05-01

Full Text Available Cloud computing is a new paradigm that combines several computing concepts and technologies of the Internet creating a platform for more agile and cost-effective business applications and IT infrastructure. The adoption of Cloud computing has been increasing for some time and the maturity of the market is steadily growing. Security is the question most consistently raised as consumers look to move their data and applications to the cloud. We justify the importance and motivation of security in the migration of legacy systems and we carry out an analysis of different approaches related to security in migration processes to cloud with the aim of finding the needs, concerns, requirements, aspects, opportunities and benefits of security in the migration process of legacy systems.

Relaxing Chosen-Ciphertext Security

DEFF Research Database (Denmark)

Canetti, Ran; Krawczyk, Hugo; Nielsen, Jesper Buus

2003-01-01

Security against adaptive chosen ciphertext attacks (or, CCA security) has been accepted as the standard requirement from encryption schemes that need to withstand active attacks. In particular, it is regarded as the appropriate security notion for encryption schemes used as components within...... general protocols and applications. Indeed, CCA security was shown to suffice in a large variety of contexts. However, CCA security often appears to be somewhat too strong: there exist encryption schemes (some of which come up naturally in practice) that are not CCA secure, but seem sufficiently secure...... “for most practical purposes.” We propose a relaxed variant of CCA security, called Replayable CCA (RCCA) security. RCCA security accepts as secure the non-CCA (yet arguably secure) schemes mentioned above; furthermore, it suffices for most existing applications of CCA security. We provide three...

76 FR 46603 - Security Ratings

Science.gov (United States)

2011-08-03

... settled derivative securities). See Simplification of Registration of Reporting Requirements for Foreign... SECURITIES AND EXCHANGE COMMISSION 17 CFR Parts 200, 229, 230, 232, 239, 240, and 249 [Release No. 33-9245; 34-64975; File No. S7-18-08] RIN 3235-AK18 Security Ratings AGENCY: Securities and Exchange...

Social Security.

Science.gov (United States)

Social and Labour Bulletin, 1983

1983-01-01

This group of articles discusses a variety of studies related to social security and retirement benefits. These studies are related to both developing and developed nations and are also concerned with studying work conditions and government role in administering a democratic social security system. (SSH)

Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production.

Science.gov (United States)

Coles, Graeme D; Wratten, Stephen D; Porter, John R

2016-01-01

Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively, requirements for high-quality protein are met more efficiently by animal production from such land. We present a model that can be used to assess dietary energy and quality-corrected protein production from various crop and crop/animal production systems, and demonstrate its utility. We extend our analysis with an accompanying economic analysis of commercially-available, pre-prepared or simply-cooked foods that can be produced from our case-study crop and animal products. We calculate the per-person, per-day cost of both quality-corrected protein and dietary energy as provided in the processed foods. We conclude that mixed dairy/cropping systems provide the greatest quantity of high-quality protein per unit price to the consumer, have the highest food energy production and can support the dietary requirements of the highest number of people, when assessed as all-year-round production systems. Global food and nutritional security will largely be an outcome of national or regional agroeconomies addressing their own food needs. We hope that our model will be used for similar analyses of food production systems in other countries, agroecological zones and economies.

Layered Location-Based Security Mechanism for Mobile Sensor Networks: Moving Security Areas

Directory of Open Access Journals (Sweden)

Ze Wang

2015-09-01

Full Text Available Network security is one of the most important issues in mobile sensor networks (MSNs. Networks are particularly vulnerable in hostile environments because of many factors, such as uncertain mobility, limitations on computation, and the need for storage in mobile nodes. Though some location-based security mechanisms can resist some malicious attacks, they are only suitable for static networks and may sometimes require large amounts of storage. To solve these problems, using location information, which is one of the most important properties in outdoor wireless networks, a security mechanism called a moving security area (MSA is proposed to resist malicious attacks by using mobile nodes’ dynamic location-based keys. The security mechanism is layered by performing different detection schemes inside or outside the MSA. The location-based private keys will be updated only at the appropriate moments, considering the balance of cost and security performance. By transferring parts of the detection tasks from ordinary nodes to the sink node, the memory requirements are distributed to different entities to save limited energy.

Layered Location-Based Security Mechanism for Mobile Sensor Networks: Moving Security Areas.

Science.gov (United States)

Wang, Ze; Zhang, Haijuan; Wu, Luqiang; Zhou, Chang

2015-09-25

Network security is one of the most important issues in mobile sensor networks (MSNs). Networks are particularly vulnerable in hostile environments because of many factors, such as uncertain mobility, limitations on computation, and the need for storage in mobile nodes. Though some location-based security mechanisms can resist some malicious attacks, they are only suitable for static networks and may sometimes require large amounts of storage. To solve these problems, using location information, which is one of the most important properties in outdoor wireless networks, a security mechanism called a moving security area (MSA) is proposed to resist malicious attacks by using mobile nodes' dynamic location-based keys. The security mechanism is layered by performing different detection schemes inside or outside the MSA. The location-based private keys will be updated only at the appropriate moments, considering the balance of cost and security performance. By transferring parts of the detection tasks from ordinary nodes to the sink node, the memory requirements are distributed to different entities to save limited energy.

SecurID

CERN Multimedia

Now called RSA SecurID, SecurID is a mechanism developed by Security Dynamics that allows two-factor authentication for a user on a network resource. It works on the principle of the unique password mode, based on a shared secret. Every sixty seconds, the component generates a new six-digit token on the screen. The latter comes from the current time (internal clock) and the seed (SecurID private key that is available on the component, and is also from the SecurID server). During an authentication request, the SecurID server will check the entered token by performing exactly the same calculation as that performed by your component. The server knows the two information required for this calculation: the current time and the seed of your component. Access is allowed if the token calculated by the server matches the token you specified.

Development of international guidelines for RAM shipment security

Energy Technology Data Exchange (ETDEWEB)

Luna, R.E.

2004-07-01

In October of 2003 a weeklong IAEA Technical Meeting developed a set of guidelines for providing security to consignments of radioactive materials in transport. These guidelines will be published shortly in an IAEA TECDOC. The guidelines produced reflect consideration of many influences and concerns that currently revolve around the potential for terrorist use of radioactive material for malevolent ends. The influences discussed here include: public perception of hazard and concern that new requirements will further limit global shipping capability, international efforts to control sealed sources, national efforts to increment protection on selected materials, the basis for exemption of materials, concern for cost impacts of overly broad requirements, questions on how to adjust requirements for a national threat assessment, and issues relating to consistency within the international community on security needs.

Development of international guidelines for RAM shipment security

International Nuclear Information System (INIS)

Luna, R.E.

2004-01-01

In October of 2003 a weeklong IAEA Technical Meeting developed a set of guidelines for providing security to consignments of radioactive materials in transport. These guidelines will be published shortly in an IAEA TECDOC. The guidelines produced reflect consideration of many influences and concerns that currently revolve around the potential for terrorist use of radioactive material for malevolent ends. The influences discussed here include: public perception of hazard and concern that new requirements will further limit global shipping capability, international efforts to control sealed sources, national efforts to increment protection on selected materials, the basis for exemption of materials, concern for cost impacts of overly broad requirements, questions on how to adjust requirements for a national threat assessment, and issues relating to consistency within the international community on security needs

Securities and Exchange Commission Semiannual Regulatory Agenda

Science.gov (United States)

2010-12-20

... Flexibility Analysis Required: Yes Agency Contact: Alicia Goldin, Division of Trading and Markets, Securities...: Alicia Goldin, Division of Trading and Markets, Securities and Exchange Commission, 100 F Street NE... Flexibility Analysis Required: Yes Agency Contact: Alicia Goldin, Division of Trading and Markets, Securities...

7 CFR 1780.14 - Security.

Science.gov (United States)

2010-01-01

... 7 Agriculture 12 2010-01-01 2010-01-01 false Security. 1780.14 Section 1780.14 Agriculture... (CONTINUED) WATER AND WASTE LOANS AND GRANTS General Policies and Requirements § 1780.14 Security. Loans will be secured by the best security position practicable in a manner which will adequately protect the...

Securing collaborative environments

Energy Technology Data Exchange (ETDEWEB)

Agarwal, Deborah [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States); Jackson, Keith [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States); Thompson, Mary [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States)

2002-05-16

The diverse set of organizations and software components involved in a typical collaboratory make providing a seamless security solution difficult. In addition, the users need support for a broad range of frequency and locations for access to the collaboratory. A collaboratory security solution needs to be robust enough to ensure that valid participants are not denied access because of its failure. There are many tools that can be applied to the task of securing collaborative environments and these include public key infrastructure, secure sockets layer, Kerberos, virtual and real private networks, grid security infrastructure, and username/password. A combination of these mechanisms can provide effective secure collaboration capabilities. In this paper, we discuss the requirements of typical collaboratories and some proposals for applying various security mechanisms to collaborative environments.

Security Inequalities in North America: Reassessing Regional Security Complex Theory

Directory of Open Access Journals (Sweden)

Richard Kilroy

2017-12-01

Full Text Available This article re-evaluates earlier work done by the authors on Regional Security Complex Theory (RSCT in North America, using sectoral analysis initially developed by Buzan and Waever, but also adding the variables of institutions, identity, and interests. These variables are assessed qualitatively in the contemporary context on how they currently impress upon the process of securitization within sectoral relations between Canada, Mexico, and the United States. The article reviews the movement from bilateral security relations between these states to the development of a trilateral response to regional security challenges post- 9/11. It further addresses the present period and what appears to be a security process derailed by recent political changes and security inequalities, heightened by the election of Donald Trump in 2016. The article argues that while these three states initially evinced a convergence of regional security interests after 9/11, which did create new institutional responses, under the current conditions, divergence in political interests and security inequalities have reduced the explanatory power of RSCT in North America. Relations between states in North American are becoming less characterized by the role of institutions and interests and more by identity politics in the region.

Forecasting of Information Security Related Incidents: Amount of Spam Messages as a Case Study

Science.gov (United States)

Romanov, Anton; Okamoto, Eiji

With the increasing demand for services provided by communication networks, quality and reliability of such services as well as confidentiality of data transfer are becoming ones of the highest concerns. At the same time, because of growing hacker's activities, quality of provided content and reliability of its continuous delivery strongly depend on integrity of data transmission and availability of communication infrastructure, thus on information security of a given IT landscape. But, the amount of resources allocated to provide information security (like security staff, technical countermeasures and etc.) must be reasonable from the economic point of view. This fact, in turn, leads to the need to employ a forecasting technique in order to make planning of IT budget and short-term planning of potential bottlenecks. In this paper we present an approach to make such a forecasting for a wide class of information security related incidents (ISRI) — unambiguously detectable ISRI. This approach is based on different auto regression models which are widely used in financial time series analysis but can not be directly applied to ISRI time series due to specifics related to information security. We investigate and address this specifics by proposing rules (special conditions) of collection and storage of ISRI time series, adherence to which improves forecasting in this subject field. We present an application of our approach to one type of unambiguously detectable ISRI — amount of spam messages which, if not mitigated properly, could create additional load on communication infrastructure and consume significant amounts of network capacity. Finally we evaluate our approach by simulation and actual measurement.

Database and applications security integrating information security and data management

CERN Document Server

Thuraisingham, Bhavani

2005-01-01

This is the first book to provide an in-depth coverage of all the developments, issues and challenges in secure databases and applications. It provides directions for data and application security, including securing emerging applications such as bioinformatics, stream information processing and peer-to-peer computing. Divided into eight sections, each of which focuses on a key concept of secure databases and applications, this book deals with all aspects of technology, including secure relational databases, inference problems, secure object databases, secure distributed databases and emerging

Strategic planning and security analysis

International Nuclear Information System (INIS)

DePasquale, S.

1991-01-01

Nuclear security master planning is a deliberative process, founded on the premise that the broad scope of security must be analyzed before any meaningful determinations may be reached on an individual security aspect. This paper examines the analytical process required in developing a Security Master Plan. It defines a four stage process concluding with the selection of security measures encompassing physical security, policy and procedure considerations and guard force deployment. The final product orchestrates each security measure in a complementary and supportive configuration

Policy Paper 39: Power and Prosperity: Linkages Between Security and Economics in U.S-Japanese Relations Since 1960

OpenAIRE

Wampler, Robert A.

1998-01-01

How do Japan and the United States fit into each other’s grand strategies? A grand strategy is one that relates means and ends, resources and objectives, economics and national security. The National Security Archive’s Project on U.S.–Japanese Relations Since 1960 is probing these issues through a major program of research and study into policymaking by both governments across a wide spectrum of diplomatic, security, and economic issues. This project has brought together scholars and of...

User Modelling Validation over the Security Awareness of Digital Natives

Directory of Open Access Journals (Sweden)

Vasileios Gkioulos

2017-07-01

Full Text Available Young generations make extensive use of mobile devices, such as smart-phones, tablets and laptops, for a variety of daily tasks with potentially critical impact, while the number of security breaches via portable devices increases exponentially. A plethora of security risks associated with these devices are induced by design shortcomings and vulnerabilities related to user behavior. Therefore, deploying suitable risk treatments requires the investigation of how security experts perceive the digital natives (young people, born in the digital era, when utilizing their user behavior models in the design and analysis of related systems. In this article, we present the results of a survey performed across a multinational sample of security professionals, in comparison to our earlier study over the security awareness of digital natives. Through this study, we seek to identify divergences between user behavior and the conceptual user-models that security experts utilise in their professional tasks. Our results indicate that the experts understanding over the user behaviour does not follow a solidified user-model, while influences from personal perceptions and randomness are also noticeable.

9 CFR 121.11 - Security.

Science.gov (United States)

2010-01-01

... 9 Animals and Animal Products 1 2010-01-01 2010-01-01 false Security. 121.11 Section 121.11... AGENTS AND TOXINS § 121.11 Security. (a) An individual or entity required to register under this part must develop and implement a written security plan. The security plan must be sufficient to safeguard...

Junos Security

CERN Document Server

Cameron, Rob; Giecco, Patricio; Eberhard, Timothy; Quinn, James

2010-01-01

Junos® Security is the complete and authorized introduction to the new Juniper Networks SRX hardware series. This book not only provides a practical, hands-on field guide to deploying, configuring, and operating SRX, it also serves as a reference to help you prepare for any of the Junos Security Certification examinations offered by Juniper Networks. Network administrators and security professionals will learn how to use SRX Junos services gateways to address an array of enterprise data network requirements -- including IP routing, intrusion detection, attack mitigation, unified threat manag

Computer-Aided Sensor Development Focused on Security Issues

Directory of Open Access Journals (Sweden)

Andrzej Bialas

2016-05-01

Full Text Available The paper examines intelligent sensor and sensor system development according to the Common Criteria methodology, which is the basic security assurance methodology for IT products and systems. The paper presents how the development process can be supported by software tools, design patterns and knowledge engineering. The automation of this process brings cost-, quality-, and time-related advantages, because the most difficult and most laborious activities are software-supported and the design reusability is growing. The paper includes a short introduction to the Common Criteria methodology and its sensor-related applications. In the experimental section the computer-supported and patterns-based IT security development process is presented using the example of an intelligent methane detection sensor. This process is supported by an ontology-based tool for security modeling and analyses. The verified and justified models are transferred straight to the security target specification representing security requirements for the IT product. The novelty of the paper is to provide a patterns-based and computer-aided methodology for the sensors development with a view to achieving their IT security assurance. The paper summarizes the validation experiment focused on this methodology adapted for the sensors system development, and presents directions of future research.

Cyber Security Risk Assessment for the KNICS Safety Systems

International Nuclear Information System (INIS)

Lee, C. K.; Park, G. Y.; Lee, Y. J.; Choi, J. G.; Kim, D. H.; Lee, D. Y.; Kwon, K. C.

2008-01-01

In the Korea Nuclear I and C Systems Development (KNICS) project the platforms for plant protection systems are developed, which function as a reactor shutdown, actuation of engineered safety features and a control of the related equipment. Those are fully digitalized through the use of safety-grade programmable logic controllers (PLCs) and communication networks. In 2006 the Regulatory Guide 1.152 (Rev. 02) was published by the U.S. NRC and it describes the application of a cyber security to the safety systems in the Nuclear Power Plant (NPP). Therefore it is required that the new requirements are incorporated into the developed platforms to apply to NPP, and a cyber security risk assessment is performed. The results of the assessment were input for establishing the cyber security policies and planning the work breakdown to incorporate them

A security analysis of the 802.11s wireless mesh network routing protocol and its secure routing protocols.

Science.gov (United States)

Tan, Whye Kit; Lee, Sang-Gon; Lam, Jun Huy; Yoo, Seong-Moo

2013-09-02

Wireless mesh networks (WMNs) can act as a scalable backbone by connecting separate sensor networks and even by connecting WMNs to a wired network. The Hybrid Wireless Mesh Protocol (HWMP) is the default routing protocol for the 802.11s WMN. The routing protocol is one of the most important parts of the network, and it requires protection, especially in the wireless environment. The existing security protocols, such as the Broadcast Integrity Protocol (BIP), Counter with cipher block chaining message authentication code protocol (CCMP), Secure Hybrid Wireless Mesh Protocol (SHWMP), Identity Based Cryptography HWMP (IBC-HWMP), Elliptic Curve Digital Signature Algorithm HWMP (ECDSA-HWMP), and Watchdog-HWMP aim to protect the HWMP frames. In this paper, we have analyzed the vulnerabilities of the HWMP and developed security requirements to protect these identified vulnerabilities. We applied the security requirements to analyze the existing secure schemes for HWMP. The results of our analysis indicate that none of these protocols is able to satisfy all of the security requirements. We also present a quantitative complexity comparison among the protocols and an example of a security scheme for HWMP to demonstrate how the result of our research can be utilized. Our research results thus provide a tool for designing secure schemes for the HWMP.

42 CFR 73.11 - Security.

Science.gov (United States)

2010-10-01

... 42 Public Health 1 2010-10-01 2010-10-01 false Security. 73.11 Section 73.11 Public Health PUBLIC... AND TOXINS § 73.11 Security. (a) An individual or entity required to register under this part must develop and implement a written security plan. The security plan must be sufficient to safeguard the...

Modified Small Business Network Security

OpenAIRE

Md. Belayet Ali; Oveget Das; Md. Shamim Hossain

2012-01-01

This paper covers some likely threats and effectivesteps for a secure small business. It also involves a flowchart tocomprehend the overall small business network security easilyand we identify a set of security issues and applyappropriate techniques to satisfy the correspondingsecurity requirements. In respect of all, this document isstrong enough for any small business network security.

Safety and Security Interface Technology Initiative

Energy Technology Data Exchange (ETDEWEB)

Dr. Michael A. Lehto; Kevin J. Carroll; Dr. Robert Lowrie

2007-05-01

Safety and Security Interface Technology Initiative Mr. Kevin J. Carroll Dr. Robert Lowrie, Dr. Micheal Lehto BWXT Y12 NSC Oak Ridge, TN 37831 865-576-2289/865-241-2772 carrollkj@y12.doe.gov Work Objective. Earlier this year, the Energy Facility Contractors Group (EFCOG) was asked to assist in developing options related to acceleration deployment of new security-related technologies to assist meeting design base threat (DBT) needs while also addressing the requirements of 10 CFR 830. NNSA NA-70, one of the working group participants, designated this effort the Safety and Security Interface Technology Initiative (SSIT). Relationship to Workshop Theme. “Supporting Excellence in Operations Through Safety Analysis,” (workshop theme) includes security and safety personnel working together to ensure effective and efficient operations. One of the specific workshop elements listed in the call for papers is “Safeguards/Security Integration with Safety.” This paper speaks directly to this theme. Description of Work. The EFCOG Safety Analysis Working Group (SAWG) and the EFCOG Security Working Group formed a core team to develop an integrated process involving both safety basis and security needs allowing achievement of the DBT objectives while ensuring safety is appropriately considered. This effort garnered significant interest, starting with a two day breakout session of 30 experts at the 2006 Safety Basis Workshop. A core team was formed, and a series of meetings were held to develop that process, including safety and security professionals, both contractor and federal personnel. A pilot exercise held at Idaho National Laboratory (INL) in mid-July 2006 was conducted as a feasibility of concept review. Work Results. The SSIT efforts resulted in a topical report transmitted from EFCOG to DOE/NNSA in August 2006. Elements of the report included: Drivers and Endstate, Control Selections Alternative Analysis Process, Terminology Crosswalk, Safety Basis/Security

Job security or employment security : What's in a name?

NARCIS (Netherlands)

Zekic, Nuna

2016-01-01

The main aim of the article is to survey and conceptualize the place of employment security in labour law, and to explore a number of important legal questions relating to this concept. After scrutinizing the notion of employment security, the author endorses the view that job security that exists

Contemporary security management

CERN Document Server

Fay, John

2010-01-01

Contemporary Security Management, 3rd Edition teaches security professionals how to operate an efficient security department and how to integrate smoothly with other groups inside and outside their own organizations. Fay demonstrates the specifics of security management: * how to organize, plan, develop and manage a security operation. * how to identify vulnerabilities. * how to determine the protective resources required to offset threats. * how to implement all necessary physical and IT security measures. Security professionals share the responsibility for mitigating damage, serving as a resource to an Emergency Tactical Center, assisting the return of business continuity, and liaising with local response agencies such as police and fire departments, emergency medical responders, and emergency warning centers. At the organizational level, the book addresses budgeting, employee performance, counseling, hiring and termination, employee theft and other misconduct, and offers sound advice on building constructi...

Collective Study On Security Threats In MANET

Directory of Open Access Journals (Sweden)

Muhammad Zunnurain Hussain

2017-01-01

Full Text Available In this paper the authors will be discussing the security issues in MANET amp the methods to protect it. Authors will be talk about related work in securing the network different type of attacks how to sense these sorts of attack what are the features of MANET then will be describing what the requirements for securing network are. Investigation had been done in past to maintain the network from attacks but due to the feature of MANET inappropriate infrastructure and due to the disperse network quality it is open to attack. Authors will be tackling the defence against each attack. Solution has been suggested So that the users can use proper authentication techniques and network resources can be properly utilized.

41 CFR 102-72.95 - What are the requirements for obtaining a security delegation of authority from GSA?

Science.gov (United States)

2010-07-01

... the requirements for obtaining a security delegation of authority from GSA? An Executive agency may... PBS. The delegation may be granted where the requesting agency demonstrates a compelling need for the delegated authority and the delegation is not inconsistent with the authorities of any other law enforcement...

Cyber Safety and Security for Reduced Crew Operations (RCO)

Science.gov (United States)

Driscoll, Kevin

2017-01-01

NASA and the Aviation Industry is looking into reduced crew operations (RCO) that would cut today's required two-person flight crews down to a single pilot with support from ground-based crews. Shared responsibility across air and ground personnel will require highly reliable and secure data communication and supporting automation, which will be safety-critical for passenger and cargo aircraft. This paper looks at the different types and degrees of authority delegation given from the air to the ground and the ramifications of each, including the safety and security hazards introduced, the mitigation mechanisms for these hazards, and other demands on an RCO system architecture which would be highly invasive into (almost) all safety-critical avionics. The adjacent fields of unmanned aerial systems and autonomous ground vehicles are viewed to find problems that RCO may face and related aviation accident scenarios are described. The paper explores possible data communication architectures to meet stringent performance and information security (INFOSEC) requirements of RCO. Subsequently, potential challenges for RCO data communication authentication, encryption and non-repudiation are identified. The approach includes a comprehensive safety-hazard analysis of the RCO system to determine top level INFOSEC requirements for RCO and proposes an option for effective RCO implementation. This paper concludes with questioning the economic viability of RCO in light of the expense of overcoming the operational safety and security hazards it would introduce.

Protecting intellectual property in space; Proceedings of the Aerospace Computer Security Conference, McLean, VA, March 20, 1985

Science.gov (United States)

1985-01-01

The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.

7 CFR 1951.866 - Security.

Science.gov (United States)

2010-01-01

... 7 Agriculture 14 2010-01-01 2009-01-01 true Security. 1951.866 Section 1951.866 Agriculture... REGULATIONS (CONTINUED) SERVICING AND COLLECTIONS Rural Development Loan Servicing § 1951.866 Security. (a) Loans from RDLF intermediaries to ultimate recipients. Security requirements for loans from...

14 CFR 460.53 - Security.

Science.gov (United States)

2010-01-01

... 14 Aeronautics and Space 4 2010-01-01 2010-01-01 false Security. 460.53 Section 460.53 Aeronautics and Space COMMERCIAL SPACE TRANSPORTATION, FEDERAL AVIATION ADMINISTRATION, DEPARTMENT OF....53 Security. An operator must implement security requirements to prevent any space flight participant...

Conceptual Framework of Energy Security Assessment in Korea

International Nuclear Information System (INIS)

Moon, Kee Hwan; Chung, Whan Sam; Kim, Seung Su

2016-01-01

Korea's electric power is an essential source of energy, supplying 21.4% of the energy required by the manufacturing industry, 43.4% of that required for commerce, and 59.5% of that required by the public sector in 2014. Korea relies heavily on imports of energy sources because of its lack of natural resources. Its land area is limited, making it difficult to utilize renewable energy. Moreover, it is difficult to trade electricity through grid connections with neighbouring countries. Considering the key role of electric power in Korea and the circumstances of its power generation industry, we must understand the contribution of each fuel used in power plants to energy sustainability. This study derives the conceptual framework to quantify energy security levels for nuclear power generation in Korea and employ them in evaluating the national energy security. And sample calculation of nuclear energy security indicators is performed. The implications drawn from the evaluation are as follows. Nuclear power demonstrates dominance in the dimensions of economy and technology as the related technologies have entered into the stage of maturity. Without constant technological innovation, however, sustainability of nuclear sources will not be guaranteed. Nuclear has in the middle in terms of SS, but their high volatility impels Korea to pursue the diversification of energy suppliers. The energy security indicators suggested in this study are anticipated to contribute to establishing an energy security policy based on a comprehensive understanding of the energy security status in Korea. In the future, it will be necessary to establish specific scenarios for a decrease of regional conflicts and a post-2020 climate change conventions and conduct realistic and dynamic analyses

Conceptual Framework of Energy Security Assessment in Korea

Energy Technology Data Exchange (ETDEWEB)

Moon, Kee Hwan; Chung, Whan Sam; Kim, Seung Su [KAERI, Daejeon (Korea, Republic of)

2016-05-15

Korea's electric power is an essential source of energy, supplying 21.4% of the energy required by the manufacturing industry, 43.4% of that required for commerce, and 59.5% of that required by the public sector in 2014. Korea relies heavily on imports of energy sources because of its lack of natural resources. Its land area is limited, making it difficult to utilize renewable energy. Moreover, it is difficult to trade electricity through grid connections with neighbouring countries. Considering the key role of electric power in Korea and the circumstances of its power generation industry, we must understand the contribution of each fuel used in power plants to energy sustainability. This study derives the conceptual framework to quantify energy security levels for nuclear power generation in Korea and employ them in evaluating the national energy security. And sample calculation of nuclear energy security indicators is performed. The implications drawn from the evaluation are as follows. Nuclear power demonstrates dominance in the dimensions of economy and technology as the related technologies have entered into the stage of maturity. Without constant technological innovation, however, sustainability of nuclear sources will not be guaranteed. Nuclear has in the middle in terms of SS, but their high volatility impels Korea to pursue the diversification of energy suppliers. The energy security indicators suggested in this study are anticipated to contribute to establishing an energy security policy based on a comprehensive understanding of the energy security status in Korea. In the future, it will be necessary to establish specific scenarios for a decrease of regional conflicts and a post-2020 climate change conventions and conduct realistic and dynamic analyses.

Еcological security of environment in Zhytomyr region

Directory of Open Access Journals (Sweden)

I.М. Kovalevska

2016-03-01

Full Text Available The article is aiming at the study of environmental hazards in Zhytomir region. Its main objective is to identify the set of adverse factors affecting the state of danger and compose a necessary starting material for the prediction of possible negative consequences, their nature and extent. The matter of special importance for the study of the phenomenon of security is the security classification. First of all, the forms (system of security in relation to the forces and processes of natural, social and technical character should be distinguished. They can be defined as systems of geo-bio-physical, social and technical security. The classification of security can be determined in many ways, for example, in relation to the object of security; in relation to the subject of security; according to the problem indication; according to the functional indication. Security is a distinctive characteristic and prerequisite of life, progressive development and viability of real-world objects. The methodology of its evaluation is based on the states of the essence of natural and anthropogenic environmental pollution, the standard requirements for the quality of environmental objects and standards of acceptable contamination. The assessment of ecological security of the environment is the quantitative measure of parameters of environmental pollution dangers, threats and risks of natural character as well as the state of anthropogenic security. This assessment is carried out according to the methods and ways to measure environmental parameters. For this purpose it is important to know the factors of danger and the system of indicators that characterizes all natural and environmental phenomena and processes of geo-ecological dangers, natural environmental conditions, ecological condition. The system of natural and industrial environmental indicators consists of the indicators which characterize all phenomena and processes of geo-ecological dangers of natural

7 CFR 273.6 - Social security numbers.

Science.gov (United States)

2010-01-01

... 7 Agriculture 4 2010-01-01 2010-01-01 false Social security numbers. 273.6 Section 273.6... normally uses the Receipt of Application for a Social Security Number, Form SSA-5028, as evidence that an... security numbers. (a) Requirements for participation. The State agency shall require that a household...

Introduction to Hardware Security

Directory of Open Access Journals (Sweden)

Yier Jin

2015-10-01

Full Text Available Hardware security has become a hot topic recently with more and more researchers from related research domains joining this area. However, the understanding of hardware security is often mixed with cybersecurity and cryptography, especially cryptographic hardware. For the same reason, the research scope of hardware security has never been clearly defined. To help researchers who have recently joined in this area better understand the challenges and tasks within the hardware security domain and to help both academia and industry investigate countermeasures and solutions to solve hardware security problems, we will introduce the key concepts of hardware security as well as its relations to related research topics in this survey paper. Emerging hardware security topics will also be clearly depicted through which the future trend will be elaborated, making this survey paper a good reference for the continuing research efforts in this area.

Future consumer mobile phone security: A case study using the data-centric security model

NARCIS (Netherlands)

van Cleeff, A.

Consumer mobile phone security requires more attention, now that their data storage capacity is increasing. At the same time, much effort is spent on data-centric security for large enterprises. In this article we try to apply data-centric security to consumer mobile phones. We show a maturity model

MODEL-BASED SECURITY ENGINEERING OF SOA SYSTEM USING SECURITY INTENT DSL

OpenAIRE

Muhammad Qaiser Saleem; Jafreezal Jaafar; Mohd Fadzil Hassan

2011-01-01

Currently most of the enterprises are using SOA and web services technologies to build their web information system. They are using MDA principles for design and development of WIS and using UML as a modelling language for business process modelling. Along with the increased connectivity in SOA environment, security risks rise exponentially. Security is not defined during the early phases of development and left onto developer. Properly configuring security requirements in SOA applications is...

Improving Timeliness in Real-Time Secure Database Systems

National Research Council Canada - National Science Library

Son, Sang H; David, Rasikan; Thuraisingham, Bhavani

2006-01-01

.... In addition to real-time requirements, security is usually required in many applications. Multilevel security requirements introduce a new dimension to transaction processing in real-time database systems...

Android application security essentials

CERN Document Server

Rai, Pragati

2013-01-01

Android Application Security Essentials is packed with examples, screenshots, illustrations, and real world use cases to secure your apps the right way.If you are looking for guidance and detailed instructions on how to secure app data, then this book is for you. Developers, architects, managers, and technologists who wish to enhance their knowledge of Android security will find this book interesting. Some prior knowledge of development on the Android stack is desirable but not required.

Security research roadmap

Energy Technology Data Exchange (ETDEWEB)

Rouhiainen, V. (ed.)

2007-02-15

VTT has a broad range of security research ongoing in many areas of technology. The main areas have been concentrating on public safety and security, but VTT is also participating in several research projects related to defence technology. To identify and define expertise and research goals in more detail, the Security research roadmap was developed. The roadmap identified three particularly significant areas related to security. The assurance of a critical infrastructure emphasises the protection of energy networks, information networks, water supply, traffic and transport, and obviously also the citizens. For assuring the activities of entrepreneurship, significant areas include the security of production and services, the security of sites and assets, and information security for embedded systems. The most important security products and technologies needed are, for example, management of total security, detection, identification, localisation and communication, protection of information networks and systems, as well as physical protection. In the EU's Security programme, which aims at ensuring the security of society and its vital functions, it is stated that. Technology alone can not assure security, but security can not be assured without the support of technology. VTT is conducting security research in all its areas of expertise and clusters. The area has a significant research potential. The development of products and systems designed for the improvement of security has just started. There is still room for innovation. This report presents knowledge and development needs in more detail, as well as future development potential seen in the area of security. (orig.)

Information security management handbook, v.7

CERN Document Server

O'Hanley, Richard

2013-01-01

Updated annually, the Information Security Management Handbook, Sixth Edition, Volume 7 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations. Reporting on the latest developments in information security and recent changes to the (ISC)2(R) CISSP Common Body of Knowledge (CBK(R)), this volume features 27 new chapters on topics

A methodology for performing computer security reviews

International Nuclear Information System (INIS)

Hunteman, W.J.

1991-01-01

DOE Order 5637.1, ''Classified Computer Security,'' requires regular reviews of the computer security activities for an ADP system and for a site. Based on experiences gained in the Los Alamos computer security program through interactions with DOE facilities, we have developed a methodology to aid a site or security officer in performing a comprehensive computer security review. The methodology is designed to aid a reviewer in defining goals of the review (e.g., preparation for inspection), determining security requirements based on DOE policies, determining threats/vulnerabilities based on DOE and local threat guidance, and identifying critical system components to be reviewed. Application of the methodology will result in review procedures and checklists oriented to the review goals, the target system, and DOE policy requirements. The review methodology can be used to prepare for an audit or inspection and as a periodic self-check tool to determine the status of the computer security program for a site or specific ADP system. 1 tab

A methodology for performing computer security reviews

International Nuclear Information System (INIS)

Hunteman, W.J.

1991-01-01

This paper reports on DIE Order 5637.1, Classified Computer Security, which requires regular reviews of the computer security activities for an ADP system and for a site. Based on experiences gained in the Los Alamos computer security program through interactions with DOE facilities, the authors have developed a methodology to aid a site or security officer in performing a comprehensive computer security review. The methodology is designed to aid a reviewer in defining goals of the review (e.g., preparation for inspection), determining security requirements based on DOE policies, determining threats/vulnerabilities based on DOE and local threat guidance, and identifying critical system components to be reviewed. Application of the methodology will result in review procedures and checklists oriented to the review goals, the target system, and DOE policy requirements. The review methodology can be used to prepare for an audit or inspection and as a periodic self-check tool to determine the status of the computer security program for a site or specific ADP system

Maritime supply chain security: Navigating through a sea of compliance requirements

Directory of Open Access Journals (Sweden)

Emma Maspero

2008-11-01

Full Text Available As a direct result of the 9-11 New York attack all modes of freight and passengertransportation were scrutinised for vulnerabilities. Over 90% of international trade takes place via sea transport for at least some part of the supply chain and as a result there has been a drive to better secure maritime transportation. This paper outlines the background to and the rationale behind the most important of the new security measures for maritime transportation and provides an overview of the likely implications for supply chain role-players. In addition the paper endeavours to create awareness of the importance of maritime supply chain security.

Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

OpenAIRE

Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

2012-01-01

Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. Currently companies achieve this by means of checklist-based security assessments, but these methods are a way to achieve consensus without being able to provide justifications of countermeasures in terms of business goals. But such justificat...

49 CFR 1510.15 - Accounting and auditing requirements.

Science.gov (United States)

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Accounting and auditing requirements. 1510.15 Section 1510.15 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION... CIVIL AVIATION SECURITY SERVICE FEES § 1510.15 Accounting and auditing requirements. (a) Direct air...

QuickCash: Secure Transfer Payment Systems

Directory of Open Access Journals (Sweden)

Abdulrahman Alhothaily

2017-06-01

Full Text Available Payment systems play a significant role in our daily lives. They are an important driver of economic activities and a vital part of the banking infrastructure of any country. Several current payment systems focus on security and reliability but pay less attention to users’ needs and behaviors. For example, people may share their bankcards with friends or relatives to withdraw money for various reasons. This behavior can lead to a variety of privacy and security issues since the cardholder has to share a bankcard and other sensitive information such as a personal identification number (PIN. In addition, it is commonplace that cardholders may lose their cards, and may not be able to access their accounts due to various reasons. Furthermore, transferring money to an individual who has lost their bankcard and identification information is not a straightforward task. A user-friendly person-to-person payment system is urgently needed to perform secure and reliable transactions that benefit from current technological advancements. In this paper, we propose two secure fund transfer methods termed QuickCash Online and QuickCash Offline to transfer money from peer to peer using the existing banking infrastructure. Our methods provide a convenient way to transfer money quickly, and they do not require using bank cards or any identification card. Unlike other person-to-person payment systems, the proposed methods do not require the receiving entity to have a bank account, or to perform any registration procedure. We implement our QuickCash payment systems and analyze their security strengths and properties.

QuickCash: Secure Transfer Payment Systems

Science.gov (United States)

Alhothaily, Abdulrahman; Alrawais, Arwa; Song, Tianyi; Lin, Bin; Cheng, Xiuzhen

2017-01-01

Payment systems play a significant role in our daily lives. They are an important driver of economic activities and a vital part of the banking infrastructure of any country. Several current payment systems focus on security and reliability but pay less attention to users’ needs and behaviors. For example, people may share their bankcards with friends or relatives to withdraw money for various reasons. This behavior can lead to a variety of privacy and security issues since the cardholder has to share a bankcard and other sensitive information such as a personal identification number (PIN). In addition, it is commonplace that cardholders may lose their cards, and may not be able to access their accounts due to various reasons. Furthermore, transferring money to an individual who has lost their bankcard and identification information is not a straightforward task. A user-friendly person-to-person payment system is urgently needed to perform secure and reliable transactions that benefit from current technological advancements. In this paper, we propose two secure fund transfer methods termed QuickCash Online and QuickCash Offline to transfer money from peer to peer using the existing banking infrastructure. Our methods provide a convenient way to transfer money quickly, and they do not require using bank cards or any identification card. Unlike other person-to-person payment systems, the proposed methods do not require the receiving entity to have a bank account, or to perform any registration procedure. We implement our QuickCash payment systems and analyze their security strengths and properties. PMID:28608846

QuickCash: Secure Transfer Payment Systems.

Science.gov (United States)

Alhothaily, Abdulrahman; Alrawais, Arwa; Song, Tianyi; Lin, Bin; Cheng, Xiuzhen

2017-06-13

Payment systems play a significant role in our daily lives. They are an important driver of economic activities and a vital part of the banking infrastructure of any country. Several current payment systems focus on security and reliability but pay less attention to users' needs and behaviors. For example, people may share their bankcards with friends or relatives to withdraw money for various reasons. This behavior can lead to a variety of privacy and security issues since the cardholder has to share a bankcard and other sensitive information such as a personal identification number (PIN). In addition, it is commonplace that cardholders may lose their cards, and may not be able to access their accounts due to various reasons. Furthermore, transferring money to an individual who has lost their bankcard and identification information is not a straightforward task. A user-friendly person-to-person payment system is urgently needed to perform secure and reliable transactions that benefit from current technological advancements. In this paper, we propose two secure fund transfer methods termed QuickCash Online and QuickCash Offline to transfer money from peer to peer using the existing banking infrastructure. Our methods provide a convenient way to transfer money quickly, and they do not require using bank cards or any identification card. Unlike other person-to-person payment systems, the proposed methods do not require the receiving entity to have a bank account, or to perform any registration procedure. We implement our QuickCash payment systems and analyze their security strengths and properties.

Access Point Security Service for wireless ad-hoc communication

NARCIS (Netherlands)

Scholten, Johan; Nijdam, M.

2006-01-01

This paper describes the design and implementation of a security solution for ad-hoc peer-to-peer communication. The security solution is based on a scenario where two wireless devices require secure communication, but share no security relationship a priori. The necessary requirements for the

INFORMATION SYSTEM SECURITY (CYBER SECURITY

Directory of Open Access Journals (Sweden)

Muhammad Siddique Ansari

2016-03-01

system force and structure reliance – are discovered and tantamount with EU nations. Thusly I indicated reason viewpoints and figures of security of data structures it additionally relates to the reason of estimation of transient dangers of security of frameworks for that I begin my proposal with one of the fundamental class of data security which is Cyber security. Keyword : Cyber Security, IT

Data security in Intelligent Transport Systems

Directory of Open Access Journals (Sweden)

Tomas Zelinka

2012-10-01

Full Text Available Intelligent Transport Services expect availability of the secure seamless communications solutions typically covering widely spread areas. Different ITS solutions require different portfolio of telecommunications service quality. These parameters have to correspond with ITS service performance parameters required by specific service. Even though quite extensive range of public wireless data services with reasonable coverage are provided, most of them are provided with no guaranteed quality and security. ITS requirements can be in most parameters easier reached if multi-path communications systems are applied core solution is combined with both public as well as private ones where and when it is needed. Such solution requires implementation of relevant flexible system architecture supported by the efficient decision processes. This paper is concentrated the telecommunications security issues relevant to the ITS wide area networking. Expected level of security varies in dependence on relevant ITS service requirements. Data volumes transferred both in private data vehicle on board networks as well as between vehicles and infrastructure (C2I or other vehicles (C2C progressively grow. Such trend upsurges the fatal problems appearance probability in case security of the wide area networks is not relevantly treated. That is reason why relevant communications security treatment becomes crucial part of the ITS solution. Besides of available "off shelf" security tools we present solution based on non-public universal identifier with dynamical extension (time and position dependency as an autonomous variables and data selection according to actor role or category. Presented results were obtained within projects e-Ident1, DOTEK2 and SRATVU3.

Secure firmware updates for point of sale terminals

CSIR Research Space (South Africa)

Tsague, HD

2015-03-01

Full Text Available of the equipment. In particular, there is an important cost related to the deployment of new software upgrades for the point of sale terminals, since in most cases human intervention is required. In this paper, we present a lightweight protocol for secure firmware...

The Requirement of a Positive Definite Covariance Matrix of Security Returns for Mean-Variance Portfolio Analysis: A Pedagogic Illustration

Directory of Open Access Journals (Sweden)

Clarence C. Y. Kwan

2010-07-01

Full Text Available This study considers, from a pedagogic perspective, a crucial requirement for the covariance matrix of security returns in mean-variance portfolio analysis. Although the requirement that the covariance matrix be positive definite is fundamental in modern finance, it has not received any attention in standard investment textbooks. Being unaware of the requirement could cause confusion for students over some strange portfolio results that are based on seemingly reasonable input parameters. This study considers the requirement both informally and analytically. Electronic spreadsheet tools for constrained optimization and basic matrix operations are utilized to illustrate the various concepts involved.

Information Systems Security Job Advertisement Analysis: Skills Review and Implications for Information Systems Curriculum

Science.gov (United States)

Brooks, Nita G.; Greer, Timothy H.; Morris, Steven A.

2018-01-01

The authors' focus was the assessment of skill requirements for information systems security positions to understand expectations for security jobs and to highlight issues relevant to curriculum management. The analysis of 798 job advertisements involved the exploration of domain-related and soft skills as well as degree and certification…

10 CFR 39.71 - Security.

Science.gov (United States)

2010-01-01

... 10 Energy 1 2010-01-01 2010-01-01 false Security. 39.71 Section 39.71 Energy NUCLEAR REGULATORY COMMISSION LICENSES AND RADIATION SAFETY REQUIREMENTS FOR WELL LOGGING Security, Records, Notifications § 39.71 Security. (a) A logging supervisor must be physically present at a temporary jobsite whenever...

40 CFR 265.14 - Security.

Science.gov (United States)

2010-07-01

... 40 Protection of Environment 25 2010-07-01 2010-07-01 false Security. 265.14 Section 265.14... Facility Standards § 265.14 Security. (a) The owner or operator must prevent the unknowing entry, and...) for discussion of security requirements at disposal facilities during the post-closure care period...

Risk assessment of climate systems for national security.

Energy Technology Data Exchange (ETDEWEB)

Backus, George A.; Boslough, Mark Bruce Elrick; Brown, Theresa Jean; Cai, Ximing; Conrad, Stephen Hamilton; Constantine, Paul G; Dalbey, Keith R.; Debusschere, Bert J.; Fields, Richard; Hart, David Blaine; Kalinina, Elena Arkadievna; Kerstein, Alan R.; Levy, Michael; Lowry, Thomas Stephen; Malczynski, Leonard A.; Najm, Habib N.; Overfelt, James Robert; Parks, Mancel Jordan; Peplinski, William J.; Safta, Cosmin; Sargsyan, Khachik; Stubblefield, William Anthony; Taylor, Mark A.; Tidwell, Vincent Carroll; Trucano, Timothy Guy; Villa, Daniel L.

2012-10-01

Climate change, through drought, flooding, storms, heat waves, and melting Arctic ice, affects the production and flow of resource within and among geographical regions. The interactions among governments, populations, and sectors of the economy require integrated assessment based on risk, through uncertainty quantification (UQ). This project evaluated the capabilities with Sandia National Laboratories to perform such integrated analyses, as they relate to (inter)national security. The combining of the UQ results from climate models with hydrological and economic/infrastructure impact modeling appears to offer the best capability for national security risk assessments.

Breaking the cyber-security dilemma: aligning security needs and removing vulnerabilities.

Science.gov (United States)

Dunn Cavelty, Myriam

2014-09-01

Current approaches to cyber-security are not working. Rather than producing more security, we seem to be facing less and less. The reason for this is a multi-dimensional and multi-faceted security dilemma that extends beyond the state and its interaction with other states. It will be shown how the focus on the state and "its" security crowds out consideration for the security of the individual citizen, with detrimental effects on the security of the whole system. The threat arising from cyberspace to (national) security is presented as possible disruption to a specific way of life, one building on information technologies and critical functions of infrastructures, with relatively little consideration for humans directly. This non-focus on people makes it easier for state actors to militarize cyber-security and (re-)assert their power in cyberspace, thereby overriding the different security needs of human beings in that space. Paradoxically, the use of cyberspace as a tool for national security, both in the dimension of war fighting and the dimension of mass-surveillance, has detrimental effects on the level of cyber-security globally. A solution out of this dilemma is a cyber-security policy that is decidedly anti-vulnerability and at the same time based on strong considerations for privacy and data protection. Such a security would have to be informed by an ethics of the infosphere that is based on the dignity of information related to human beings.

22 CFR 8.7 - Security.

Science.gov (United States)

2010-04-01

... 22 Foreign Relations 1 2010-04-01 2010-04-01 false Security. 8.7 Section 8.7 Foreign Relations DEPARTMENT OF STATE GENERAL ADVISORY COMMITTEE MANAGEMENT § 8.7 Security. (a) All officers and members of a committee must have a security clearance for the subject matter level of security at which the committee...

40 CFR 264.14 - Security.

Science.gov (United States)

2010-07-01

... 40 Protection of Environment 25 2010-07-01 2010-07-01 false Security. 264.14 Section 264.14... Standards § 264.14 Security. (a) The owner or operator must prevent the unknowing entry, and minimize the...) for discussion of security requirements at disposal facilities during the post-closure care period...

Detection of total hip arthroplasties at airport security checkpoints - how do updated security measures affect patients?

Science.gov (United States)

Issa, Kimona; Pierce, Todd P; Gwam, Chukwuweieke; Festa, Anthony; Scillia, Anthony J; Mont, Michael A

2018-03-01

There have been historical reports on the experiences of patients with total hip arthroplasty (THA) passing through standard metal detectors at airports. The purpose of this study was to analyse those who had recently passed through airport security and the incidence of: (i) triggering of the alarm; (ii) extra security searches; and (iii) perceived inconvenience. A questionnaire was given to 125 patients with a THA during a follow-up appointment. Those who had passed through airport security after January 2014 met inclusion criteria. A survey was administered that addressed the number of encounters with airport security, frequency of metal detector activation, additional screening procedures utilised, whether security officials required prosthesis documentation, and perceived inconvenience. 51 patients met inclusion criteria. 10 patients (20%) reported triggered security scanners. 4 of the 10 patients stated they had surgical hardware elsewhere in the body. 13 of the 51 patients (25%) believed that having their THA increased the inconvenience of traveling. This is different from the historical cohort with standard metal detectors which patients reported a greater incidence of alarm triggering (n = 120 of 143; p = 0.0001) and perceived inconvenience (n = 99 of 143; p = 0.0001). The percentage of patients who have THA triggering security alarms has decreased. Furthermore, the number of patients who feel that their prosthesis caused traveling inconvenience has decreased. We feel that this decrease in alarms triggered and improved perceptions about inconvenience are related to the increased usage of new technology.

XMSS : a practical forward secure signature scheme based on minimal security assumptions

NARCIS (Netherlands)

Buchmann, Johannes; Dahmen, Erik; Hülsing, Andreas; Yang, B.-Y.

2011-01-01

We present the hash-based signature scheme XMSS. It is the first provably (forward) secure and practical signature scheme with minimal security requirements: a pseudorandom and a second preimage resistant (hash) function family. Its signature size is reduced to less than 25% compared to the best

Safe and Secure Services Based on NGN

Science.gov (United States)

Fukazawa, Tomoo; Nisase, Takemi; Kawashima, Masahisa; Hariu, Takeo; Oshima, Yoshihito

Next Generation Network (NGN), which has been undergoing standardization as it has developed, is expected to create new services that converge the fixed and mobile networks. This paper introduces the basic requirements for NGN in terms of security and explains the standardization activities, in particular, the requirements for the security function described in Y.2701 discussed in ITU-T SG-13. In addition to the basic NGN security function, requirements for NGN authentication are also described from three aspects: security, deployability, and service. As examples of authentication implementation, three profiles-namely, fixed, nomadic, and mobile-are defined in this paper. That is, the “fixed profile” is typically for fixed-line subscribers, the “nomadic profile” basically utilizes WiFi access points, and the “mobile profile” provides ideal NGN mobility for mobile subscribers. All three of these profiles satisfy the requirements from security aspects. The three profiles are compared from the viewpoint of requirements for deployability and service. After showing that none of the three profiles can fulfill all of the requirements, we propose that multiple profiles should be used by NGN providers. As service and application examples, two promising NGN applications are proposed. The first is a strong authentication mechanism that makes Web applications more safe and secure even against password theft. It is based on NGN ID federation function. The second provides an easy peer-to-peer broadband virtual private network service aimed at safe and secure communication for personal/SOHO (small office, home office) users, based on NGN SIP (session initiation protocol) session control.

Security measures in transport of radiation source in Jordan

Energy Technology Data Exchange (ETDEWEB)

Mohammad, Alslman [Korea Advanced Institute of Science and Technology, Kaist Daejeon (Korea, Republic of); Choi, Kwang Sik [Korea Institute of Nuclear Safety, Daejeon (Korea, Republic of)

2011-05-15

Radioactive materials are used in Jordan for peaceful applications in medicine, industry, agriculture, environmental science, education and research and military applications. Most of these radioactive sources used are imported, therefore trans-boundary movement is a significant factor in consideration of security measures during movement of these sources. After 11/9 2001 event, IAEA efforts began to focus and concentrate on security in transport of radioactive materials, after the emergence of risks of using these sources in terrorist activities. In 2002, Efforts were initiated by the IAEA to provide additional guidance for security in the transport of radioactive materials, based upon the new security requirements in the Recommendations on the Transport of Dangerous Goods. This paper reviews some of the measures relating to the transport of radioactive materials in Jordan

49 CFR 1542.205 - Security of the security identification display area (SIDA).

Science.gov (United States)

2010-10-01

... area (SIDA). 1542.205 Section 1542.205 Transportation Other Regulations Relating to Transportation... AIRPORT SECURITY Operations § 1542.205 Security of the security identification display area (SIDA). (a... one SIDA, as follows: (1) Each secured area must be a SIDA. (2) Each part of the air operations area...

Constructing RBAC based security model in u-healthcare service platform.

Science.gov (United States)

Shin, Moon Sun; Jeon, Heung Seok; Ju, Yong Wan; Lee, Bum Ju; Jeong, Seon-Phil

2015-01-01

In today's era of aging society, people want to handle personal health care by themselves in everyday life. In particular, the evolution of medical and IT convergence technology and mobile smart devices has made it possible for people to gather information on their health status anytime and anywhere easily using biometric information acquisition devices. Healthcare information systems can contribute to the improvement of the nation's healthcare quality and the reduction of related cost. However, there are no perfect security models or mechanisms for healthcare service applications, and privacy information can therefore be leaked. In this paper, we examine security requirements related to privacy protection in u-healthcare service and propose an extended RBAC based security model. We propose and design u-healthcare service integration platform (u-HCSIP) applying RBAC security model. The proposed u-HCSIP performs four main functions: storing and exchanging personal health records (PHR), recommending meals and exercise, buying/selling private health information or experience, and managing personal health data using smart devices.

Development of an Internet Security Policy for health care establishments.

Science.gov (United States)

Ilioudis, C; Pangalos, G

2000-01-01

The Internet provides unprecedented opportunities for interaction and data sharing among health care providers, patients and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality and integrity of information. This paper defines the basic security requirements that must be addressed in order to use the Internet to safely transmit patient and/or other sensitive Health Care information. It describes a suitable Internet Security Policy for Health Care Establishments and provides the set of technical measures that are needed for its implementation. The proposed security policy and technical approaches have been based on an extensive study of the related recommendations from the security and standard groups both in EU amid USA and our related work and experience. The results have been utilized in the framework of the Intranet Health Clinic project, where the use of the Internet for the transmission of sensitive Health Care information is of vital importance.

Constructing RBAC Based Security Model in u-Healthcare Service Platform

Science.gov (United States)

Shin, Moon Sun; Jeon, Heung Seok; Ju, Yong Wan; Lee, Bum Ju; Jeong, Seon-Phil

2015-01-01

In today's era of aging society, people want to handle personal health care by themselves in everyday life. In particular, the evolution of medical and IT convergence technology and mobile smart devices has made it possible for people to gather information on their health status anytime and anywhere easily using biometric information acquisition devices. Healthcare information systems can contribute to the improvement of the nation's healthcare quality and the reduction of related cost. However, there are no perfect security models or mechanisms for healthcare service applications, and privacy information can therefore be leaked. In this paper, we examine security requirements related to privacy protection in u-healthcare service and propose an extended RBAC based security model. We propose and design u-healthcare service integration platform (u-HCSIP) applying RBAC security model. The proposed u-HCSIP performs four main functions: storing and exchanging personal health records (PHR), recommending meals and exercise, buying/selling private health information or experience, and managing personal health data using smart devices. PMID:25695104

The Security Aspect of Turkey-United States Relations: In Search For a New Model

Directory of Open Access Journals (Sweden)

Irina A. Svistunova

2016-01-01

Full Text Available Security cooperation has always been an important aspect of the relations between Turkey and the USA. In Cold War era Turkish-American interaction within NATO played a crucial role in this cooperation. After that period the two countries began to search for a new model of their relations. Both Turkey and the USA started to use cooperation within NATO for the purpose of strengthening their global positions. At the same time the USA aspiration to use military bases in Turkey beyond NATO obligations frequently becomes a source of disagreement and crises in the relations of the two countries as it happened during the American intervention to Iraq in 2003. At present new challenges for regional security, especially in the Middle East, demands new forms of interaction between Turkey and the USA. The beginning of "the Arab spring" was met in Ankara and Washington with overlapping interest in changing conservative regimes and promoting "Turkish model". At the same time such questions as participation of Turkey in the fight against ISIL and the USA military cooperation with the Syrian Kurds, whom Ankara considers to be connected with the PKK terrorist organization, has brought serious contradictions between the two countries. The cause of these contradiction is the difference in the perception of threats in Turkey and in the Western countries. While the search for new forms of security cooperation meets with difficulties, NATO remains important for the relations between Turkey and the USA, despite traditionally high level of anti-NATO moods in the Turkish society.

Polish Security Printing Works in the system of public and economic security

OpenAIRE

Remigiusz Lewandowski

2013-01-01

The article raises the issue of placing PWPW in the system of economic and public security. Two particular categories of security connected with PWPW business activity, i.e. identification and transactional security, have been defined and discussed in the article. The most essential factors affecting the above security categories as well as relations between identification/transactional security and economic/public security. The article indicates that PWPW plays an important role in the state...

7 CFR 801.11 - Related design requirements.

Science.gov (United States)

2010-01-01

... 7 Agriculture 7 2010-01-01 2010-01-01 false Related design requirements. 801.11 Section 801.11... FOR GRAIN INSPECTION EQUIPMENT § 801.11 Related design requirements. (a) Suitability. The design... tolerances prescribed in §§ 801.3 through 801.10, be capable of repeating its results when the equipment is...

7 CFR 331.11 - Security.

Science.gov (United States)

2010-01-01

... 7 Agriculture 5 2010-01-01 2010-01-01 false Security. 331.11 Section 331.11 Agriculture..., DEPARTMENT OF AGRICULTURE POSSESSION, USE, AND TRANSFER OF SELECT AGENTS AND TOXINS § 331.11 Security. (a) An individual or entity required to register under this part must develop and implement a written security plan...

10 CFR 76.119 - Security facility approval and safeguarding of National Security Information and Restricted Data.

Science.gov (United States)

2010-01-01

... 10 Energy 2 2010-01-01 2010-01-01 false Security facility approval and safeguarding of National Security Information and Restricted Data. 76.119 Section 76.119 Energy NUCLEAR REGULATORY COMMISSION... approval and safeguarding of National Security Information and Restricted Data. The requirements for...

Physical security and IT convergence: Managing the cyber-related risks.

Science.gov (United States)

McCreight, Tim; Leece, Doug

The convergence of physical security devices into the corporate network is increasing, due to the perceived economic benefits and efficiencies gained from using one enterprise network. Bringing these two networks together is not without risk. Physical devices like closed circuit television cameras (CCTV), card access readers, and heating, ventilation and air conditioning controllers (HVAC) are typically not secured to the standards we expect for corporate computer networks. These devices can pose significant risks to the corporate network by creating new avenues to exploit vulnerabilities in less-than-secure implementations of physical systems. The ASIS Information Technology Security Council (ITSC) developed a white paper describing steps organisations can take to reduce the risks this convergence can pose, and presented these concepts at the 2015 ASIS/ISC2 Congress in Anaheim, California. 1 This paper expands upon the six characteristics described by ITSC, and provides business continuity planners with information on how to apply these recommendations to physical security devices that use the corporate network.

Future Direction of the Instrumentation and Control System for Security of Nuclear Facilities

International Nuclear Information System (INIS)

Kim, Woo Jin; Kim, Jae Kwang

2014-01-01

Instrumentation and control systems are pervasively used as a vital component in modern industries. Nuclear facilities, such as nuclear power plants (NPPs), originally use I and C systems for plant status monitoring, processes control, and many other purposes. After some events that raised security concerns, application areas of I and C systems have been expanded to physical protection of nuclear material and facilities. As nuclear policies over the world are strengthening security issues, the future direction of roles and technical requirements of security related I and C systems is described: An introduction of I and C systems, especially digitalized I and C systems, to security of nuclear facilities requires many careful considerations, such as system integration, verification and validation (V/V), etc. Institute of Nuclear Nonproliferation and Control (KINAC) established 'International Nuclear Nonproliferation and Security Academy, INSA' in 2014. One of the main achievements of INSA is test-bed implementation for technical criteria development of nuclear facilities' physical protection systems (PPSs) as well as for education and training of those systems. The test bed was modified and improved more suitably from the previous version to modern PPSs including state-of-the-art I and C technologies. KINAC is confident in the new test bed to become a fundamental technical basis of security related I and C systems in near future

Information Governance: A Model for Security in Medical Practice

Directory of Open Access Journals (Sweden)

Patricia A.H. Williams

2007-03-01

Full Text Available Information governance is becoming an important aspect of organisational accountability. In consideration that information is an integral asset of most organisations, the protection of this asset will increasingly rely on organisational capabilities in security.  In the medical arena this information is primarily sensitive patient-based information. Previous research has shown that application of security measures is a low priority for primary care medical practice and that awareness of the risks are seriously underestimated. Consequently, information security governance will be a key issue for medical practice in the future. Information security governance is a relatively new term and there is little existing research into how to meet governance requirements. The limited research that exists describes information security governance frameworks at a strategic level. However, since medical practice is already lagging in the implementation of appropriate security, such definition may not be practical although it is obviously desirable. This paper describes an on-going action research project undertaken in the area of medical information security, and presents a tactical approach model aimed at addressing information security governance and the protection of medical data. 

Privacy and security of patient data in the pathology laboratory.

Science.gov (United States)

Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

Privacy and security of patient data in the pathology laboratory

Directory of Open Access Journals (Sweden)

Ioan C Cucoranu

2013-01-01

Full Text Available Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI. In the United States, the Health Insurance Portability and Accountability Act (HIPAA govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

Finding Security Patterns to Countermeasure Software Vulnerabilities

OpenAIRE

Borstad, Ole Gunnar

2008-01-01

Software security is an increasingly important part of software development as the risk from attackers is constantly evolving through increased exposure, threats and economic impact of security breaches. Emerging security literature describes expert knowledge such as secure development best practices. This knowledge is often not applied by software developers because they lack security awareness, security training and secure development methods and tools. Existing methods and tools require to...

Protective force legal issues: the security perspective

International Nuclear Information System (INIS)

Rich, B.L.

1984-01-01

There has been much discussion and some controversy on the legal issues faced by the Department of Energy's (DOE) protective forces in the performance of their security duties. These include the observance of legal proprieties in the arrest of non-violent demonstrators, the use of lethal weapons, and the extent of protective forces' authority to carry weapons and protect DOE's security interests offsite. In brief, the need to protect DOE's security interests may be in nominal conflict with other requirements. When faced with a potential conflict in requirements, we in the DOE security community must place first attention to the security mission -- to deter and prevent hostile acts

Challenges of Carboy Security For Nuclear Power Plants

Energy Technology Data Exchange (ETDEWEB)

Kim, Kwangjo [Korea Advanced Institute of Science and Technology, Daejeon (Korea, Republic of)

2012-03-15

Nuclear Power Plants (NPPs) become one of the most important infrastructures in providing efficient and non-interrupted electricity in a country using radioactive elements due to global warming and shortage of fossil resources. To provide the higher reliability and better performance with additional diagnostic capabilities in operating NPPs, digital Instrumentation and Control (I and C) systems have been introduced to replace the analog I and C system. However, the digitalized I and C systems bring us new vulnerabilities and threats over the cyber space. In this paper, we discus that the trends of cyber security for legacy IT system and its countermeasure have been developed for last three decades from the security point of view. We found that the nuclear industry has an inherently conservative approach to safety and substantial effort is required to provide the necessary evidence and analysis to assure that digital I and C systems can be used in safety-critical and safety-related applications. NPP I and C systems are generally isolated from external communication systems. This cannot provide 100% cyber attack-free operation for NPP lessoned from an attack using stuxnet. Experience gained from cyber security in other sensitive fields, such as the military, national security, banking, and air-traffic control, etc. is valuable both for improving cyber security at NPPs with digital I and C systems and for demonstrating that cyber defenses can consistently stay ahead of cyber attacks. But as with safety and other areas of security, cyber security is an area where no-one can rest on his laurels. Continued success requires continuous vigilance and continuous improvement.

Challenges of Carboy Security For Nuclear Power Plants

International Nuclear Information System (INIS)

Kim, Kwangjo

2012-01-01

Nuclear Power Plants (NPPs) become one of the most important infrastructures in providing efficient and non-interrupted electricity in a country using radioactive elements due to global warming and shortage of fossil resources. To provide the higher reliability and better performance with additional diagnostic capabilities in operating NPPs, digital Instrumentation and Control (I and C) systems have been introduced to replace the analog I and C system. However, the digitalized I and C systems bring us new vulnerabilities and threats over the cyber space. In this paper, we discus that the trends of cyber security for legacy IT system and its countermeasure have been developed for last three decades from the security point of view. We found that the nuclear industry has an inherently conservative approach to safety and substantial effort is required to provide the necessary evidence and analysis to assure that digital I and C systems can be used in safety-critical and safety-related applications. NPP I and C systems are generally isolated from external communication systems. This cannot provide 100% cyber attack-free operation for NPP lessoned from an attack using stuxnet. Experience gained from cyber security in other sensitive fields, such as the military, national security, banking, and air-traffic control, etc. is valuable both for improving cyber security at NPPs with digital I and C systems and for demonstrating that cyber defenses can consistently stay ahead of cyber attacks. But as with safety and other areas of security, cyber security is an area where no-one can rest on his laurels. Continued success requires continuous vigilance and continuous improvement

A Study on the Interrelations between the Security-Related Antecedents of Customers' Online Trust

Science.gov (United States)

Peikari, Hamid Reza

Despite the wide attention of previous studies to explore the influence of different security-related factors on customers' online trust, the interrelations between such factors and their direct and indirect influences on customers' trust have been neglected. This study investigates the direct and indirect interrelations between the factors authentication, encryption, technical protection and externally provided assurances including third party security and privacy seals with customers' trust in the business-to-customer (B2C) environment. The data was collected from 238 respondents and after the test of reliability and validity of the scale, the hypotheses were tested using structural equation modeling. The results showed that customers' perception of encryption and authentication mechanisms implemented by a Website have a positive significant influence on their perceived technical protection while technical protection was found to significantly influence customers' trust to the Website. However, the analysis did not find any relation between the third party assurance and customers' trust, indicating that despite the high expenses companies involve to obtain such assurances from reputed third parties, such mechanisms and assurances do not have any direct or indirect significant influence on customers' trust; which raises questions on the value of such mechanisms .finally, after discussing the findings and implication of this study for both academic and business worlds, suggestions for future studies were made to have a better understanding of the dimensions of the interrelations between the security-related factors.

Safeguards and security considerations for automated and robotic systems

Energy Technology Data Exchange (ETDEWEB)

Jordan, S.E.; Jaeger, C.D.

1994-09-01

Within the reconfigured Nuclear Weapons Complex there will be a large number of automated and robotic (A&R) systems because of the many benefits derived from their use. To meet the overall security requirements of a facility, consideration must be given to those systems that handle and process nuclear material. Since automation and robotics is a relatively new technology, not widely applied to the Nuclear Weapons Complex, safeguards and security (S&S) issues related to these systems have not been extensively explored, and no guidance presently exists. The goal of this effort is to help integrate S&S into the design of future A&R systems. Towards this, the authors first examined existing A and R systems from a security perspective to identify areas of concern and possible solutions of these problems. They then were able to develop generalized S&S guidance and design considerations for automation and robotics.

Secure Java For Web Application Development

CERN Document Server

Bhargav, Abhay

2010-01-01

As the Internet has evolved, so have the various vulnerabilities, which largely stem from the fact that developers are unaware of the importance of a robust application security program. This book aims to educate readers on application security and building secure web applications using the new Java Platform. The text details a secure web application development process from the risk assessment phase to the proof of concept phase. The authors detail such concepts as application risk assessment, secure SDLC, security compliance requirements, web application vulnerabilities and threats, security

New Security Development and Trends to Secure the SCADA Sensors Automated Transmission during Critical Sessions

Directory of Open Access Journals (Sweden)

Aamir Shahzad

2015-10-01

Full Text Available Modern technology enhancements have been used worldwide to fulfill the requirements of the industrial sector, especially in supervisory control and data acquisition (SCADA systems as a part of industrial control systems (ICS. SCADA systems have gained popularity in industrial automations due to technology enhancements and connectivity with modern computer networks and/or protocols. The procurement of new technologies has made SCADA systems important and helpful to processing in oil lines, water treatment plants, and electricity generation and control stations. On the other hand, these systems have vulnerabilities like other traditional computer networks (or systems, especially when interconnected with open platforms. Many international organizations and researchers have proposed and deployed solutions for SCADA security enhancement, but most of these have been based on node-to-node security, without emphasizing critical sessions that are linked directly with industrial processing and automation. This study concerns SCADA security measures related to critical processing with specified sessions of automated polling, analyzing cryptography mechanisms and deploying the appropriate explicit inclusive security solution in a distributed network protocol version 3 (DNP3 stack, as part of a SCADA system. The bytes flow through the DNP3 stack with security computational bytes within specified critical intervals defined for polling. We took critical processing knowledge into account when designing a SCADA/DNP3 testbed and deploying a cryptography solution that did not affect communications.

Finance/security/life.

OpenAIRE

Langley, P.

2017-01-01

What is the contemporary relation between finance and security? This essay encourages further research into the securitization of finance by developing the notion of ‘finance/security/life’. A focus on the intersections of finance/security/life will be shown to prompt a broadened range of critical, cross-disciplinary concerns with the various ways in which financial markets are positioned as vital to securing wealth, welfare and wellbeing.

The Security Research of Digital Library Network

Science.gov (United States)

Zhang, Xin; Song, Ding-Li; Yan, Shu

Digital library is a self-development needs for the modern library to meet the development requirements of the times, changing the way services and so on. digital library from the hardware, technology, management and other aspects to objective analysis of the factors of threats to digital library network security. We should face up the problems of digital library network security: digital library network hardware are "not hard", the technology of digital library is relatively lag, digital library management system is imperfect and other problems; the government should take active measures to ensure that the library funding, to enhance the level of network hardware, to upgrade LAN and prevention technology, to improve network control technology, network monitoring technology; to strengthen safety management concepts, to prefect the safety management system; and to improve the level of security management modernization for digital library.

Information Security for Compliance with Select Agent Regulations

Science.gov (United States)

Lewis, Nick; Campbell, Mark J.

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as “select agents.” While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts—still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment. PMID:26042864

Information security for compliance with select agent regulations.

Science.gov (United States)

Lewis, Nick; Campbell, Mark J; Baskin, Carole R

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as "select agents." While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts--still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment.

Securing the Global Airspace System Via Identity-Based Security

Science.gov (United States)

Ivancic, William D.

2015-01-01

Current telecommunications systems have very good security architectures that include authentication and authorization as well as accounting. These three features enable an edge system to obtain access into a radio communication network, request specific Quality-of-Service (QoS) requirements and ensure proper billing for service. Furthermore, the links are secure. Widely used telecommunication technologies are Long Term Evolution (LTE) and Worldwide Interoperability for Microwave Access (WiMAX) This paper provides a system-level view of network-centric operations for the global airspace system and the problems and issues with deploying new technologies into the system. The paper then focuses on applying the basic security architectures of commercial telecommunication systems and deployment of federated Authentication, Authorization and Accounting systems to provide a scalable, evolvable reliable and maintainable solution to enable a globally deployable identity-based secure airspace system.

Security-based rescheduling of transactions in a deregulated power system

International Nuclear Information System (INIS)

David, A.K.; Fang, R.S.

1999-01-01

The paper studies security-driven rescheduling in the context of electricity supply industry restructuring. Given that price-based operation is encouraged in an open-market system and that bilateral and pool contracts may coexist within this system, a mathematical methodology to reschedule these transactions, when required for security-related reasons, is developed. The post-contingency corrective capability of each transaction is considered and an attempt is made to achieve optimal rescheduling both for preventive and for post-contingency control. The computational results are helpful for providing an insight into the security challenges faced by an independent system operator in the emerging market structures. (author)

Audit Teknologiinformasiatas Physical Security Control Dan Logical Security Control Serta Penentuan Kondisi Security Risk Studi Kasus: PT Talc Indonesia

OpenAIRE

Inggrid; Arfianti, Rizka I; Utami, Viany

2009-01-01

Abstract The fast growth of technology has an impact to the accounting field. This relates to the term of information technology (17) auditing. One of the risI6 of using information technology in business which can be fatal enough i fignored is security risk Security risk can be reduced by security controls which include physical security control and logical security contra Information technology auditing is the process of collecting and evaluating evidence to determine whether or not a co...

Nuclear Security and Nuclear Safeguards; Differences, Commonalities and Synergies

International Nuclear Information System (INIS)

Jorant, C.

2015-01-01

Reference to the three S's in the nuclear world is recurring and much has been said about the need to build on synergies to reinforce safeguards, safety and security. In practice, the 3S's communities are seldom interconnected even though some interaction can be observed between safety and security and security and safeguards. Ensuring a better understanding between those three sectors about their scope, requirements, implementation methods and tools would stimulate cooperation. The second Nuclear Security Summit and particularly the industry related event stressed the synergies between safety and security. The first IAEAs Security Conference organized in July 2013 did not address specifically nuclear safeguards and security relations. Last Security Summit took place in The Hague in March 2014 and this type of issue was not really raised either. The safeguards Symposium provides a timely opportunity to tackle possible enhanced cooperation between safeguards and security communities and assess the prospect for addressing such issue at the next and allegedly last security summit in 2016. This presentation will analyze the differences and commonalities between those two sectors, in particular with regards to the objectives and actors, the organization and technicalities, or to the conceptual approaches (DBT and APA/SLC, attractiveness/accessibility). It will then assess the possible synergies or cooperation between both communities. It will discuss the merits of a global and comprehensive involvement of the different actors, (State, industry and international bodies including the NGOs) and of exchanges on good practices to contribute to a common understanding and references while allowing for an adaptable and national approach. Indeed the need to reassure the stakeholders, including the general public, that security, as well as safeguards are addressed in a consistent manner worldwide is of utmost importance for building future nuclear energy programmes on a

Secure Storage Architectures

Energy Technology Data Exchange (ETDEWEB)

Aderholdt, Ferrol [Tennessee Technological University; Caldwell, Blake A [ORNL; Hicks, Susan Elaine [ORNL; Koch, Scott M [ORNL; Naughton, III, Thomas J [ORNL; Pogge, James R [Tennessee Technological University; Scott, Stephen L [Tennessee Technological University; Shipman, Galen M [ORNL; Sorrillo, Lawrence [ORNL

2015-01-01

help with this issue, which are a particular instances of the more general challenge of efficient host/guest IO that is the focus of interfaces like virtio. A collection of bridging technologies have been identified in Chapter 4, which can be helpful to overcome the limitations and challenges of supporting efficient storage for secure enclaves. The synthesis of native filesystem security mechanisms and bridging technologies led to an isolation-centric storage architecture that is proposed in Chapter 5, which leverages isolation mechanisms from different layers to facilitate secure storage for an enclave. Recommendations: The following highlights recommendations from the investigations done thus far. - The Lustre filesystem offers excellent performance but does not support some security related features, e.g., encryption, that are included in GPFS. If encryption is of paramount importance, then GPFS may be a more suitable choice. - There are several possible Lustre related enhancements that may provide functionality of use for secure-enclaves. However, since these features are not currently integrated, the use of Lustre as a secure storage system may require more direct involvement (support). (*The network that connects the storage subsystem and users, e.g., Lustre s LNET.) - The use of OpenStack with GPFS will be more streamlined than with Lustre, as there are available drivers for GPFS. - The Manilla project offers Filesystem as a Service for OpenStack and is worth further investigation. Manilla has some support for GPFS. - The proposed Lustre enhancement of Dynamic-LNET should be further investigated to provide more dynamic changes to the storage network which could be used to isolate hosts and their tenants. - The Linux namespaces offer a good solution for creating efficient restrictions to shared HPC filesystems. However, we still need to conduct a thorough round of storage/filesystem benchmarks. - Vendor products should be more closely reviewed, possibly to

Educational Programme in Nuclear Security (Chinese Version)

International Nuclear Information System (INIS)

2012-01-01

Higher education plays an essential role in nuclear security capacity building. It ensures the availability of experts able to provide the necessary competencies for the effective national nuclear security oversight of nuclear and other radioactive material and to establish and maintain an appropriate nuclear regime in a State. This guide provides both the theoretical knowledge and the practical skills necessary to meet the requirements described in the international framework for nuclear security. Emphasis is placed on the implementation of these requirements and recommendations in States. On the basis of this guide, each university should be able to develop its own academic programme tailored to suit the State's educational needs in the area of nuclear security and to meet national requirements.

Cooperative Security: A New Paradigm For A World Without Nuclear Weapons?

Directory of Open Access Journals (Sweden)

Marc Finaud

2013-11-01

Full Text Available If there is a loose consensus on aiming at a world free of nuclear weapons in the future, there are clear oppositions as to the timeframe as well as the means for achieving this goal. The approach to nuclear disarmament followed to date has only yielded limited success because it has been conceived in isolation from global and regional security environments and threat perceptions. A new paradigm should thus be sought in order to reconcile nuclear powers’ security doctrines with global aspirations for a safer world, and ensure that nuclear powers derive their security less from others’ insecurity but from mutually beneficial cooperative security. This should not become a pretext for preserving nuclear weapons for ever. It will on the contrary require parallel tracks addressing the initial motivations for acquiring nuclear weapons and other weapons of mass destruction (WMD, in particular in the context of regional conflicts, as well as dealing with the current issues necessarily related to nuclear disarmament (missile defence, weaponization of space, conventional imbalances and future weapon systems. Ultimately, in a globalised nuclear-weapon free world, state security will not require nuclear weapons because it will be inserted into a broader network encompass­ing all aspects of security addressed in cooperative and multilateral approaches.

Food security is related to adult type 2 diabetes control over time in a United States safety net primary care clinic population.

Science.gov (United States)

Shalowitz, M U; Eng, J S; McKinney, C O; Krohn, J; Lapin, B; Wang, C-H; Nodine, E

2017-05-15

Successful Type 2 diabetes management requires adopting a high nutrient-density diet made up of food items that both meet dietary needs and preferences and can be feasibly obtained on a regular basis. However, access to affordable, nutrient-dense foods often is lacking in poorer neighbourhoods. Therefore, low food security should directly impair glucose control, even when patients have full access to and utilize comprehensive medical management. The present study sought to determine whether food security is related longitudinally to glucose control, over-and-above ongoing medication management, among Type 2 diabetes patients receiving comprehensive care at a Midwestern multi-site federally qualified health centre (FQHC). In this longitudinal observational study, we completed a baseline assessment of patients' food security (using the US Household Food Security Module), demographics (via Census items), and diabetes history/management (using a structured clinical encounter form) when patients began receiving diabetes care at the health centre. We then recorded those patients' A1C levels several times during a 24-month follow-up period. Three hundred and ninety-nine patients (56% with low food security) had a baseline A1c measurement; a subsample of 336 (median age=52 years; 56% female; 60% Hispanic, 27% African American, and 9% White) also had at least one follow-up A1c measurement. Patients with lower (vs higher) food security were more likely to be on insulin and have higher A1c levels at baseline. Moreover, the disparity in glucose control by food security status persisted throughout the next 2 years. Although results were based on one multi-site FQHC, potentially limiting their generalizability, they seem to suggest that among Type 2 diabetes patients, low food security directly impairs glucose control-even when patients receive full access to comprehensive medical management-thereby increasing their long-term risks of high morbidity, early mortality, and high

Ethics issues in security hospitals.

Science.gov (United States)

Weinstein, Henry C

2002-01-01

The term 'security hospital' is used for a variety of facilities including forensic hospitals and prison hospitals, which, because of their mission, the nature of their work, and the populations they serve-or because of the authority under which they operate-place the staff at considerable risk of ethical violations related to either clinical care or to forensic activities. The problem of divided loyalties is of special concern in security hospitals. Ethics principles particularly at risk are confidentiality and informed consent. Where there are cultural disparities between the staff and the patients, differences in background, socioeconomic class, education, and other types of diversity, cultural awareness is required and must be reflected in appropriate treatment and evaluation. To counteract the risks of ethical violations, a security hospital should create an ethical climate and develop means to anticipate, prevent, and deal with ethical violations. These might include detailed and specific policies and procedures, programs of orientation, education, consultation, and liaison as well as its own ethics committee. Copyright 2002 John Wiley & Sons, Ltd.

49 CFR 1552.23 - Security awareness training programs.

Science.gov (United States)

2010-10-01

... employee to identify— (i) Uniforms and other identification, if any are required at the flight school, for... SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY FLIGHT SCHOOLS Flight School Security Awareness Training § 1552.23 Security awareness training programs. (a) General. A flight...

Book-entry bonds as a variety of the debt securities

Directory of Open Access Journals (Sweden)

М. М. Кулик

2015-10-01

Full Text Available Problem Setting. The article is devoted to the allocation of the features of the legal order and legal nature of the book-entry bonds as a variety of the debt securities. Analysis of the recent researches and publications. The book-entry securities and their place among other objects of the civil legal relations from the moment of their appearance on the securities market have been devoted many scientific works and publications both Ukrainian scientists and scientists of other countries, in particular, E. Dyomushkina, L. Dobrynina, V. A. Barulin, D. Stepanov, E. Reshetin, V. L. Yarotsky, G. N. Shevchenko, O. V. Vygovsky, S. Ya. Vavzhenchuk and others. Paper objective. With regard of definitions of the bond as the debt security of the documentary form of issue which has been proposed by the scientists specialized on civil law problems  at different times of the development of the teaching on securities and specific features of the book–entry securities as certain rights, it is necessary to allocate  peculiarities of   the legal order and legal nature of the book-entry bonds as a variety of the debt securities. Paper main body. In the article the different approaches to the definition of the bond have been given. It is specified that the documentary bond as the debt security mediates or establishes   relations of   the loan between the issuer of the bond and its owner and  obligates the issuer to return a certain cash equivalent within a specified period and to pay a certain percentage (profit. On the base of the comparative analysis of the documentary and book-entry securities the content of which includes the certain rights, the features of the book-entry bond as the debt security have been allocated: 1 the content of the right, embodied in the decision on the issue of the securities and in the securities emission prospectus, includes property ( obligation right of the requirement by its owner to return their nominal value and the

Automated analysis of security requirements through risk-based argumentation

NARCIS (Netherlands)

Yu, Yijun; Nunes Leal Franqueira, V.; Tun, Thein Tan; Wieringa, Roelf J.; Nuseibeh, Bashar

2015-01-01

Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about

Web Services Security - Implementation and Evaluation Issues

Science.gov (United States)

Pimenidis, Elias; Georgiadis, Christos K.; Bako, Peter; Zorkadis, Vassilis

Web services development is a key theme in the utilization the commercial exploitation of the semantic web. Paramount to the development and offering of such services is the issue of security features and they way these are applied in instituting trust amongst participants and recipients of the service. Implementing such security features is a major challenge to developers as they need to balance these with performance and interoperability requirements. Being able to evaluate the level of security offered is a desirable feature for any prospective participant. The authors attempt to address the issues of security requirements and evaluation criteria, while they discuss the challenges of security implementation through a simple web service application case.

A macro-economic framework for evaluation of cyber security risks related to protection of intellectual property.

Science.gov (United States)

Andrijcic, Eva; Horowitz, Barry

2006-08-01

The article is based on the premise that, from a macro-economic viewpoint, cyber attacks with long-lasting effects are the most economically significant, and as a result require more attention than attacks with short-lasting effects that have historically been more represented in literature. In particular, the article deals with evaluation of cyber security risks related to one type of attack with long-lasting effects, namely, theft of intellectual property (IP) by foreign perpetrators. An International Consequence Analysis Framework is presented to determine (1) the potential macro-economic consequences of cyber attacks that result in stolen IP from companies in the United States, and (2) the likely sources of such attacks. The framework presented focuses on IP theft that enables foreign companies to make economic gains that would have otherwise benefited the U.S. economy. Initial results are presented.

Essence and evolution of the economic security notion

Directory of Open Access Journals (Sweden)

Holikov Ivan V.

2014-01-01

Full Text Available The article shows the essence and evolution of the economic security notion. It shows that the “economic security” notion is based on a number of definitions and principles of “security”. It establishes that in the result of development of the post-industrial society and complication of social and state relations, this notion was used with economic orientation. It shows that nowadays economic security is understood as the state, in which such components as financial, information, socio-economic, institutional and legal, technical and technological, intellectual and personnel, power and ecological activity are in the states of “absence of threat”, “safety”, “protection from threats”, “protection”, “reliability”, “stability”, “rest”, “independence” and “within acceptable bounds”. Moreover, there is a system of prevention or reduction of impact of threats under controlled conditions. The article shows that economic security is a dynamic component of the economy, which adapts to the needs of the time. The current stage of the state development requires taking into account specific and address specific features of the object of study (for example, branch for ensuring economic security under conditions of appearance of negative phenomena of uncertainty and risk. The prospect of further studies is developing new systems of economic security with consideration of historical grounds and modern tendencies of development of economic relations.

Usable Security and E-Banking: ease of use vis-a-vis security

Directory of Open Access Journals (Sweden)

Morten Hertzum

2004-05-01

Full Text Available Electronic banking must be secure and easy to use. An evaluation of six Danish web-based electronic banking systems indicates that the systems have serious weaknesses with respect to ease of use. Our analysis of the weaknesses suggests that security requirements are among their causes and that the weaknesses may in turn cause decreased security. We view the conflict between ease of use and security in the context of usable security, a concept that is intended to match security principles and demands against user knowledge and motivation. Automation, instruction, and understanding can be identified as different approaches to usable security. Instruction is the main approach of the systems evaluated; automation relieves the user from involvement in security, as far as possible; and understanding goes beyond step-by-step instructions, to enable users to act competently and safely in situations that transcend preconceived instructions. We discuss the pros and cons of automation and understanding as alternative approaches to the design of web-based e-banking systems.

Macro Security Methodology for Conducting Facility Security and Sustainability Assessments

International Nuclear Information System (INIS)

Herdes, Greg A.; Freier, Keith D.; Wright, Kyle A.

2007-01-01

Pacific Northwest National Laboratory (PNNL) has developed a macro security strategy that not only addresses traditional physical protection systems, but also focuses on sustainability as part of the security assessment and management process. This approach is designed to meet the needs of virtually any industry or environment requiring critical asset protection. PNNL has successfully demonstrated the utility of this macro security strategy through its support to the NNSA Office of Global Threat Reduction implementing security upgrades at international facilities possessing high activity radioactive sources that could be used in the assembly of a radiological dispersal device, commonly referred to as a 'dirty bomb'. Traditional vulnerability assessments provide a snap shot in time of the effectiveness of a physical protection system without significant consideration to the sustainability of the component elements that make up the system. This paper describes the approach and tools used to integrate technology, plans and procedures, training, and sustainability into a simple, quick, and easy-to-use security assessment and management tool.

Security Considerations and Recommendations in Computer-Based Testing

Directory of Open Access Journals (Sweden)

Saleh M. Al-Saleem

2014-01-01

Full Text Available Many organizations and institutions around the globe are moving or planning to move their paper-and-pencil based testing to computer-based testing (CBT. However, this conversion will not be the best option for all kinds of exams and it will require significant resources. These resources may include the preparation of item banks, methods for test delivery, procedures for test administration, and last but not least test security. Security aspects may include but are not limited to the identification and authentication of examinee, the risks that are associated with cheating on the exam, and the procedures related to test delivery to the examinee. This paper will mainly investigate the security considerations associated with CBT and will provide some recommendations for the security of these kinds of tests. We will also propose a palm-based biometric authentication system incorporated with basic authentication system (username/password in order to check the identity and authenticity of the examinee.

Security considerations and recommendations in computer-based testing.

Science.gov (United States)

Al-Saleem, Saleh M; Ullah, Hanif

2014-01-01

Many organizations and institutions around the globe are moving or planning to move their paper-and-pencil based testing to computer-based testing (CBT). However, this conversion will not be the best option for all kinds of exams and it will require significant resources. These resources may include the preparation of item banks, methods for test delivery, procedures for test administration, and last but not least test security. Security aspects may include but are not limited to the identification and authentication of examinee, the risks that are associated with cheating on the exam, and the procedures related to test delivery to the examinee. This paper will mainly investigate the security considerations associated with CBT and will provide some recommendations for the security of these kinds of tests. We will also propose a palm-based biometric authentication system incorporated with basic authentication system (username/password) in order to check the identity and authenticity of the examinee.

Security in transnational interoperable PPDR communications: Threats and requirements

NARCIS (Netherlands)

Ferrús, R.; Sallent, O.; Verkoelen, C.; Fransen, F.; Saijonmaa, J.; Olivieri, C.; Duits, M.; Galin, A.; Pangallo, F.; Modi, D.P.

2015-01-01

The relevance of cross border security operations has been identified as a priority at European level for a long time. A European network where Public Protection and Disaster Relief (PPDR) forces share communications processes and a legal framework would greatly enforce response to disaster recovery

Implementing Cyber Security Requirements and Mechanisms in Microgrids

OpenAIRE

Mohan , Apurva; Khurana , Himanshu

2015-01-01

Part 4: INFRASTRUCTURE SECURITY; International audience; A microgrid is a collection of distributed energy resources, storage and loads under common coordination and control that provides a single functional interface to enable its management as a single unit. Microgrids provide several advantages such as power quality control, uninterrupted power supply and integration of renewable resources. However, microgrids are increasingly connected to the Internet for remote control and management, wh...

Role of security during safety-related emergencies at nuclear power plants

International Nuclear Information System (INIS)

Cardwell, R.G.; Moul, D.A.; McBride, J.A.; Wilson, C.W.

1984-03-01

This report provides an analysis of the literature and on-site data gathering relating to the actions of security forces at licensed nuclear power plants during safety-related emergencies. Literature search findings and results of on-site data gathering are furnished and subjected to analysis. Taking into account the analysis provided, appropriate recommendations are presented. Recommendations are keyed as to how improvements can be made in the regulatory approach and licensee planning and procedures as they relate to the subject matter under examination. In addition, certain technological problems and issues are examined within the context of the study. Appendices provide the results of the literature search, an annotated bibliography, the Data Collection Guide used, and additional details regarding certain aspects of the study that are relevant for further explication of the body of the report

One health security: an important component of the global health security agenda.

Science.gov (United States)

Gronvall, Gigi; Boddie, Crystal; Knutsson, Rickard; Colby, Michelle

2014-01-01

The objectives of the Global Health Security Agenda (GHSA) will require not only a "One Health" approach to counter natural disease threats against humans, animals, and the environment, but also a security focus to counter deliberate threats to human, animal, and agricultural health and to nations' economies. We have termed this merged approach "One Health Security." It will require the integration of professionals with expertise in security, law enforcement, and intelligence to join the veterinary, agricultural, environmental, and human health experts essential to One Health and the GHSA. Working across such different professions, which occasionally have conflicting aims and different professional cultures, poses multiple challenges, but a multidisciplinary and multisectoral approach is necessary to prevent disease threats; detect them as early as possible (when responses are likely to be most effective); and, in the case of deliberate threats, find who may be responsible. This article describes 2 project areas that exemplify One Health Security that were presented at a workshop in January 2014: the US government and private industry efforts to reduce vulnerabilities to foreign animal diseases, especially foot-and-mouth disease; and AniBioThreat, an EU project to counter deliberate threats to agriculture by raising awareness and implementing prevention and response policies and practices.

14 CFR 121.538 - Aircraft security.

Science.gov (United States)

2010-01-01

... 14 Aeronautics and Space 3 2010-01-01 2010-01-01 false Aircraft security. 121.538 Section 121.538..., FLAG, AND SUPPLEMENTAL OPERATIONS Flight Operations § 121.538 Aircraft security. Certificate holders conducting operations under this part must comply with the applicable security requirements in 49 CFR chapter...

14 CFR 135.125 - Aircraft security.

Science.gov (United States)

2010-01-01

... 14 Aeronautics and Space 3 2010-01-01 2010-01-01 false Aircraft security. 135.125 Section 135.125....125 Aircraft security. Certificate holders conducting operators conducting operations under this part must comply with the applicable security requirements in 49 CFR chapter XII. [67 FR 8350, Feb. 22, 2002] ...

46 CFR 10.214 - Security Check.

Science.gov (United States)

2010-10-01

... 46 Shipping 1 2010-10-01 2010-10-01 false Security Check. 10.214 Section 10.214 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN MERCHANT MARINER CREDENTIAL General Requirements for All Merchant Mariner Credentials § 10.214 Security Check. Until April 15, 2009...

AP1000 Design for Security

International Nuclear Information System (INIS)

Long, L.B.; Cummins, W.E.; Winters, J.W.

2006-01-01

Nuclear power plants are protected from potential security threats through a combination of robust structures around the primary system and other vital equipment, security systems and equipment, and defensive strategy. The overall objective for nuclear power plant security is to protect public health and safety by ensuring that attacks or sabotage do not challenge the ability to safely shutdown the plant or protect from radiological releases. In addition, plants have systems, features and operational strategies to cope with external conditions, such as loss of offsite power, which could be created as part of an attack. Westinghouse considered potential security threats during design of the AP1000 PWR. The differences in plant configuration, safety system design, and safe shutdown equipment between existing plants and AP1000 affect potential vulnerabilities. This paper provides an evaluation of AP1000 with respect to vulnerabilities to security threats. The AP1000 design differs from the design of operating PWRs in the US in the configuration and the functional requirements for safety systems. These differences are intentional departures from conventional PWR designs which simplify plant design and enhance overall safety. The differences between the AP1000 PWR and conventional PWRs can impact vulnerabilities to security threats. The NRC addressed security concerns as part of their reviews for AP1000 Design Certification, and did not identify any security issues of concern. However, much of the detailed security design information for the AP1000 was deferred to the combined Construction and Operating License (COL) phase as many of the security issues are site-specific. Therefore, NRC review of security issues related to the AP1000 is not necessarily complete. Further, since the AP1000 plant design differs from existing PWRs, it is not obvious that the analyses and assessments prepared for existing plants also apply to the AP1000. We conclude that, overall, the AP1000

Secure Multiparty AES

Science.gov (United States)

Damgård, Ivan; Keller, Marcel

We propose several variants of a secure multiparty computation protocol for AES encryption. The best variant requires 2200 + {{400}over{255}} expected elementary operations in expected 70 + {{20}over{255}} rounds to encrypt one 128-bit block with a 128-bit key. We implemented the variants using VIFF, a software framework for implementing secure multiparty computation (MPC). Tests with three players (passive security against at most one corrupted player) in a local network showed that one block can be encrypted in 2 seconds. We also argue that this result could be improved by an optimized implementation.

Knowledge-based computer security advisor

International Nuclear Information System (INIS)

Hunteman, W.J.; Squire, M.B.

1991-01-01

The rapid expansion of computer security information and technology has included little support to help the security officer identify the safeguards needed to comply with a policy and to secure a computing system. This paper reports that Los Alamos is developing a knowledge-based computer security system to provide expert knowledge to the security officer. This system includes a model for expressing the complex requirements in computer security policy statements. The model is part of an expert system that allows a security officer to describe a computer system and then determine compliance with the policy. The model contains a generic representation that contains network relationships among the policy concepts to support inferencing based on information represented in the generic policy description

A Research on Issues Related to RFID Security and Privacy

Science.gov (United States)

Kim, Jongki; Yang, Chao; Jeon, Jinhwan

Radio Frequency Identification (RFID) is a technology for automated identification of objects and people. RFID systems have been gaining more popularity in areas especially in supply chain management and automated identification systems. However, there are many existing and potential problems in the RFID systems which could threat the technology's future. To successfully adopt RFID technology in various applications, we need to develop the solutions to protect the RFID system's data information. This study investigates important issues related to privacy and security of RFID based on the recent literature and suggests solutions to cope with the problem.

THE FACTOR OF ENERGY-INFORMATION SECURITY IN THE FRAMEWORK OF GLOBAL CIVILIZATION-RELATED CHANGES

OpenAIRE

Alexey Viktorovich SUHORUKHIH

2015-01-01

The paper examined the grounds having involved global social and cultural changes, and emphasized the precedence taken by an energy-information component to the geopolitical dynamics of the civilization continuum. The study emphasized the relevance of new facets in social and cultural insight urged to respond to challenges of direct mental hazards emerging over the world, and requirement of energy-information security the civilization has sought for, assumed to be the framework for considerin...

Safeguards and security considerations for automated and robotic systems

International Nuclear Information System (INIS)

Jordan, S.E.; Jaeger, C.D.

1994-01-01

Within the reconfigured Nuclear Weapons Complex there will be a large number of automated and robotic (A ampersand R) systems because of the many benefits derived from their use. To meet the overall security requirements of a facility, consideration must be given to those systems that handle and process nuclear material. Since automation and robotics is a relatively new technology, not widely applied to the Nuclear Weapons Complex, safeguards and security (S ampersand S) issues related to these systems have not been extensively explored, and no guidance presently exists. The goal of this effort is to help integrate S ampersand S into the design of future A ampersand R systems. Towards this, the authors first examined existing A and R systems from a security perspective to identify areas of concern and possible solutions of these problems. They then were able to develop generalized S ampersand S guidance and design considerations for automation and robotics

Safeguards and security considerations for automated and robotic systems

International Nuclear Information System (INIS)

Jordan, S.E.; Jaeger, C.D.

1994-01-01

Within the reconfigured Nuclear Weapons Complex there will be a large number of automated and robotic (A ampersand R) systems because of the many benefits derived from their use. To meet the overall security requirements of a facility, consideration must be given to those systems that handle and process nuclear material. Since automation and robotics is a relatively new technology, not widely applied to the Nuclear Weapons Complex, safeguards and security (S ampersand S) issues related to these systems have not been extensively explored, and no guidance presently exists. The goal of this effort is to help integrate S ampersand S into the design of future A ampersand R systems. Towards this, we first examined existing A ampersand R systems from a security perspective to identify areas of concern and possible solutions to these problems. We then were able to develop generalized S ampersand S guidance and design considerations for automation and robotics

Study of Security Attributes of Smart Grid Systems- Current Cyber Security Issues

Energy Technology Data Exchange (ETDEWEB)

Wayne F. Boyer; Scott A. McBride

2009-04-01

This document provides information for a report to congress on Smart Grid security as required by Section 1309 of Title XIII of the Energy Independence and Security Act of 2007. The security of any future Smart Grid is dependent on successfully addressing the cyber security issues associated with the nation’s current power grid. Smart Grid will utilize numerous legacy systems and technologies that are currently installed. Therefore, known vulnerabilities in these legacy systems must be remediated and associated risks mitigated in order to increase the security and success of the Smart Grid. The implementation of Smart Grid will include the deployment of many new technologies and multiple communication infrastructures. This report describes the main technologies that support Smart Grid and summarizes the status of implementation into the existing U.S. electrical infrastructure.

THE FRAMEWORK STRATEGY RELATED TO SECURITY IN SOUTH-EASTERN EUROPE

Directory of Open Access Journals (Sweden)

Valentin-Bogdan DĂNILĂ

2012-06-01

Full Text Available When discussing the current strategic environment, there is the "when" of the Cold War and the first half of the '90s, and the "now" of today. The changing demography and migration patterns, ethnic and religious tensions, environmental degradation, instability coming from states that are likely to decline or have already fallen, and growing proliferation of weapons are just some of the problems that have exacerbated the differences between security "then" and "now", such as the transnational terrorist attacks after September 11, 2001. The concept of security was much disputed, as seen from a study of the United Nations in 1986, developed by a group of experts on the concept of security, resulting in the existence of a limited conceptual similarity between them Mankind has always been concerned with building or rebuilding peace and security During the Cold War, Central and Eastern European countries were not talking about a national security concept in the Western sense of the word, but about a military doctrine of the Warsaw Pact and, in some cases, as was that of Romania, about a national military doctrine. After the fall of the Iron Curtain, those countries have gradually chosen to use the concept of national security, a term that takes into account all types of threats to national interests, and also the whole range of ways to counter them, the military not having the leading role any longer.

15 CFR 742.4 - National security.

Science.gov (United States)

2010-01-01

... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false National security. 742.4 Section 742.4... INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS CONTROL POLICY-CCL BASED CONTROLS § 742.4 National security. (a) License requirements. It is the policy of the United States to...

Constructing RBAC Based Security Model in u-Healthcare Service Platform

Directory of Open Access Journals (Sweden)

Moon Sun Shin

2015-01-01

Full Text Available In today’s era of aging society, people want to handle personal health care by themselves in everyday life. In particular, the evolution of medical and IT convergence technology and mobile smart devices has made it possible for people to gather information on their health status anytime and anywhere easily using biometric information acquisition devices. Healthcare information systems can contribute to the improvement of the nation’s healthcare quality and the reduction of related cost. However, there are no perfect security models or mechanisms for healthcare service applications, and privacy information can therefore be leaked. In this paper, we examine security requirements related to privacy protection in u-healthcare service and propose an extended RBAC based security model. We propose and design u-healthcare service integration platform (u-HCSIP applying RBAC security model. The proposed u-HCSIP performs four main functions: storing and exchanging personal health records (PHR, recommending meals and exercise, buying/selling private health information or experience, and managing personal health data using smart devices.

Grid Security

CERN Multimedia

CERN. Geneva

2004-01-01

The aim of Grid computing is to enable the easy and open sharing of resources between large and highly distributed communities of scientists and institutes across many independent administrative domains. Convincing site security officers and computer centre managers to allow this to happen in view of today's ever-increasing Internet security problems is a major challenge. Convincing users and application developers to take security seriously is equally difficult. This paper will describe the main Grid security issues, both in terms of technology and policy, that have been tackled over recent years in LCG and related Grid projects. Achievements to date will be described and opportunities for future improvements will be addressed.

How Ending Impunity for Conflict-Related Sexual Violence Overwhelmed the UN Women, Peace, and Security Agenda: A Discursive Genealogy.

Science.gov (United States)

Reilly, Niamh

2018-05-01

The recent unprecedented focus on ending impunity for conflict-related sexual violence (CRSV) is positive in many respects. However, it has narrowed the scope of Security Council Resolution 1325 and the women, peace, and security (WPS) agenda it established in 2000. Through a critical discursive genealogy of the interrelation of two UN agendas-protection of civilians in armed conflict and women, peace, and security-the author traces how CRSV emerged as the defining issue of the latter while the transformative imperative of making women's participation central to every UN endeavor for peace and security has failed to gain traction.

Parental attachment style: examination of links with parent secure base provision and adolescent secure base use.

Science.gov (United States)

Jones, Jason D; Cassidy, Jude

2014-01-01

The secure base construct represents one of attachment theory's most important contributions to our understanding of parent-child relationships and child development. The present study represents the first examination of how parents' self-reported attachment styles relate to parental secure base provision and adolescent (mean age = 16.6 years, SE = .59) secure base use during an observed parent-adolescent interaction. Further, the present study is the first to examine how fathers', as well as mothers', attachment styles relate to observed behavior in a parent-child interaction. At the bivariate level, maternal avoidance, but not anxiety, was negatively associated with observed adolescent secure base use. In addition, path analysis revealed that maternal avoidance was indirectly related to less adolescent secure base use through mothers' self-reported hostile behavior toward their adolescents and through adolescents' less positive perceptions of their mothers. Further, paternal anxiety, but not avoidance, was indirectly related to less adolescent secure base use through fathers' self-reported hostile behavior toward their adolescents. No significant findings emerged in relation to parental secure base provision. We discuss these results in the context of attachment theory and suggest directions for future research.

Obstacle of Team Teaching and Collaborative Learning in Information Security

Directory of Open Access Journals (Sweden)

Marn-Ling Shing

2007-10-01

Full Text Available The field of information security includes diverse contents such as network security and computer forensics which are highly technical-oriented topics. In addition, information forensic requires the background of criminology. The information security also includes non-technical content such as information ethics and security laws. Because the diverse nature of information security, Shing et al. has proposed the use of team teaching and collaborative learning for the information security classes. Although team teaching seems to be efficient in information security, practically it needs a few challenges. The Purdue's case mentioned in Shing's paper has funding support of National Security Agency (NSA. However, a vast amount of resources may not be available for an instructor in a normal university. In addition, many obstacles are related to the administration problems. For example, how are the teaching evaluations computed if there are multiple instructors for a single course? How will instructors in a computer forensics class prepare students (criminal justice majors and information technology majors before taking the same class with diverse background? The paper surveyed approximately 25 students in a university in Virginia concerning the satisfaction of team-teaching. Finally, this paper describes ways to meet those challenges.

Device-independent two-party cryptography secure against sequential attacks

DEFF Research Database (Denmark)

Kaniewski, Jedrzej; Wehner, Stephanie

2016-01-01

The goal of two-party cryptography is to enable two parties, Alice and Bob, to solve common tasks without the need for mutual trust. Examples of such tasks are private access to a database, and secure identification. Quantum communication enables security for all of these problems in the noisy......-storage model by sending more signals than the adversary can store in a certain time frame. Here, we initiate the study of device-independent (DI) protocols for two-party cryptography in the noisy-storage model. Specifically, we present a relatively easy to implement protocol for a cryptographic building block...... known as weak string erasure and prove its security even if the devices used in the protocol are prepared by the dishonest party. DI two-party cryptography is made challenging by the fact that Alice and Bob do not trust each other, which requires new techniques to establish security. We fully analyse...

Perspective on Secure Development Activities and Features of Safety I and C Systems

International Nuclear Information System (INIS)

Kang, Youngdoo; Yu, Yeong Jin; Kim, Hyungtae; Kwon, Yong il; Park, Yeunsoo; Choo, Jaeyul; Son, Jun Young; Jeong, Choong Heui

2015-01-01

The Enforcement Decree of the Act on Physical Protection and Radiological Emergency (ED-APPRE) was revised December 2013 to include security requirements on computer systems at nuclear facilities to protect those systems against malicious cyber-attacks. It means Cyber-Security-related measures, controls and activities of safety I and C systems against cyber-attacks shall meet the requirements of ED-APPRE. Still regulation upon inadvertent access or non-malicious modifications to the safety I and C systems is covered under the Nuclear Safety Act. The objective of this paper is to propose KINS' regulatory perspective on secure development and features against non-malicious access or modification of safety I and C systems. Secure development activities and features aim to prevent inadvertent and non-malicious access, and to prevent unwanted action from personnel or connected systems for ensuring reliable operation of safety I and C systems. Secure development activities of safety I and C systems are life cycle activities to ensure unwanted, unneeded and undocumented code is not incorporated into the systems. Secure features shall be developed, verified and qualified throughout the development life cycle

Perspective on Secure Development Activities and Features of Safety I and C Systems

Energy Technology Data Exchange (ETDEWEB)