Security Engine Management of Router based on Security Policy

OpenAIRE

Su Hyung Jo; Ki Young Kim; Sang Ho Lee

2007-01-01

Security management has changed from the management of security equipments and useful interface to manager. It analyzes the whole security conditions of network and preserves the network services from attacks. Secure router technology has security functions, such as intrusion detection, IPsec(IP Security) and access control, are applied to legacy router for secure networking. It controls an unauthorized router access and detects an illegal network intrusion. This paper re...

21st Century Security Manager

Directory of Open Access Journals (Sweden)

Stelian ARION

2010-11-01

Full Text Available We live in world of uncertainty that generates major paradigms changing that affect security risk management. Modern organization’s security risks management can’t be done without a profound knowlegde and daily practice for security governance, security risk management and resilience. 21st Century security manager need to deal with several areas of konwledge in order to succesfully manage security risks. The document presents the advantages, disadvantages and challenges for security managers thah have government backgroud, or IT security backgroud, or are promoted from organization’s inside leaders. There are six different areas of knowledge that successful security programs of the future must incorporate, either in the knowledge base of their leaders or in the collective knowledge of the leading staff. They are government elements, security organization, emerging issue awareness, IT security, business elements and executive leadership.

Information security cost management

CERN Document Server

Bazavan, Ioana V

2006-01-01

While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner.Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book demonstrates how to design the best security strategy with the resources you have available. Organized into five sections, the book-Focuses on setting the right road map so that you can be most effective in your information security implementationsDiscusses cost-effective staffing, the single biggest expense to the security organizationPresents practical ways to build and manage the documentation that details strategy, provides resources for operating annual audits, and illustrates how to advertise accomplishments to senior management effectivelyI...

Managing Cisco network security

CERN Document Server

Knipp, Eric

2002-01-01

An in-depth knowledge of how to configure Cisco IP network security is a MUST for anyone working in today''s internetworked world"There''s no question that attacks on enterprise networks are increasing in frequency and sophistication..."-Mike Fuhrman, Cisco Systems Manager, Security ConsultingManaging Cisco Network Security, Second Edition offers updated and revised information covering many of Cisco''s security products that provide protection from threats, detection of network security incidents, measurement of vulnerability and policy compliance and management of security policy across an extended organization. These are the tools that network administrators have to mount defenses against threats. Chapters also cover the improved functionality and ease of the Cisco Secure Policy Manger software used by thousands of small-to-midsized businesses and a special section on the Cisco Aironet Wireless Security Solutions.Security from a real-world perspectiveKey coverage of the new technologies offered by the Cisc...

Information security management handbook

CERN Document Server

Tipton, Harold F

2006-01-01

Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Application Program Security. Cryptography. Computer, System, and Security Architecture. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigation and Ethics. Physical Security.

System Security Management in SNMP

OpenAIRE

P. Deivendran; Dr. R. Dhanapal Ph.D

2010-01-01

We present a framework for managing system security, based on a SNMP Management Information Base (MIB), namely the System Security MIB (SSEC MIB), We have defined managed objects and completed the ASN.1 description of the MIB that embeds them. The related security management functions are mainly focused on monitoring external script execution for system security scanning and access control. The main goal of this work is to introduce the semantics and a standard interface that will allow the r...

Information security management handbook

CERN Document Server

2002-01-01

The Information Security Management Handbook continues its tradition of consistently communicating the fundamental concepts of security needed to be a true CISSP. In response to new developments, Volume 4 supplements the previous volumes with new information covering topics such as wireless, HIPAA, the latest hacker attacks and defenses, intrusion detection, and provides expanded coverage on security management issues and applications security. Even those that don't plan on sitting for the CISSP exam will find that this handbook is a great information security reference.The changes in the tech

ICT security management

OpenAIRE

SCHREURS, Jeanne; MOREAU, Rachel

2007-01-01

Security becomes more and more important and companies are aware that it has become a management problem. It’s critical to know what are the critical resources and processes of the company and their weaknesses. A security audit can be a handy solution. We have developed BEVA, a method to critically analyse the company and to uncover the weak spots in the security system. BEVA results also in a general security score and security scores for each security factor. These will be used in the risk ...

Secure Sessions for Web Services

NARCIS (Netherlands)

Reiter, M.; Bhargavan, K.; Corin, R.J.; Fournet, C.; Gordon, A.D.

2007-01-01

We address the problem of securing sequences of SOAP messages exchanged between web services and their clients. The WS-Security standard defines basic mechanisms to secure SOAP traffic, one message at a time. For typical web services, however, using WS-Security independently for each message is

A Secured Load Mitigation and Distribution Scheme for Securing SIP Server

Directory of Open Access Journals (Sweden)

Vennila Ganesan

2017-01-01

Full Text Available Managing the performance of the Session Initiation Protocol (SIP server under heavy load conditions is a critical task in a Voice over Internet Protocol (VoIP network. In this paper, a two-tier model is proposed for the security, load mitigation, and distribution issues of the SIP server. In the first tier, the proposed handler segregates and drops the malicious traffic. The second tier provides a uniform load of distribution, using the least session termination time (LSTT algorithm. Besides, the mean session termination time is minimized by reducing the waiting time of the SIP messages. Efficiency of the LSTT algorithm is evaluated through the experimental test bed by considering with and without a handler. The experimental results establish that the proposed two-tier model improves the throughput and the CPU utilization. It also reduces the response time and error rate while preserving the quality of multimedia session delivery. This two-tier model provides robust security, dynamic load distribution, appropriate server selection, and session synchronization.

Location-Aware Dynamic Session-Key Management for Grid-Based Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

I-Hsien Lin

2010-08-01

Full Text Available Security is a critical issue for sensor networks used in hostile environments. When wireless sensor nodes in a wireless sensor network are distributed in an insecure hostile environment, the sensor nodes must be protected: a secret key must be used to protect the nodes transmitting messages. If the nodes are not protected and become compromised, many types of attacks against the network may result. Such is the case with existing schemes, which are vulnerable to attacks because they mostly provide a hop-by-hop paradigm, which is insufficient to defend against known attacks. We propose a location-aware dynamic session-key management protocol for grid-based wireless sensor networks. The proposed protocol improves the security of a secret key. The proposed scheme also includes a key that is dynamically updated. This dynamic update can lower the probability of the key being guessed correctly. Thus currently known attacks can be defended. By utilizing the local information, the proposed scheme can also limit the flooding region in order to reduce the energy that is consumed in discovering routing paths.

A Security Audit Framework to Manage Information System Security

Science.gov (United States)

Pereira, Teresa; Santos, Henrique

The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

Proceedings of the eighth annual DOE low-level waste management forum: Executive summary, opening plenary session, closing plenary session, attendees

Energy Technology Data Exchange (ETDEWEB)

1987-02-01

The Eighth Annual DOE (Department of Energy) Low-Level Waste Management Forum was held in September 1986, in Denver, Colorado, to provide a forum for exchange of information on low-level radioactive waste (LLW) management activities, requirements, and plans. The one hundred ninety attendees included representatives from the DOE Nuclear Energy and Defense Low-Level Waste Management Programs, DOE Operations Offices and their contractors; representatives from the US Nuclear Regulatory Commission (NRC), US Environmental Protection Agency (EPA), US Geological Survey, and their contractors; representatives of states and regions responsible for development of new commercial low-level waste disposal facilities; representatives of utilities, private contractors, disposal facility operators, and other parties concerned with low-level waste management issues. Plenary sessions were held at the beginning and conclusion of the meeting, while eight concurrent topical sessions were held during the intervening two days. The meeting was organized by topical areas to allow for information exchange and discussion on current and future low-level radioactive waste management challenges. Session chairmen presented summaries of the discussions and conclusions resulting from their respective sessions. Selected papers in this volume have been processed for inclusion in the Energy Data Base.

Proceedings of the eighth annual DOE low-level waste management forum: Executive summary, opening plenary session, closing plenary session, attendees

International Nuclear Information System (INIS)

1987-02-01

The Eighth Annual DOE (Department of Energy) Low-Level Waste Management Forum was held in September 1986, in Denver, Colorado, to provide a forum for exchange of information on low-level radioactive waste (LLW) management activities, requirements, and plans. The one hundred ninety attendees included representatives from the DOE Nuclear Energy and Defense Low-Level Waste Management Programs, DOE Operations Offices and their contractors; representatives from the US Nuclear Regulatory Commission (NRC), US Environmental Protection Agency (EPA), US Geological Survey, and their contractors; representatives of states and regions responsible for development of new commercial low-level waste disposal facilities; representatives of utilities, private contractors, disposal facility operators, and other parties concerned with low-level waste management issues. Plenary sessions were held at the beginning and conclusion of the meeting, while eight concurrent topical sessions were held during the intervening two days. The meeting was organized by topical areas to allow for information exchange and discussion on current and future low-level radioactive waste management challenges. Session chairmen presented summaries of the discussions and conclusions resulting from their respective sessions. Selected papers in this volume have been processed for inclusion in the Energy Data Base

Project Management with IT Security Focus

OpenAIRE

Felician Alecu; Paul Pocatilu; Sergiu Capisizu

2011-01-01

The paper focus on the main key points related to the IT security project management. The most important lifecycle stages are identified: IT security project proposal definition, project organization, project planning, quality planning, project team organization, IT security project activities management and project closing. The most important success factors for IT security projects are the support of top-management, customer satisfaction, prevention over remediation and continuous progress....

Web application security: a beginner's guide

National Research Council Canada - National Science Library

Sullivan, Bryan; Liu, Vincent

2012-01-01

.... This practical resource includes chapters on authentication, authorization, and session management, along with browser, database, and file security--all supported by true stories from industry...

Managing information technology security risk

Science.gov (United States)

Gilliam, David

2003-01-01

Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

Information Security Management - Part Of The Integrated Management System

Science.gov (United States)

Manea, Constantin Adrian

2015-07-01

The international management standards allow their integrated approach, thereby combining aspects of particular importance to the activity of any organization, from the quality management systems or the environmental management of the information security systems or the business continuity management systems. Although there is no national or international regulation, nor a defined standard for the Integrated Management System, the need to implement an integrated system occurs within the organization, which feels the opportunity to integrate the management components into a cohesive system, in agreement with the purpose and mission publicly stated. The issues relating to information security in the organization, from the perspective of the management system, raise serious questions to any organization in the current context of electronic information, reason for which we consider not only appropriate but necessary to promote and implement an Integrated Management System Quality - Environment - Health and Operational Security - Information Security

Incentive Issues in Information Security Management

Science.gov (United States)

Lee, Chul Ho

2012-01-01

This dissertation studies three incentive issues in information security management. The first essay studies contract issues between a firm that outsources security functions and a managed security service provider (MSSP) that provides security functions to the firm. Since MSSP and firms cannot observe each other's actions, both can suffer…

Automated security management

CERN Document Server

Al-Shaer, Ehab; Xie, Geoffrey

2013-01-01

In this contributed volume, leading international researchers explore configuration modeling and checking, vulnerability and risk assessment, configuration analysis, and diagnostics and discovery. The authors equip readers to understand automated security management systems and techniques that increase overall network assurability and usability. These constantly changing networks defend against cyber attacks by integrating hundreds of security devices such as firewalls, IPSec gateways, IDS/IPS, authentication servers, authorization/RBAC servers, and crypto systems. Automated Security Managemen

DNS security management

CERN Document Server

Dooley, Michael

2017-01-01

An advanced Domain Name System (DNS) security resource that explores the operation of DNS, its vulnerabilities, basic security approaches, and mitigation strategies DNS Security Management offers an overall role-based security approach and discusses the various threats to the Domain Name Systems (DNS). This vital resource is filled with proven strategies for detecting and mitigating these all too frequent threats. The authors—noted experts on the topic—offer an introduction to the role of DNS and explore the operation of DNS. They cover a myriad of DNS vulnerabilities and include preventative strategies that can be implemented. Comprehensive in scope, the text shows how to secure DNS resolution with the Domain Name System Security Extensions (DNSSEC), DNS firewall, server controls, and much more. In addition, the text includes discussions on security applications facilitated by DNS, such as anti-spam, SFP, and DANE.

Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems.

Science.gov (United States)

Sutrala, Anil Kumar; Das, Ashok Kumar; Odelu, Vanga; Wazid, Mohammad; Kumari, Saru

2016-10-01

Information and communication and technology (ICT) has changed the entire paradigm of society. ICT facilitates people to use medical services over the Internet, thereby reducing the travel cost, hospitalization cost and time to a greater extent. Recent advancements in Telecare Medicine Information System (TMIS) facilitate users/patients to access medical services over the Internet by gaining health monitoring facilities at home. Amin and Biswas recently proposed a RSA-based user authentication and session key agreement protocol usable for TMIS, which is an improvement over Giri et al.'s RSA-based user authentication scheme for TMIS. In this paper, we show that though Amin-Biswas's scheme considerably improves the security drawbacks of Giri et al.'s scheme, their scheme has security weaknesses as it suffers from attacks such as privileged insider attack, user impersonation attack, replay attack and also offline password guessing attack. A new RSA-based user authentication scheme for TMIS is proposed, which overcomes the security pitfalls of Amin-Biswas's scheme and also preserves user anonymity property. The careful formal security analysis using the two widely accepted Burrows-Abadi-Needham (BAN) logic and the random oracle models is done. Moreover, the informal security analysis of the scheme is also done. These security analyses show the robustness of our new scheme against the various known attacks as well as attacks found in Amin-Biswas's scheme. The simulation of the proposed scheme using the widely accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is also done. We present a new user authentication and session key agreement scheme for TMIS, which fixes the mentioned security pitfalls found in Amin-Biswas's scheme, and we also show that the proposed scheme provides better security than other existing schemes through the rigorous security analysis and verification tool. Furthermore, we present the formal security

Information Security Management System toolkit

OpenAIRE

Καραμανλής, Μάνος; Karamanlis, Manos

2016-01-01

Secure management of information is becoming critical for any organization because information is one of the most valuable assets in organization’s business operations. An Information security management system (ISMS) consists of the policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its information assets. An ISMS is a systematic approach for establishing, implementing, operating, mon...

Information technology - Security techniques - Information security management systems - Requirements

CERN Document Server

International Organization for Standardization. Geneva

2005-01-01

ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

Computer security engineering management

International Nuclear Information System (INIS)

McDonald, G.W.

1988-01-01

For best results, computer security should be engineered into a system during its development rather than being appended later on. This paper addresses the implementation of computer security in eight stages through the life cycle of the system; starting with the definition of security policies and ending with continuing support for the security aspects of the system throughout its operational life cycle. Security policy is addressed relative to successive decomposition of security objectives (through policy, standard, and control stages) into system security requirements. This is followed by a discussion of computer security organization and responsibilities. Next the paper directs itself to analysis and management of security-related risks, followed by discussion of design and development of the system itself. Discussion of security test and evaluation preparations, and approval to operate (certification and accreditation), is followed by discussion of computer security training for users is followed by coverage of life cycle support for the security of the system

Security and Emergency Management Division

Data.gov (United States)

Federal Laboratory Consortium — Volpe's Security and Emergency Management Division identifies vulnerabilities, risks, and opportunities to improve the security of transportation systems, critical...

Information security management with ITIL V3

CERN Document Server

Cazemier, Jacques A; Peters, Louk

2010-01-01

This groundbreaking new title looks at Information Security from defining what security measures positively support the business, to implementation to maintaining the required level and anticipating required changes. It covers:Fundamentals of information security ? providing readers insight and give background about what is going to be managed. Topics covered include: types of security controls, business benefits and the perspectives of business, customers, partners, service providers, and auditors.Fundamentals of management of information security - explains what information security manageme

Information security management handbook

CERN Document Server

Tipton, Harold F

2003-01-01

Since 1993, the Information Security Management Handbook has served not only as an everyday reference for information security practitioners but also as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination. Now completely revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a complete understanding of all the items in it. This is a ...must have... book, both for preparing for the CISSP exam and as a c

Secure IP mobility management for VANET

CERN Document Server

Taha, Sanaa

2013-01-01

This brief presents the challenges and solutions for VANETs' security and privacy problems occurring in mobility management protocols including Mobile IPv6 (MIPv6), Proxy MIPv6 (PMIPv6), and Network Mobility (NEMO). The authors give an overview of the concept of the vehicular IP-address configurations as the prerequisite step to achieve mobility management for VANETs, and review the current security and privacy schemes applied in the three mobility management protocols. Throughout the brief, the authors propose new schemes and protocols to increase the security of IP addresses within VANETs in

An improved anti-leech mechanism based on session identifier

Science.gov (United States)

Zhang, Jianbiao; Zhu, Tong; Zhang, Han; Lin, Li

2012-01-01

With the rapid development of information technology and extensive requirement of network resource sharing, plenty of resource hotlinking phenomenons appear on the internet. The hotlinking problem not only harms the interests of legal websites but also leads to a great affection to fair internet environment. The anti-leech technique based on session identifier is highly secure, but the transmission of session identifier in plaintext form causes some security flaws. In this paper, a proxy hotlinking technique based on session identifier is introduced firstly to illustrate these security flaws; next, this paper proposes an improved anti-leech mechanism based on session identifier, the mechanism takes the random factor as the core and detects hotlinking request using a map table that contains random factor, user's information and time stamp; at last the paper analyzes the security of mechanism in theory. The result reveals that the improved mechanism has the merits of simple realization, high security and great flexibility.

Security Management Model in Cloud Computing Environment

OpenAIRE

Ahmadpanah, Seyed Hossein

2016-01-01

In the cloud computing environment, cloud virtual machine (VM) will be more and more the number of virtual machine security and management faced giant Challenge. In order to address security issues cloud computing virtualization environment, this paper presents a virtual machine based on efficient and dynamic deployment VM security management model state migration and scheduling, study of which virtual machine security architecture, based on AHP (Analytic Hierarchy Process) virtual machine de...

Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security (Self-Securing Devices)

National Research Council Canada - National Science Library

Ganger, Gregory R

2007-01-01

This report summarizes the results of the work on the AFOSR's Critical Infrastructure Protection Program project, entitled Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security...

Examining the Impact of Non-Technical Security Management Factors on Information Security Management in Health Informatics

Science.gov (United States)

Imam, Abbas H.

2013-01-01

Complexity of information security has become a major issue for organizations due to incessant threats to information assets. Healthcare organizations are particularly concerned with security owing to the inherent vulnerability of sensitive information assets in health informatics. While the non-technical security management elements have been at…

Additional Security Considerations for Grid Management

Science.gov (United States)

Eidson, Thomas M.

2003-01-01

The use of Grid computing environments is growing in popularity. A Grid computing environment is primarily a wide area network that encompasses multiple local area networks, where some of the local area networks are managed by different organizations. A Grid computing environment also includes common interfaces for distributed computing software so that the heterogeneous set of machines that make up the Grid can be used more easily. The other key feature of a Grid is that the distributed computing software includes appropriate security technology. The focus of most Grid software is on the security involved with application execution, file transfers, and other remote computing procedures. However, there are other important security issues related to the management of a Grid and the users who use that Grid. This note discusses these additional security issues and makes several suggestions as how they can be managed.

Understanding the security management practices of humanitarian organizations.

Science.gov (United States)

Bollettino, Vincenzo

2008-06-01

Humanitarian organisations operate in increasingly hostile environments. Although authoritative statistics are scarce, anecdotal evidence suggests that aid workers face life-threatening risks that are exacerbated by the growing number of humanitarian organisations operating in the field, the diversity of their mandates, the lack of common professional security standards, and limited success in inter-agency security coordination. Despite broad acceptance of the need for better security management and coordination, many humanitarian organisations remain ambivalent about devoting increased resources to security management and security coordination. A critical lack of basic empirical knowledge of the field security environment hampers efforts to enhance security management practices. The absence of a systematic means of sharing incident data undermines the capacity of the humanitarian community to address proactively security threats. In discussions about humanitarian staff safety and security, the least common denominator remains cumulative anecdotal evidence provided by the many security personnel working for humanitarian organisations in the feld.

Enhancing LoRaWAN Security through a Lightweight and Authenticated Key Management Approach.

Science.gov (United States)

Sanchez-Iborra, Ramon; Sánchez-Gómez, Jesús; Pérez, Salvador; Fernández, Pedro J; Santa, José; Hernández-Ramos, José L; Skarmeta, Antonio F

2018-06-05

Luckily, new communication technologies and protocols are nowadays designed considering security issues. A clear example of this can be found in the Internet of Things (IoT) field, a quite recent area where communication technologies such as ZigBee or IPv6 over Low power Wireless Personal Area Networks (6LoWPAN) already include security features to guarantee authentication, confidentiality and integrity. More recent technologies are Low-Power Wide-Area Networks (LP-WAN), which also consider security, but present initial approaches that can be further improved. An example of this can be found in Long Range (LoRa) and its layer-two supporter LoRa Wide Area Network (LoRaWAN), which include a security scheme based on pre-shared cryptographic material lacking flexibility when a key update is necessary. Because of this, in this work, we evaluate the security vulnerabilities of LoRaWAN in the area of key management and propose different alternative schemes. Concretely, the application of an approach based on the recently specified Ephemeral Diffie⁻Hellman Over COSE (EDHOC) is found as a convenient solution, given its flexibility in the update of session keys, its low computational cost and the limited message exchanges needed. A comparative conceptual analysis considering the overhead of different security schemes for LoRaWAN is carried out in order to evaluate their benefits in the challenging area of LP-WAN.

Homeland Security. Management Challenges Facing Federal Leadership

Science.gov (United States)

2002-12-01

Security Management Challenges Facing Federal Leadership 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT...including attention to management practices and key success factors. HOMELAND SECURITY Management Challenges Facing Federal Leadership www.gao.gov/cgi...significant management and coordination challenges if it is to provide this leadership and be successful in preventing and responding to any future

A secure file manager for UNIX

Energy Technology Data Exchange (ETDEWEB)

DeVries, R.G.

1990-12-31

The development of a secure file management system for a UNIX-based computer facility with supercomputers and workstations is described. Specifically, UNIX in its usual form does not address: (1) Operation which would satisfy rigorous security requirements. (2) Online space management in an environment where total data demands would be many times the actual online capacity. (3) Making the file management system part of a computer network in which users of any computer in the local network could retrieve data generated on any other computer in the network. The characteristics of UNIX can be exploited to develop a portable, secure file manager which would operate on computer systems ranging from workstations to supercomputers. Implementation considerations making unusual use of UNIX features, rather than requiring extensive internal system changes, are described, and implementation using the Cray Research Inc. UNICOS operating system is outlined.

Information Security Assessment of SMEs as Coursework -- Learning Information Security Management by Doing

Science.gov (United States)

Ilvonen, Ilona

2013-01-01

Information security management is an area with a lot of theoretical models. The models are designed to guide practitioners in prioritizing management resources in companies. Information security management education should address the gap between the academic ideals and practice. This paper introduces a teaching method that has been in use as…

Using the safety/security interface to the security manager's advantage

International Nuclear Information System (INIS)

Stapleton, B.W.

1993-01-01

Two aspects of the safety/security interface are discussed: (1) the personal safety of nuclear security officers; and (2) how the security manager can effectively deal with the safety/security interface in solving today's requirements yet supporting the overall mission of the facility. The basis of this presentation is the result of interviews, document analyses, and observations. The conclusion is that proper planning and communication between the players involved in the security/safety interface can benefit the two programs and help achieve overall system integration, ultimately contributing to the bottom line. This is especially important in today's cost conscious environment

Topical Session on Liabilities identification and long-term management at national level - Topical Session held during the 36. Meeting of the RWMC

International Nuclear Information System (INIS)

2003-01-01

These proceedings cover a topical session that was held at the March 2003 meeting of the Radioactive Waste Management Committee. The topical session focused on liability assessment and management for decommissioning of all types of nuclear installations, including decontamination of historic sites and waste management, as applicable. The presentations covered the current, national situations. The first oral presentation, from Switzerland, set the scene by providing a broad coverage of the relevant issues. The subsequent presentations - five from Member countries and one from the EC - described additional national positions and the evolving EC proposed directives. Each oral presentation was followed by a brief period of Q and As for clarification only. A plenary discussion took place on the ensemble of presentations and a Rapporteur provided a report on points made and lessons learnt. Additionally, written contributions were provided by RWMC delegates from several other countries. These are included in the proceedings as are the papers from the oral sessions, and the Rapporteur's report. These papers are not intended to be exhaustive, but to give an informed glimpse of NEA countries' approaches to liability identification and management in the context of nuclear facilities decommissioning and dismantling

Scientific forum during the 46th regular session of the IAEA General Conference. Topical issues: Nuclear Power - Life Cycle Management; Managing Nuclear Knowledge; Nuclear Security. Programme and synopses

International Nuclear Information System (INIS)

2002-01-01

In response to the recommendations of several Agency advisory committees, to address issues related to nuclear power life cycle management, knowledge management in the field of nuclear power, and security of radiation sources and other nuclear material the IAEA is organizing the scientific forum to be held during the General Conference. The purpose of the meeting is to sharpen awareness and understanding of the emerging concerns about the aging of nuclear power plants, maintenance and preservation of knowledge and expertise in nuclear science, technology and applications, to emphasise the significance of security and physical protection of radiation sources and other radioactive material, and to better comprehend the role of the Agency in these processes

Managing business compliance using model-driven security management

Science.gov (United States)

Lang, Ulrich; Schreiner, Rudolf

Compliance with regulatory and governance standards is rapidly becoming one of the hot topics of information security today. This is because, especially with regulatory compliance, both business and government have to expect large financial and reputational losses if compliance cannot be ensured and demonstrated. One major difficulty of implementing such regulations is caused the fact that they are captured at a high level of abstraction that is business-centric and not IT centric. This means that the abstract intent needs to be translated in a trustworthy, traceable way into compliance and security policies that the IT security infrastructure can enforce. Carrying out this mapping process manually is time consuming, maintenance-intensive, costly, and error-prone. Compliance monitoring is also critical in order to be able to demonstrate compliance at any given point in time. The problem is further complicated because of the need for business-driven IT agility, where IT policies and enforcement can change frequently, e.g. Business Process Modelling (BPM) driven Service Oriented Architecture (SOA). Model Driven Security (MDS) is an innovative technology approach that can solve these problems as an extension of identity and access management (IAM) and authorization management (also called entitlement management). In this paper we will illustrate the theory behind Model Driven Security for compliance, provide an improved and extended architecture, as well as a case study in the healthcare industry using our OpenPMF 2.0 technology.

Hotel Security Management : Case: Original Sokos Hotel Vaakuna Vaasa

OpenAIRE

Koskela, Jere

2016-01-01

This thesis studied hotel security management and examined one case hotel more closely on matters of security management. The case hotel in this research was Original Sokos Hotel Vaakuna Vaasa. The aim of the thesis was to find out how security aspects are managed and how they could be developed in the case hotel. This research was conducted to help the case hotel’s security supervisor to develop and improve security. The thesis consists of a theoretical framework and an empirical study. The ...

Improving organisational resilience through enterprise security risk management.

Science.gov (United States)

Petruzzi, John; Loyear, Rachelle

Enterprise Security Risk Management (ESRM) is a new philosophy and method of managing security programmes through the use of traditional risk principles. As a philosophy and life cycle, ESRM is focused on creating a business partnership between security practitioners and business leaders to more effectively provide protection against security risks in line with acceptable risk tolerances as defined by business asset owners and stakeholders. This paper explores the basics of the ESRM philosophy and life cycle and also shows how embracing the ESRM philosophy and implementing a risk-based security management model in the business organisation can lead to higher levels of organisational resilience as desired by organisation leaders, executives and the board of directors.

The Management and Security Expert (MASE)

Science.gov (United States)

Miller, Mark D.; Barr, Stanley J.; Gryphon, Coranth D.; Keegan, Jeff; Kniker, Catherine A.; Krolak, Patrick D.

1991-01-01

The Management and Security Expert (MASE) is a distributed expert system that monitors the operating systems and applications of a network. It is capable of gleaning the information provided by the different operating systems in order to optimize hardware and software performance; recognize potential hardware and/or software failure, and either repair the problem before it becomes an emergency, or notify the systems manager of the problem; and monitor applications and known security holes for indications of an intruder or virus. MASE can eradicate much of the guess work of system management.

Novel approach to information security management of confidential ...

African Journals Online (AJOL)

Novel approach to information security management of confidential and propriety information ... Journal of Fundamental and Applied Sciences ... valuable information by using steganography it can have a major impact security management.

Security engineering: systems engineering of security through the adaptation and application of risk management

Science.gov (United States)

Gilliam, David P.; Feather, Martin S.

2004-01-01

Information Technology (IT) Security Risk Management is a critical task in the organization, which must protect its resources and data against the loss of confidentiality, integrity, and availability. As systems become more complex and diverse, and more vulnerabilities are discovered while attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security. This paper describes an approach to address IT security risk through risk management and mitigation in both the institution and in the project life cycle.

Security Requirements Management in Software Product Line Engineering

Science.gov (United States)

Mellado, Daniel; Fernández-Medina, Eduardo; Piattini, Mario

Security requirements engineering is both a central task and a critical success factor in product line development due to the complexity and extensive nature of product lines. However, most of the current product line practices in requirements engineering do not adequately address security requirements engineering. Therefore, in this chapter we will propose a security requirements engineering process (SREPPLine) driven by security standards and based on a security requirements decision model along with a security variability model to manage the variability of the artefacts related to security requirements. The aim of this approach is to deal with security requirements from the early stages of the product line development in a systematic way, in order to facilitate conformance with the most relevant security standards with regard to the management of security requirements, such as ISO/IEC 27001 and ISO/IEC 15408.

Global Security Program Management Plan

Energy Technology Data Exchange (ETDEWEB)

Bretzke, John C. [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

2014-03-25

The Global Security Directorate mission is to protect against proliferant and unconventional nuclear threats –regardless of origin - and emerging new threats. This mission is accomplished as the Los Alamos National Laboratory staff completes projects for our numerous sponsors. The purpose of this Program Management Plan is to establish and clearly describe the GS program management requirements including instructions that are essential for the successful management of projects in accordance with our sponsor requirements. The detailed information provided in this document applies to all LANL staff and their subcontractors that are performing GS portfolio work. GS management is committed to a culture that ensures effective planning, execution, and achievement of measurable results in accordance with the GS mission. Outcomes of such a culture result in better communication, delegated authority, accountability, and increased emphasis on safely and securely achieving GS objectives.

Enhancing LoRaWAN Security through a Lightweight and Authenticated Key Management Approach

Directory of Open Access Journals (Sweden)

Ramon Sanchez-Iborra

2018-06-01

Full Text Available Luckily, new communication technologies and protocols are nowadays designed considering security issues. A clear example of this can be found in the Internet of Things (IoT field, a quite recent area where communication technologies such as ZigBee or IPv6 over Low power Wireless Personal Area Networks (6LoWPAN already include security features to guarantee authentication, confidentiality and integrity. More recent technologies are Low-Power Wide-Area Networks (LP-WAN, which also consider security, but present initial approaches that can be further improved. An example of this can be found in Long Range (LoRa and its layer-two supporter LoRa Wide Area Network (LoRaWAN, which include a security scheme based on pre-shared cryptographic material lacking flexibility when a key update is necessary. Because of this, in this work, we evaluate the security vulnerabilities of LoRaWAN in the area of key management and propose different alternative schemes. Concretely, the application of an approach based on the recently specified Ephemeral Diffie–Hellman Over COSE (EDHOC is found as a convenient solution, given its flexibility in the update of session keys, its low computational cost and the limited message exchanges needed. A comparative conceptual analysis considering the overhead of different security schemes for LoRaWAN is carried out in order to evaluate their benefits in the challenging area of LP-WAN.

Natural Resources Management for Sustainable Food Security in ...

International Development Research Centre (IDRC) Digital Library (Canada)

Natural Resources Management for Sustainable Food Security in the Sahel ... as well as strategies for managing the resource base with a view to improving food security. ... InnoVet-AMR grants to support development of innovative veterinary ...

Security management of next generation telecommunications networks and services

CERN Document Server

Jacobs, Stuart

2014-01-01

This book will cover network management security issues and currently available security mechanisms by discussing how network architectures have evolved into the contemporary NGNs which support converged services (voice, video, TV, interactive information exchange, and classic data communications). It will also analyze existing security standards and their applicability to securing network management. This book will review 21st century security concepts of authentication, authorization, confidentiality, integrity, nonrepudiation, vulnerabilities, threats, risks, and effective approaches to enc

Securing the energy industry : perspectives in security risk management

Energy Technology Data Exchange (ETDEWEB)

Hurd, G.L. [Anadarko Canada Corp., Calgary, AB (Canada)

2003-07-01

This presentation offered some perspectives in security risk management as it relates to the energy sector. Since the events of September 11, 2001 much attention has been given to terrorism and the business is reviewing protection strategies. The paper made reference to each of the following vulnerabilities in the energy sector: information technology, globalization, business restructuring, interdependencies, political/regulatory change, and physical/human factors. The vulnerability of information technology is that it can be subject to cyber and virus attacks. Dangers of globalization lie in privacy and information security, forced nationalization, organized crime, and anti-globalization efforts. It was noted that the Y2K phenomenon provided valuable lessons regarding interdependencies and the effects of power outages, water availability, transportation disruption, common utility corridor accidents, and compounding incidents. The paper also noted the conflict between the government's desire to have a resilient infrastructure that can withstand and recover from attacks versus a company's ability to afford this capability. The physical/human factors that need to be considered in risk management include crime, domestic terrorism, and disasters such as natural disasters, industrial disasters and crisis. The energy industry has geographically dispersed vulnerable systems. It has done a fair job of physical security and has good emergency management practices, but it was noted that the industry cannot protect against all threats. A strategy of vigilance and awareness is needed to deal with threats. Other strategies include contingency planning, physical security, employee communication, and emergency response plans. tabs., figs.

Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model

Science.gov (United States)

Moghaddasi, Hamid; Kamkarhaghighi, Mehran

2016-01-01

Introduction: Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. Background: The “data security models” presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the “needs and improvement” cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Findings: Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Conclusion: Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced. PMID:27857823

Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model.

Science.gov (United States)

Moghaddasi, Hamid; Sajjadi, Samad; Kamkarhaghighi, Mehran

2016-01-01

Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. The "data security models" presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the "needs and improvement" cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced.

Information Security Management in Context of Globalization

OpenAIRE

Wawak, Slawomir

2012-01-01

Modern information technologies are the engine of globalization. At the same time, the global market influences the way of looking at information security. Information security thus becomes an increasingly important field. The article discuses the results of research on information security management systems in public administration in Poland.

Information security management handbook, v.7

CERN Document Server

O'Hanley, Richard

2013-01-01

Updated annually, the Information Security Management Handbook, Sixth Edition, Volume 7 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations. Reporting on the latest developments in information security and recent changes to the (ISC)2(R) CISSP Common Body of Knowledge (CBK(R)), this volume features 27 new chapters on topics

Secured Session-key Distribution using control Vector Encryption / Decryption Process

International Nuclear Information System (INIS)

Ismail Jabiullah, M.; Abdullah Al-Shamim; Khaleqdad Khan, ANM; Lutfar Rahman, M.

2006-01-01

Frequent key changes are very much desirable for the secret communications and are thus in high demand. A session-key distribution technique has been designed and implemented using the programming language C on which the communication between the end-users is encrypted is used for the duration of a logical connection. Each session-key is obtained from the key distribution center (KDC) over the same networking facilities used for end-user communication. The control vector is cryptographically coupled with the session-key at the time of key generation in the KDC. For this, the generated hash function, master key and the session-key are used for producing the encrypted session-key, which has to be transferred. All the operations have been performed using the C programming language. This process can be widely applicable to all sorts of electronic transactions online or offline; commercially and academically.(authors)

Mobile Customer Relationship Management and Mobile Security

Science.gov (United States)

Sanayei, Ali; Mirzaei, Abas

The purpose of this study is twofold. First, in order to guarantee a coherent discussion about mobile customer relationship management (mCRM), this paper presents a conceptualization of mCRM delineating its unique characteristics because of Among the variety of mobile services, considerable attention has been devoted to mobile marketing and in particular to mobile customer relationship management services. Second, the authors discusses the security risks in mobile computing in different level(user, mobile device, wireless network,...) and finally we focus on enterprise mobile security and it's subgroups with a series of suggestion and solution for improve mobile computing security.

A cooperative model for IS security risk management in distributed environment.

Science.gov (United States)

Feng, Nan; Zheng, Chundong

2014-01-01

Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively.

Security for Key Management Interfaces

OpenAIRE

Kremer , Steve; Steel , Graham; Warinschi , Bogdan

2011-01-01

International audience; We propose a much-needed formal definition of security for cryptographic key management APIs. The advantages of our definition are that it is general, intuitive, and applicable to security proofs in both symbolic and computational models of cryptography. Our definition relies on an idealized API which allows only the most essential functions for generating, exporting and importing keys, and takes into account dynamic corruption of keys. Based on this we can define the ...

SET: Session Layer-Assisted Efficient TCP Management Architecture for 6LoWPAN with Multiple Gateways

Directory of Open Access Journals (Sweden)

Akbar AliHammad

2010-01-01

Full Text Available 6LoWPAN (IPv6 based Low-Power Personal Area Network is a protocol specification that facilitates communication of IPv6 packets on top of IEEE 802.15.4 so that Internet and wireless sensor networks can be inter-connected. This interconnection is especially required in commercial and enterprise applications of sensor networks where reliable and timely data transfers such as multiple code updates are needed from Internet nodes to sensor nodes. For this type of inbound traffic which is mostly bulk, TCP as transport layer protocol is essential, resulting in end-to-end TCP session through a default gateway. In this scenario, a single gateway tends to become the bottleneck because of non-uniform connectivity to all the sensor nodes besides being vulnerable to buffer overflow. We propose SET; a management architecture for multiple split-TCP sessions across a number of serving gateways. SET implements striping and multiple TCP session management through a shim at session layer. Through analytical modeling and ns2 simulations, we show that our proposed architecture optimizes communication for ingress bulk data transfer while providing associated load balancing services. We conclude that multiple split-TCP sessions managed in parallel across a number of gateways result in reduced latency for bulk data transfer and provide robustness against gateway failures.

Remodeling Strategic Staff Safety and Security Risks Management in Nigerian Tertiary Institutions

Directory of Open Access Journals (Sweden)

Sunday S. AKPAN

2015-10-01

Full Text Available This paper examined safety and security risk management in tertiary institutions in Nigeria. The frequent attacks at workplace, especially schools, have placed safety and security in the front burner of discussion in both business and political circles. This therefore, forms the imperative for the conduct of this study. The work adopted a cross sectional survey research design and collected data from respondents who are security personnel of the University of Uyo. Analysis of data was done with simple percentage statistics while the research hypotheses were tested with mean and simple regression and correlation statistics. The findings of the study revealed that assassination, kidnappings and bombings were principal risk incidents threatening the safety and security of staff in University of Uyo. A significant positive relationship was found between the funding of security management and workers’ performance. It was discovered specifically that employment screening, regular training of security personnel, regular safety and security meetings and strategic security policy formation were the main strategies for managing safety and security in University of Uyo. The paper concluded that safety and security management and control involves every worker (management and staff of University of Uyo. It was recommended, among others, that management should be more committed to safety and security management in the University by means of making safety and security issues an integral part of University’s strategic plan and also by adopting the management line model – one form of management structure-where safety and security are located, with other general management responsibilities. This way, the resurgent cases of kidnapping, hired assassination, etc. would be reduced if not completely eradicated in the University.

Mobility Based Key Management Technique for Multicast Security in Mobile Ad Hoc Networks

Directory of Open Access Journals (Sweden)

B. Madhusudhanan

2015-01-01

Full Text Available In MANET multicasting, forward and backward secrecy result in increased packet drop rate owing to mobility. Frequent rekeying causes large message overhead which increases energy consumption and end-to-end delay. Particularly, the prevailing group key management techniques cause frequent mobility and disconnections. So there is a need to design a multicast key management technique to overcome these problems. In this paper, we propose the mobility based key management technique for multicast security in MANET. Initially, the nodes are categorized according to their stability index which is estimated based on the link availability and mobility. A multicast tree is constructed such that for every weak node, there is a strong parent node. A session key-based encryption technique is utilized to transmit a multicast data. The rekeying process is performed periodically by the initiator node. The rekeying interval is fixed depending on the node category so that this technique greatly minimizes the rekeying overhead. By simulation results, we show that our proposed approach reduces the packet drop rate and improves the data confidentiality.

Congestion management considering voltage security of power systems

International Nuclear Information System (INIS)

Esmaili, Masoud; Shayanfar, Heidar Ali; Amjady, Nima

2009-01-01

Congestion in a power network is turned up due to system operating limits. To relieve congestion in a deregulated power market, the system operator pays to market participants, GENCOs and DISCOs, to alter their active powers considering their bids. After performing congestion management, the network may be operated with a low security level because of hitting some flows their upper limit and some voltages their lower limit. In this paper, a novel congestion management method based on the voltage stability margin sensitivities is introduced. Using the proposed method, the system operator so alleviates the congestion that the network can more retain its security. The proposed method not only makes the system more secure after congestion management than other methods already presented for this purpose but also its cost of providing security is lower than the earlier methods. Test results of the proposed method along with the earlier ones on the New-England test system elaborate the efficiency of the proposed method from the viewpoint of providing a better voltage stability margin and voltage profile as well as a lower security cost. (author)

Functional Security Model: Managers Engineers Working Together

Science.gov (United States)

Guillen, Edward Paul; Quintero, Rulfo

2008-05-01

Information security has a wide variety of solutions including security policies, network architectures and technological applications, they are usually designed and implemented by security architects, but in its own complexity this solutions are difficult to understand by company managers and they are who finally fund the security project. The main goal of the functional security model is to achieve a solid security platform reliable and understandable in the whole company without leaving of side the rigor of the recommendations and the laws compliance in a single frame. This paper shows a general scheme of the model with the use of important standards and tries to give an integrated solution.

Integrating Security Risk Management into Business Process Management for the Cloud

OpenAIRE

Goettelmann , Elio; Mayer , Nicolas; Godart , Claude

2014-01-01

International audience; Security issues are still preventing wider adoption of cloud computing, especially for businesses which are handling sensitive information. Indeed, by outsourcing its information system (IS), a company can lose control over its infrastructure, its software or even its data. Therefore, new methods and tools need to be defined to respond to this challenge. In this paper we propose to integrate Security Risk Management approaches into Business Process Management to effect...

Provable Secure and Efficient Digital Rights Management Authentication Scheme Using Smart Card Based on Elliptic Curve Cryptography

Directory of Open Access Journals (Sweden)

Yuanyuan Zhang

2015-01-01

Full Text Available Since the concept of ubiquitous computing is firstly proposed by Mark Weiser, its connotation has been extending and expanding by many scholars. In pervasive computing application environment, many kinds of small devices containing smart cart are used to communicate with others. In 2013, Yang et al. proposed an enhanced authentication scheme using smart card for digital rights management. They demonstrated that their scheme is secure enough. However, Mishra et al. pointed out that Yang et al.’s scheme suffers from the password guessing attack and the denial of service attack. Moreover, they also demonstrated that Yang et al.’s scheme is not efficient enough when the user inputs an incorrect password. In this paper, we analyze Yang et al.’s scheme again, and find that their scheme is vulnerable to the session key attack. And, there are some mistakes in their scheme. To surmount the weakness of Yang et al.’s scheme, we propose a more efficient and provable secure digital rights management authentication scheme using smart card based on elliptic curve cryptography.

Information security in the context of philosophy of management

Directory of Open Access Journals (Sweden)

Irina Yurievna Alekseeva

2017-04-01

Full Text Available Building a culture of information security involves consideration of problems of management in society. Ideas and approaches developed in philosophy of management are relevant to studies in problems of information security in broader methodological and social context. The article focuses on problems of information and psychological security in social systems. The author considers disorienting signs and signals as information threat to security of persons and societies. The author argues that management ideology of pseudo-economical reductionism makes distortion at the level of values and priorities of the system. This ideology exalts competitiveness to the detriment of the systems’ viability. Philosophy of complexity (better known as “philosophy of complex systems” embraces new visions for methodology of management in XXI century. “Observer of complexity” and “complexity of observer of complexity” phenomena are central in this context. The problem of appropriate language for system self-description is of critical importance. This language is necessary for substantive production of intellectual tools for problems solving and decision making; refusal to produce such tools is fraught with decrease of information security level.

IT Security Management Implementation Model in Iranian Bank Industry

Directory of Open Access Journals (Sweden)

Mona Vanaki

2017-06-01

Full Text Available According to the complexity and differences between Iranian banks and other developed countries the appropriate actions to implement effective security management of information technology have not been taken. The aim of this study was to create a powerful model by selecting the appropriate security controls to protect information assets in the bank. In this model, at first the principle set fort in ISO standard 27001, was extracted and then by further studies derived from best practices carried out in the world on the related subject from 2008 to 2016 using a qualitative descriptive method, points comply with information security management in the banking industry were added to it. With the study of Iranian banks in dealing with IT security management system and with help of action research tools, provisions which prevent the actual implementation of this standard was removed and finally a conceptual model with operating instructions and considering all the principles of information security management standard, as well as banking institutions focusing on the characteristics of Iran was proposed.

Robust and Scalable DTLS Session Establishment

OpenAIRE

Tiloca, Marco; Gehrmann, Christian; Seitz, Ludwig

2016-01-01

The Datagram Transport Layer Security (DTLS) protocol is highly vulnerable to a form of denial-of-service attack (DoS), aimed at establishing a high number of invalid, half-open, secure sessions. Moreover, even when the efficient pre-shared key provisioning mode is considered, the key storage on the server side scales poorly with the number of clients. SICS Swedish ICT has designed a security architecture that efficiently addresses both issues without breaking the current standard.

Managing a major security system installation: Practical lessons learned

International Nuclear Information System (INIS)

Roehrig, S.C.

1986-01-01

Sandia National Laboratories has been heavily involved for over a decade in aiding a number of DOE facilities in defining and implementing upgraded security safeguards systems. Because security system definition, design, and installation is still a relatively new field to the commercial world, effective project management must pay special attention to first understanding and then interpreting the unique aspects of a security system for all concerned parties. Experiences from an actual security system installation are used to illustrate some project management approaches which have been found to be effective

Security Management and Safeguards Office

Science.gov (United States)

Bewley, Nathaniel M.

2004-01-01

The Security Management and Safeguards Office at NASA is here to keep the people working in a safe environment. They also are here to protect the buildings and documents from sabotage, espionage, and theft. During the summer of 2004, I worked with Richard Soppet in Physical Security. While I was working here I helped out with updating the map that we currently use at NASA Glenn Research Center, attended meetings for homeland security, worked with the security guards and the locksmith. The meetings that I attended for homeland security talked about how to protect ourselves before something happened, they told us to always be on the guard and look for anything suspicious, and the different ways that terrorist groups operate. When I was with the security guards I was taught how to check someone into the base, showed how to use a radar gun, observed a security guard make a traffic stop for training and was with them while they patrolled NASA Glenn Research Center to make sure things were running smooth and no one was in danger. When I was with the lock smith I was taught how to make keys and locks for the employees here at NASA. The lock smith also showed me that he had inventory cabinets of files that show how many keys were out to people and who currently has access to the rooms that they keys were made for. I also helped out the open house at NASA Glenn Research Center. I helped out by showing the Army Reserves, and Brook Park's SWAT team where all the main events were going to take place a week before the open house was going to begin. Then during the open house I helped out by making sure people had there IDS, checked through there bags, and handed out a map to them that showed where the different activities were going to take place. So the main job here at NASA Glenn Research Center for the Security Management and Safeguards Office is to make sure that nothing is stolen, sabotaged, and espionaged. Also most importantly make sure all the employees here at NASA are

A robust ECC based mutual authentication protocol with anonymity for session initiation protocol.

Science.gov (United States)

Mehmood, Zahid; Chen, Gongliang; Li, Jianhua; Li, Linsen; Alzahrani, Bander

2017-01-01

Over the past few years, Session Initiation Protocol (SIP) is found as a substantial application-layer protocol for the multimedia services. It is extensively used for managing, altering, terminating and distributing the multimedia sessions. Authentication plays a pivotal role in SIP environment. Currently, Lu et al. presented an authentication protocol for SIP and profess that newly proposed protocol is protected against all the familiar attacks. However, the detailed analysis describes that the Lu et al.'s protocol is exposed against server masquerading attack and user's masquerading attack. Moreover, it also fails to protect the user's identity as well as it possesses incorrect login and authentication phase. In order to establish a suitable and efficient protocol, having ability to overcome all these discrepancies, a robust ECC-based novel mutual authentication mechanism with anonymity for SIP is presented in this manuscript. The improved protocol contains an explicit parameter for user to cope the issues of security and correctness and is found to be more secure and relatively effective to protect the user's privacy, user's masquerading and server masquerading as it is verified through the comprehensive formal and informal security analysis.

A robust ECC based mutual authentication protocol with anonymity for session initiation protocol.

Directory of Open Access Journals (Sweden)

Zahid Mehmood

Full Text Available Over the past few years, Session Initiation Protocol (SIP is found as a substantial application-layer protocol for the multimedia services. It is extensively used for managing, altering, terminating and distributing the multimedia sessions. Authentication plays a pivotal role in SIP environment. Currently, Lu et al. presented an authentication protocol for SIP and profess that newly proposed protocol is protected against all the familiar attacks. However, the detailed analysis describes that the Lu et al.'s protocol is exposed against server masquerading attack and user's masquerading attack. Moreover, it also fails to protect the user's identity as well as it possesses incorrect login and authentication phase. In order to establish a suitable and efficient protocol, having ability to overcome all these discrepancies, a robust ECC-based novel mutual authentication mechanism with anonymity for SIP is presented in this manuscript. The improved protocol contains an explicit parameter for user to cope the issues of security and correctness and is found to be more secure and relatively effective to protect the user's privacy, user's masquerading and server masquerading as it is verified through the comprehensive formal and informal security analysis.

Security Management Strategies for Protecting Your Library's Network.

Science.gov (United States)

Ives, David J.

1996-01-01

Presents security procedures for protecting a library's computer system from potential threats by patrons or personnel, and describes how security can be breached. A sidebar identifies four areas of concern in security management: the hardware, the operating system, the network, and the user interface. A selected bibliography of sources on…

Information Security Management: The Study of Lithuanian State Institutions

OpenAIRE

Jastiuginas, Saulius

2012-01-01

Growing information security cases and scope illustrate that the relevance of information security issues becomes critical and present information security means are not sufficient enough to manage information security. Narrow comprehension of information security merely as technological problem is broadened by the research results of economic, managerial, psychological, legal and other related aspects’ influence to information security. Information is named as the object of information s...

Problems and solutions of information security management in Latvia

Directory of Open Access Journals (Sweden)

Deruma S.

2014-01-01

Security cannot exist as a standalone function, it should be integrated in the associated processes continuously supervising and improving the security management programme based on predefined criteria. Adopting a holistic approach with regard to security has proven to be a critical contributing factor to effective security in organizations.

Towards Agile Security Risk Management in RE and Beyond

NARCIS (Netherlands)

Nunes Leal Franqueira, V.; Bakalova, Z.; Tun, Thein Tan; Daneva, Maia

Little attention has been given so far to the process of security risk management at the early stages of system development. Security has been addressed by isolated security assurance practices, some of which consider risks and mitigations but they do not provide an overview of the overall security

Management of Information Security in Financial Accounting

OpenAIRE

Aurel Serb; Constantin Baron; Nicoleta Magdalena Iacob; Costinela-Luminita Defta

2014-01-01

Security issues in financial accounting are complex, and the risks are often difficult to stipulate, even for experts. The issues presented in this article try to be formed in a contribution to the consolidation of problems in the field of risk, and former vulnerabilities in cyber security in financial accounting. The use of an information security management system became a requirement for organizations because on the states began adopting mandatory data protection legislation and informatio...

Security Risks: Management and Mitigation in the Software Life Cycle

Science.gov (United States)

Gilliam, David P.

2004-01-01

A formal approach to managing and mitigating security risks in the software life cycle is requisite to developing software that has a higher degree of assurance that it is free of security defects which pose risk to the computing environment and the organization. Due to its criticality, security should be integrated as a formal approach in the software life cycle. Both a software security checklist and assessment tools should be incorporated into this life cycle process and integrated with a security risk assessment and mitigation tool. The current research at JPL addresses these areas through the development of a Sotfware Security Assessment Instrument (SSAI) and integrating it with a Defect Detection and Prevention (DDP) risk management tool.

Critical infrastructure cyber-security risk management

OpenAIRE

Spyridopoulos, T.; Maraslis, K.; Tryfonas, T.; Oikonomou, G.

2017-01-01

Traditional IT cyber-security risk management methods are based on the evaluation of risks calculated as the likelihood of cyber-security incidents occurring. However, these probabilities are usually estimations or guesses based on past experience and incomplete data. Incorrect estimations can lead to errors in the evaluation of risks that can ultimately affect the protection of the system. This issue is also transferred to methods used in Industrial Control Systems (ICSs), as they are mainly...

Cloud management and security

CERN Document Server

Abbadi, Imad M

2014-01-01

Written by an expert with over 15 years' experience in the field, this book establishes the foundations of Cloud computing, building an in-depth and diverse understanding of the technologies behind Cloud computing. In this book, the author begins with an introduction to Cloud computing, presenting fundamental concepts such as analyzing Cloud definitions, Cloud evolution, Cloud services, Cloud deployment types and highlighting the main challenges. Following on from the introduction, the book is divided into three parts: Cloud management, Cloud security, and practical examples. Part one presents the main components constituting the Cloud and federated Cloud infrastructure(e.g., interactions and deployment), discusses management platforms (resources and services), identifies and analyzes the main properties of the Cloud infrastructure, and presents Cloud automated management services: virtual and application resource management services. Part two analyzes the problem of establishing trustworthy Cloud, discuss...

76 FR 54216 - Pacific Fishery Management Council (Council); Work Session To Review Proposed Salmon Methodology...

Science.gov (United States)

2011-08-31

... Fishery Management Council (Council); Work Session To Review Proposed Salmon Methodology Changes AGENCY.... ACTION: Notice of a public meeting. SUMMARY: The Pacific Fishery Management Council's Salmon Technical Team (STT), Scientific and Statistical Committee (SSC) Salmon Subcommittee, and Model Evaluation...

A Multilevel Secure Workflow Management System

National Research Council Canada - National Science Library

Kang, Myong H; Froscher, Judith N; Sheth, Amit P; Kochut, Krys J; Miller, John A

1999-01-01

The Department of Defense (DoD) needs multilevel secure (MLS) workflow management systems to enable globally distributed users and applications to cooperate across classification levels to achieve mission critical goals...

77 FR 58526 - Pacific Fishery Management Council; Public Meeting; Work Session To Review Proposed Salmon...

Science.gov (United States)

2012-09-21

... Fishery Management Council; Public Meeting; Work Session To Review Proposed Salmon Methodology Changes...), Commerce. ACTION: Notice of a public meeting. SUMMARY: The Pacific Fishery Management Council's Salmon Technical Team (STT), Scientific and Statistical Committee (SSC) Salmon Subcommittee, and Model Evaluation...

Nuclear Security Management for Research Reactors and Related Facilities

International Nuclear Information System (INIS)

2016-03-01

This publication provides a single source guidance to assist those responsible for the implementation of nuclear security measures at research reactors and associated facilities in developing and maintaining an effective and comprehensive programme covering all aspects of nuclear security on the site. It is based on national experience and practices as well as on publications in the field of nuclear management and security. The scope includes security operations, security processes, and security forces and their relationship with the State’s nuclear security regime. The guidance is provided for consideration by States, competent authorities and operators

International Conference on Nuclear Security: Enhancing Global Efforts. Summary of an International Conference

International Nuclear Information System (INIS)

2014-01-01

The International Conference on Nuclear Security: Enhancing Global Efforts was organized by the IAEA and held in Vienna on 1-5 July 2013. The conference was organized in cooperation with the following organizations and initiatives: the European Union; the Global Initiative to Combat Nuclear Terrorism (GICNT); the International Criminal Police Organization (INTERPOL); the Institute of Nuclear Materials Management (INMM); the Nuclear Threat Initiative (NTI); the Organization for Security and Co-operation in Europe (OSCE); the Partnership for Global Security; the Police Community of the Americas (AMERIPOL); the United Nations Interregional Crime and Justice Research Institute (UNICRI); the United Nations Office on Drugs and Crime (UNODC); the World Institute for Nuclear Security (WINS); the World Nuclear Association (WNA); and the World Nuclear Transport Institute (WNTI). A total of 34 ministers participated in the ministerial session of the conference. Altogether, the conference attracted more than 1300 registered participants from 125 IAEA Member States and 21 organizations. The aim of the conference was to review the international community's experience and achievements to date in strengthening nuclear security, to enhance the understanding of current approaches to nuclear security worldwide and identify trends, and to provide a global forum for ministers, policymakers and senior officials to formulate views on future directions and priorities for nuclear security. This book contains the President's Summary of the conference and a summary of the ministerial session, the full text of the ministerial declaration adopted by the conference and summaries of the main conference sessions. The attached CD-ROM contains the full conference programme, the list of conference participants, the national statements from the ministerial session and a selection of papers

75 FR 8088 - Privacy Act of 1974; Department of Homeland Security/ALL-023 Personnel Security Management System...

Science.gov (United States)

2010-02-23

... risk of harm to economic or property interests, identity theft or fraud, or harm to the security or... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2009-0041] Privacy Act of 1974; Department of Homeland Security/ALL--023 Personnel Security Management System of Records AGENCY...

Security Risks Management in Selected Academic Libraries in Osun ...

African Journals Online (AJOL)

The survival of a library depends to a large extent on how secured its collections are. Security of collections constitutes a critical challenge facing academic libraries in Nigeria. It is against this background that this study investigated the security risks management in selected academic libraries in Osun State, Nigeria.

17 CFR 229.403 - (Item 403) Security ownership of certain beneficial owners and management.

Science.gov (United States)

2010-04-01

... of certain beneficial owners and management. 229.403 Section 229.403 Commodity and Securities... Management and Certain Security Holders § 229.403 (Item 403) Security ownership of certain beneficial owners and management. (a) Security ownership of certain beneficial owners. Furnish the following information...

Statement to the 46th regular session of the IAEA General Conference 2002. Vienna, 16 September 2002

Energy Technology Data Exchange (ETDEWEB)

ElBaradei, M [International Atomic Energy Agency, Vienna (Austria)

2002-09-16

In his Statement to the forty-six regular session of the General Conference of the IAEA, the Director General of the Agency highlighted some of the IAEA's activities and challenges in the fields of: nuclear operation and construction; radioactive waste management; nuclear applications; radiotherapy; sterile insect technique; water resources management; international co-operation and conventions; establishment of global safety standards; radiation protection; management of nuclear knowledge; safeguards; implementation of United Nations Security Council resolutions relating to Iraq; convention on the physical protection of nuclear material. He also discussed the Agency's technical co-operation programme and the Agency management.

Statement to the 46th regular session of the IAEA General Conference 2002. Vienna, 16 September 2002

International Nuclear Information System (INIS)

ElBaradei, M.

2002-01-01

In his Statement to the forty-six regular session of the General Conference of the IAEA, the Director General of the Agency highlighted some of the IAEA's activities and challenges in the fields of: nuclear operation and construction; radioactive waste management; nuclear applications; radiotherapy; sterile insect technique; water resources management; international co-operation and conventions; establishment of global safety standards; radiation protection; management of nuclear knowledge; safeguards; implementation of United Nations Security Council resolutions relating to Iraq; convention on the physical protection of nuclear material. He also discussed the Agency's technical co-operation programme and the Agency management

Improving Information Security Risk Management

Science.gov (United States)

Singh, Anand

2009-01-01

manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…

Survey of current technologies of security management for distributed information systems; Bunsangata joho system no security iji kanri hoshiki no genjo

Energy Technology Data Exchange (ETDEWEB)

Matsui, S [Central Research Institute of Electric Power Industry, Tokyo (Japan)

1997-05-01

The latest situation of the security management for a distributed information system was examined and systematically summarized to indicate the management design in future. This paper describes the threat of the distributed information system to security, the risk for confidentiality, integrity, and availability due to the threat, and the measures to be taken. The basic technology of security management is classified into the `user certification to prevent an incorrect access` and the `encipherment to prevent data from being used incorrectly.` The technology for certification has been almost completed. It can be securely done using an expendable password or IC card system. In Internet, multiple enciphering technologies for constructing a virtual private network that can secure the almost the same security as for a private network can be used. In an electronic mail, the enciphering technology can also be used easily. The tool that manages the security of very many servers, clients, and networks is in the initial stage. 16 refs., 1 fig., 5 tabs.

A review of game theory approach to cyber security risk management

African Journals Online (AJOL)

A review of game theory approach to cyber security risk management. ... This paper presents a review of game theoretic-based model for cyber security risk management. Specifically, issues on ... AJOL African Journals Online. HOW TO USE ...

A sessional blind signature based on quantum cryptography

Science.gov (United States)

Khodambashi, Siavash; Zakerolhosseini, Ali

2014-01-01

In this paper, we present a sessional blind signature protocol whose security is guaranteed by fundamental principles of quantum physics. It allows a message owner to get his message signed by an authorized signatory. However, the signatory is not capable of reading the message contents and everyone can verify authenticity of the message. For this purpose, we took advantage of a sessional signature as well as quantum entangled pairs which are generated with respect to it in our proposed protocol. We describe our proposed blind signature through an example and briefly discuss about its unconditional security. Due to the feasibility of the protocol, it can be widely employed for e-payment, e-government, e-business and etc.

Assessing and managing security risk in IT systems a structured methodology

CERN Document Server

McCumber, John

2004-01-01

SECURITY CONCEPTSUsing ModelsIntroduction: Understanding, Selecting, and Applying Models Understanding AssetsLayered Security Using Models in Security Security Models for Information Systems Shortcomings of Models in SecuritySecurity in Context Reference Defining Information SecurityConfidentiality, Integrity, and Availability Information AttributesIntrinsic versus Imputed Value Information as an Asset The Elements of Security Security Is Security Only in Context Information as an Asset Introduction Determining Value Managing Information Resources ReferencesUnderstanding Threat and Its Relatio

Integrated Safeguards and Security Management Self-Assessment 2004

Energy Technology Data Exchange (ETDEWEB)

Lunford, Dan; Ramsey, Dwayne

2005-04-01

In 2002 Ernest Orlando Lawrence Berkeley National Laboratory deployed the first Integrated Safeguards and Security Management (ISSM) Self-Assessment process, designed to measure the effect of the Laboratory's ISSM efforts. This process was recognized by DOE as a best practice and model program for self-assessment and training. In 2004, the second Self-Assessment was launched. The cornerstone of this process was an employee survey that was designed to meet several objectives: (1) Ensure that Laboratory assets are protected. (2) Provide a measurement of the Laboratory's current security status that can be compared against the 2002 Self-Assessment baseline. (3) Educate all Laboratory staff about security responsibilities, tools, and practices. (4) Provide security staff with feedback on the effectiveness of security programs. (5) Provide line management with the information they need to make informed decisions about security. This 2004 Self Assessment process began in July 2004 with every employee receiving an information packet and instructions for completing the ISSM survey. The Laboratory-wide survey contained questions designed to measure awareness and conformance to policy and best practices. The survey response was excellent--90% of Berkeley Lab employees completed the questionnaire. ISSM liaisons from each division followed up on the initial survey results with individual employees to improve awareness and resolve ambiguities uncovered by the questionnaire. As with the 2002 survey, the Self-Assessment produced immediate positive results for the ISSM program and revealed opportunities for longer-term corrective actions. Results of the questionnaire provided information for organizational profiles and an institutional summary. The overall level of security protection and awareness was very high--often above 90%. Post-survey work by the ISSM liaisons and line management consistently led to improved awareness and metrics, as shown by a comparison of

A Methodology to Implement an Information Security Management System

Directory of Open Access Journals (Sweden)

Alaíde Barbosa Martins

2005-08-01

Full Text Available Information security has actually been a major challenge to most organizations. Indeed, information security is an ongoing risk management process that covers all of the information that needs to be protected. ISO 17799 offers what companies need in order to better manage information security. The best way to implement this standard is to ease the security management process using a methodology that will define will define guidelines, procedures and tools that will be needed along the way. Hence, this paper proposes a methodology to assist companies in assessing their compliance with BS 7799/ ISO 17799 as well as planning and implementing the actions necessary to become compliant or certified to the standard. The concepts and ideas presented here had been applied in a case study involving the Cetrel S/A - Company of Environmental Protection. For this company, responsible for treatment of industrial residues generated by the Camaçari Petrochemical Complex and adjacent areas, to assure confidentiality and integrity of customers' data is a basic requirement.

Managing the risks of legacy radioactive sources from a security perspective

International Nuclear Information System (INIS)

Alexander, Mark; Murray, Allan

2008-01-01

The safety and security risk posed by highly radioactive, long-lived sources at the end of their normal use has not been consistently well-managed in previous decades. The Brazilian Cs-137 accident in 1986 and the Thailand Co-60 accident in 2000 are prime examples of the consequences that ensue from the loss of control of highly dangerous sources after their normal use. With the new international emphasis on security of radioactive sources throughout their life cycle, there is now further incentive to address the management of risks posed by legacy, highly dangerous radioactive sources. The ANSTO South-East Asia Regional Security of Radioactive Sources (RSRS) Project has identified, and is addressing, a number of legacy situations that have arisen as a result of inadequate management practices in the past. Specific examples are provided of these legacy situations and the lessons learned for managing the consequent safety and security risk, and for future complete life-cycle management of highly radioactive sources. (author)

Tools for an effective annual review of the Security Management Plan.

Science.gov (United States)

Daniel, Matthew

2014-01-01

A hospital's Security Management Plan, required by the Joint Commission, can also be used by security management professionals, the author points out, to ensure that they are continually monitoring and improving the program in a changing healthcare environment.

A Novel Re-keying Function Protocol (NRFP For Wireless Sensor Network Security

Directory of Open Access Journals (Sweden)

Naif Alsharabi

2008-12-01

Full Text Available This paper describes a novel re-keying function protocol (NRFP for wireless sensor network security. A re-keying process management system for sensor networks is designed to support in-network processing. The design of the protocol is motivated by decentralization key management for wireless sensor networks (WSNs, covering key deployment, key refreshment, and key establishment. NRFP supports the establishment of novel administrative functions for sensor nodes that derive/re-derive a session key for each communication session. The protocol proposes direct connection, in-direct connection and hybrid connection. NRFP also includes an efficient protocol for local broadcast authentication based on the use of one-way key chains. A salient feature of the authentication protocol is that it supports source authentication without precluding in-network processing. Security and performance analysis shows that it is very efficient in computation, communication and storage and, that NRFP is also effective in defending against many sophisticated attacks.

A Novel Re-keying Function Protocol (NRFP) For Wireless Sensor Network Security

Science.gov (United States)

Abdullah, Maan Younis; Hua, Gui Wei; Alsharabi, Naif

2008-01-01

This paper describes a novel re-keying function protocol (NRFP) for wireless sensor network security. A re-keying process management system for sensor networks is designed to support in-network processing. The design of the protocol is motivated by decentralization key management for wireless sensor networks (WSNs), covering key deployment, key refreshment, and key establishment. NRFP supports the establishment of novel administrative functions for sensor nodes that derive/re-derive a session key for each communication session. The protocol proposes direct connection, in-direct connection and hybrid connection. NRFP also includes an efficient protocol for local broadcast authentication based on the use of one-way key chains. A salient feature of the authentication protocol is that it supports source authentication without precluding innetwork processing. Security and performance analysis shows that it is very efficient in computation, communication and storage and, that NRFP is also effective in defending against many sophisticated attacks. PMID:27873963

A Novel Re-keying Function Protocol (NRFP) For Wireless Sensor Network Security.

Science.gov (United States)

Abdullah, Maan Younis; Hua, Gui Wei; Alsharabi, Naif

2008-12-04

This paper describes a novel re-keying function protocol (NRFP) for wireless sensor network security. A re-keying process management system for sensor networks is designed to support in-network processing. The design of the protocol is motivated by decentralization key management for wireless sensor networks (WSNs), covering key deployment, key refreshment, and key establishment. NRFP supports the establishment of novel administrative functions for sensor nodes that derive/re-derive a session key for each communication session. The protocol proposes direct connection, in-direct connection and hybrid connection. NRFP also includes an efficient protocol for local broadcast authentication based on the use of one-way key chains. A salient feature of the authentication protocol is that it supports source authentication without precluding in-network processing. Security and performance analysis shows that it is very efficient in computation, communication and storage and, that NRFP is also effective in defending against many sophisticated attacks.

Strategic Management for IT Services on Outsourcing Security Company

Directory of Open Access Journals (Sweden)

Lydia Wijaya

2018-04-01

Full Text Available Information Technology (IT is used by many organizations to enhance competitive advantage, but many outsource security firms have not used IT in their business processes. In this research, we will design Strategic Management for IT Services for outsourcing security company. We use an outsourcing security company as a case study of IT Strategy Management for IT Services development. The purpose of this study is to create an IT services strategy for security outsourcing companies. The framework used is the ITIL (Information Technology Infrastructure Library framework service strategy in strategy management for IT services process. There are several steps taken in the making of the strategy: (a Strategic assessment stage to analyzed internal and external factors of the company. (b Strategy generation by creating the strategic plan. (c Strategy execution to determine the tactical plan. And (d strategy measurement and evaluation. This study produced the proposed IT service system that suits the needs of the company in the form of strategic, tactical plans and strategy measurement. This result can be used as the foundations of IT service development in outsourcing security company. In the process of this study, we work closely with stakeholders; every work product has been verified and validated by stakeholders.

Security management of water supply

Directory of Open Access Journals (Sweden)

Tchórzewska-Cieślak Barbara

2017-03-01

Full Text Available The main aim of this work is to present operational problems concerning the safety of the water supply and the procedures for risk management systems functioning public water supply (CWSS and including methods of hazard identification and risk assessment. Developed a problem analysis and risk assessment, including procedures called. WSP, which is recommended by the World Health Organization (WHO as a tool for comprehensive security management of water supply from source to consumer. Water safety plan is a key element of the strategy for prevention of adverse events in CWSS.

Physician office readiness for managing Internet security threats.

Science.gov (United States)

Keshavjee, K; Pairaudeau, N; Bhanji, A

2006-01-01

Internet security threats are evolving toward more targeted and focused attacks.Increasingly, organized crime is involved and they are interested in identity theft. Physicians who use Internet in their practice are at risk for being invaded. We studied 16 physician practices in Southern Ontario for their readiness to manage internet security threats. Overall, physicians have an over-inflated sense of preparedness. Security practices such as maintaining a firewall and conducting regular virus checks were not consistently done.

Network Security: Policies and Guidelines for Effective Network Management

Directory of Open Access Journals (Sweden)

Jonathan Gana KOLO

2008-12-01

Full Text Available Network security and management in Information and Communication Technology (ICT is the ability to maintain the integrity of a system or network, its data and its immediate environment. The various innovations and uses to which networks are being put are growing by the day and hence are becoming complex and invariably more difficult to manage by the day. Computers are found in every business such as banking, insurance, hospital, education, manufacturing, etc. The widespread use of these systems implies crime and insecurity on a global scale. In addition, the tremendous benefits brought about by Internet have also widened the scope of crime and insecurity at an alarming rate. Also, ICT has fast become a primary differentiator for institution/organization leaders as it offers effective and convenient means of interaction with each other across the globe. This upsurge in the population of organizations depending on ICT for business transaction has brought with it a growing number of security threats and attacks on poorly managed and secured networks primarily to steal personal data, particularly financial information and password.This paper therefore proposes some policies and guidelines that should be followed by network administrators in organizations to help them ensure effective network management and security of ICT facilities and data.

17 CFR 240.3b-14 - Definition of cash management securities activities.

Science.gov (United States)

2010-04-01

... derivative instruments or other financial instruments; (b) Cash management, in connection with any securities... § 240.15a-1 or any non-securities activities that involve eligible OTC derivative instruments or other... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Definition of cash management...

Management of library and archival security from the outside looking in

CERN Document Server

O'Neill, Robert K

2014-01-01

Providing a substantive approach to the issue, Management of Library and Archival Security: From the Outside Looking In gives librarians and collection directors practical and helpful suggestions for developing policies and procedures to minimize theft. In addition, this text prepares you to deal with the aftermath of a robbery or natural disaster that destroys priceless materials. Through expert opinions and advice, Management of Library and Archival Security will teach you how to protect and secure invaluable collections and the finances invested in them.In addition, Management of Library an

Research on a Valuation Standard and the Actual Condition About Security Management in PACS

International Nuclear Information System (INIS)

Jeong, Jae Ho; Son, Gi Gyeong; Kang, Hee Doo; Dong, Kyung Rae; Kweon, Dae Cheol; Kim, Hyun Soo

2008-01-01

This study is to prepare an evaluation standard about personal information protection and security management of a medical institution and to build up a grade standard of evaluation in PACS environment. We built up evaluation index based on 10 detailed items in four big categories (political security, technical security, data management security and physical security) by referring to ISO17799 (BS 7799), HIPPA (Health Insurance and Portability and Accountability Act of 1996) and domestic medical law. We have investigated at the thirty places where medical facility with the extracted security criteria and security evaluation index. Average score of physical security list, one of the big categories, was 18.5/20 (93%) at all medical institutions. Political security score was 18.5/30 (62%), data management security score was 12/20 (60%) and technical security score was 17.5/30 (58%). Therefore, security evaluation score was average 67 in 30 general hospitals, which was 4th level. The results showed that it is necessary to establish evaluation and management standard about personal information protection and security consciousness which are weak in PACS environment.

Security issues at the Department of Energy and records management

International Nuclear Information System (INIS)

NUSBAUM, ANNA W.

2000-01-01

In order to discuss the connection between security issues within the Department of Energy and records management, the author covers a bit of security history and talks about what she calls ''the Amazing Project''. Initiated in late May 1999, it was to be a tri-laboratory (Lawrence Livermore National Laboratory of Livermore, California, Los Alamos National Laboratory of Los Alamos, New Mexico, and Sandia National Laboratories of Albuquerque, New Mexico, and Livermore, California) project. The team that formed was tasked to develop the best set of security solutions that still enabled weapon mission work to get done and the security solutions were to be the same set for everyone. The amazing project was called ''The Integrated Security Management Project'', or ''ISecM' for short. She'll describe why she thinks this project was so amazing and what it accomplished. There's a bit of sad news about the project, but then she'll move onto discuss what was learned at Sandia as a result of the project and what they're currently doing in records management

On Business-Driven IT Security Management and Mismatches between Security Requirements in Firms, Industry Standards and Research Work

Science.gov (United States)

Frühwirth, Christian

Industry managers have long recognized the vital importance of information security for their businesses, but at the same time they perceived security as a technology-driven rather then a business-driven field. Today, this notion is changing and security management is shifting from technology- to business-oriented approaches. Whereas there is evidence of this shift in the literature, this paper argues that security standards and academic work have not yet taken it fully into account. We examine whether this disconnect has lead to a misalignment of IT security requirements in businesses versus industry standards and academic research. We conducted 13 interviews with practitioners from 9 different firms to investigate this question. The results present evidence for a significant gap between security requirements in industry standards and actually reported security vulnerabilities. We further find mismatches between the prioritization of security factors in businesses, standards and real-world threats. We conclude that security in companies serves the business need of protecting information availability to keep the business running at all times.

COLLABORATIVE NETWORK SECURITY MANAGEMENT SYSTEM BASED ON ASSOCIATION MINING RULE

Directory of Open Access Journals (Sweden)

Nisha Mariam Varughese

2014-07-01

Full Text Available Security is one of the major challenges in open network. There are so many types of attacks which follow fixed patterns or frequently change their patterns. It is difficult to find the malicious attack which does not have any fixed patterns. The Distributed Denial of Service (DDoS attacks like Botnets are used to slow down the system performance. To address such problems Collaborative Network Security Management System (CNSMS is proposed along with the association mining rule. CNSMS system is consists of collaborative Unified Threat Management (UTM, cloud based security centre and traffic prober. The traffic prober captures the internet traffic and given to the collaborative UTM. Traffic is analysed by the Collaborative UTM, to determine whether it contains any malicious attack or not. If any security event occurs, it will reports to the cloud based security centre. The security centre generates security rules based on association mining rule and distributes to the network. The cloud based security centre is used to store the huge amount of tragic, their logs and the security rule generated. The feedback is evaluated and the invalid rules are eliminated to improve the system efficiency.

MANAGEMENT OF RESOURCES IN DYNAMICALLY CHANGING SECURITY ENVRIONMENT

Directory of Open Access Journals (Sweden)

Sevdalina Dimitrova

2014-09-01

Full Text Available The monograph recommends integration between science and practice, experts from national bodies and scientific research potential of academic community of military universities in the field of management of resources of security and defence in accordance to the challenges in security environment caused by its dynamic and often unpredictable changes.

Key management schemes using routing information frames in secure wireless sensor networks

Science.gov (United States)

Kamaev, V. A.; Finogeev, A. G.; Finogeev, A. A.; Parygin, D. S.

2017-01-01

The article considers the problems and objectives of key management for data encryption in wireless sensor networks (WSN) of SCADA systems. The structure of the key information in the ZigBee network and methods of keys obtaining are discussed. The use of a hybrid key management schemes is most suitable for WSN. The session symmetric key is used to encrypt the sensor data, asymmetric keys are used to encrypt the session key transmitted from the routing information. Three algorithms of hybrid key management using routing information frames determined by routing methods and the WSN topology are presented.

RISK MANAGEMENT FROM THE INFORMATION SECURITY PERSPECTIVE

Directory of Open Access Journals (Sweden)

Riza Ionuț

2017-11-01

Full Text Available Risk management has emerged ever since the appearance of human communities and it has developed at a slow rate. Over time, a significant improvement was made, from accepting hazards to the identification, evaluation and control of unwanted events, threat prevention and exploitation of opportunities through scientific risk management actions. The fundamental role of research in cyber security is to concentrate the efforts on those contexts and conditions which determine the way in which key players reach a common understanding of the way to conceive and eventually answer to certain challenges in cyber security. In order to build a clear perception of these effects, this work presents the main elements which define cyber space, to come to the aid of turning the management process into an efficient one, especially when talking about cyber space as a space for conflicts, both economic and political.

A process framework for information security management

Directory of Open Access Journals (Sweden)

Knut Haufe

2016-01-01

Full Text Available Securing sensitive organizational data has become increasingly vital to organizations. An Information Security Management System (ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's information security. Key elements of the operation of an ISMS are ISMS processes. However, and in spite of its importance, an ISMS process framework with a description of ISMS processes and their interaction as well as the interaction with other management processes is not available in the literature. Cost benefit analysis of information security investments regarding single measures protecting information and ISMS processes are not in the focus of current research, mostly focused on economics. This article aims to fill this research gap by proposing such an ISMS process framework as the main contribution. Based on a set of agreed upon ISMS processes in existing standards like ISO 27000 series, COBIT and ITIL. Within the framework, identified processes are described and their interaction and interfaces are specified. This framework helps to focus on the operation of the ISMS, instead of focusing on measures and controls. By this, as a main finding, the systemic character of the ISMS consisting of processes and the perception of relevant roles of the ISMS is strengthened.

MAVEN Information Security Governance, Risk Management, and Compliance (GRC): Lessons Learned

Science.gov (United States)

Takamura, Eduardo; Gomez-Rosa, Carlos A.; Mangum, Kevin; Wasiak, Fran

2014-01-01

As the first interplanetary mission managed by the NASA Goddard Space Flight Center, the Mars Atmosphere and Volatile EvolutioN (MAVEN) had three IT security goals for its ground system: COMPLIANCE, (IT) RISK REDUCTION, and COST REDUCTION. In a multiorganizational environment in which government, industry and academia work together in support of the ground system and mission operations, information security governance, risk management, and compliance (GRC) becomes a challenge as each component of the ground system has and follows its own set of IT security requirements. These requirements are not necessarily the same or even similar to each other's, making the auditing of the ground system security a challenging feat. A combination of standards-based information security management based on the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), due diligence by the Mission's leadership, and effective collaboration among all elements of the ground system enabled MAVEN to successfully meet NASA's requirements for IT security, and therefore meet Federal Information Security Management Act (FISMA) mandate on the Agency. Throughout the implementation of GRC on MAVEN during the early stages of the mission development, the Project faced many challenges some of which have been identified in this paper. The purpose of this paper is to document these challenges, and provide a brief analysis of the lessons MAVEN learned. The historical information documented herein, derived from an internal pre-launch lessons learned analysis, can be used by current and future missions and organizations implementing and auditing GRC.

Information security management system planning for CBRN facilities

Energy Technology Data Exchange (ETDEWEB)

Lenaeu, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)

2015-12-01

The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

Information security management system planning for CBRN facilities

International Nuclear Information System (INIS)

Lenaeu, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

2015-01-01

The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

Managing Materials and Wastes for Homeland Security Incidents

Science.gov (United States)

To provide information on waste management planning and preparedness before a homeland security incident, including preparing for the large amounts of waste that would need to be managed when an incident occurs, such as a large-scale natural disaster.

Emergency management and homeland security: Exploring the relationship.

Science.gov (United States)

Kahan, Jerome H

2015-01-01

In the years after the 9/11 tragedy, the United States continues to face risks from all forms of major disasters, from potentially dangerous terrorist attacks to catastrophic acts of nature. Professionals in the fields of emergency management and homeland security have responsibilities for ensuring that all levels of government, urban areas and communities, nongovernmental organizations, businesses, and individual citizens are prepared to deal with such hazards though actions that reduce risks to lives and property. Regrettably, the overall efficiency and effectiveness of the nation's ability to deal with disasters is unnecessarily challenged by the absence of a common understanding on how these fields are related in the workforce and educational arenas. Complicating matters further is the fact that neither of these fields has developed agreed definitions. In many ways, homeland security and emergency management have come to represent two different worlds and cultures. These conditions can have a deleterious effect on preparedness planning for public and private stakeholders across the nation when coordinated responses among federal, state, and local activities are essential for dealing with consequential hazards. This article demonstrates that the fields of emergency management and homeland security share many responsibilities but are not identical in scope or skills. It argues that emergency management should be considered a critical subset of the far broader and more strategic field of homeland security. From analytically based conclusions, it recommends five steps that be taken to bring these fields closer together to benefit more from their synergist relationship as well as from their individual contributions.

Summary record of the topical session at WPDD-10: Management of large components from decommissioning to storage and disposal, 18-19 November 2009

International Nuclear Information System (INIS)

Dutzer, Michel

2010-01-01

At its tenth meeting, the WPDD held a topical session on Management of Large Components from Decommissioning to Storage and Disposal. The topical session was organised by a new task group of the WPDD that recently began work on this topic. The group is aiming to prepare a technical guide that provides a methodology to assess different management options and facilitates involvement of the different interested parties in the process of selecting the preferred management option. This report is made of 3 parts: Part 1 presents the Main Outcomes of Topical Session on Management of Large Components from Decommissioning to Storage and Disposal (Summary of Presentations and Discussions and Rapporteurs Report); Part 2 presents the Agenda of the Topical Session on Management of Large Components from Decommissioning to Storage and Disposal; and Part 3 is the List of Participants

Security management

International Nuclear Information System (INIS)

Adams, H.W.

1990-01-01

Technical progress is moving more and more quickly and the systems thus produced are so complex and have become so unclear to the individual that he can no longer estimate the consequences: Faith in progress has given way to deep mistrust. Companies have adjusted to this change in consciousness. An interesting tendency can be identified: technical security is already available - now the organization of security has become an important objective for companies. The key message of the book is: If outworn technical systems are no longer adequate, the organization must be thoroughly overhauled. Five chapters deal with the following themes: organization as an aspect of society; risk control; aspects of security; is there security in ADP; the broader concept of security. (orig./HP) [de

The Importance of the Security Culture in SMEs as Regards the Correct Management of the Security of Their Assets

Directory of Open Access Journals (Sweden)

Antonio Santos-Olmo

2016-07-01

Full Text Available The information society is increasingly more dependent on Information Security Management Systems (ISMSs, and the availability of these kinds of systems is now vital for the development of Small and Medium-Sized Enterprises (SMEs. However, these companies require ISMSs that have been adapted to their special features, and which are optimized as regards the resources needed to deploy and maintain them. This article shows how important the security culture within ISMSs is for SMEs, and how the concept of security culture has been introduced into a security management methodology (MARISMA is a Methodology for “Information Security Management System in SMEs” developed by the Sicaman Nuevas Tecnologías Company, Research Group GSyA and Alarcos of the University of Castilla-La Mancha. for SMEs. This model is currently being directly applied to real cases, thus allowing a steady improvement to be made to its implementation.

Managing domino effect-related security of industrial areas

NARCIS (Netherlands)

Reniers, Genserik L L; Dullaert, W.; Audenaert, Amaryllis; Ale, B. J.M.; Soudan, K.

In chemical enterprises, security managers are interested in easy-to-handle and user-friendly decision-support tools, providing them with straightforward information ready for implementation. Therefore, a theoretical conceptualization on how to manage-in a relatively simple way-the prevention and

Guidelines for developing NASA (National Aeronautics and Space Administration) ADP security risk management plans

Science.gov (United States)

Tompkins, F. G.

1983-01-01

This report presents guidance to NASA Computer security officials for developing ADP security risk management plans. The six components of the risk management process are identified and discussed. Guidance is presented on how to manage security risks that have been identified during a risk analysis performed at a data processing facility or during the security evaluation of an application system.

Identity and Access Management and Security in Higher Education.

Science.gov (United States)

Bruhn, Mark; Gettes, Michael; West, Ann

2003-01-01

Discusses the drivers for an identity management system (IdM), components of this system, and its role within a school security strategy, focusing on: basic access management; requirements for access management; middleware support for an access management system; IdM implementation considerations (e.g., access eligibilities, authentication…

IAEA to hold special session on nuclear terrorism

International Nuclear Information System (INIS)

2001-01-01

Experts from around the world are meeting at the IAEA this week for an international symposium on nuclear safeguards, verification, and security. A special session on 2 November focuses on the issue of combating nuclear terrorism. The Special Session, which will bring together experts on nuclear terrorism from around the world, will deal with the following issues: The Psychology of terrorism; Intelligence, police and border protection; Guarding nuclear reactors and material from terrorists and thieves; The threat of nuclear terrorism: Nuclear weapons or other nuclear explosive devices; The threat of nuclear terrorism: Intentional dispersal of radioactive material - Sabotage of fixed installations or transport systems; The Legal Framework: Treaties and Conventions, Laws; Regulations and Codes of Practice; IAEA Nuclear Security and Safety Programmes

Security Attributes Based Digital Rights Management

NARCIS (Netherlands)

Chong, C.N.; van Buuren, R.; van Buuren, R.F.; Hartel, Pieter H.; Kleinhuis, Geert; Boavida, F.; Monteiro, E.; Orvalho, J.

2002-01-01

Most real-life systems delegate responsibilities to different authorities. We apply this model to a digital rights management system, to achieve flexible security. In our model a hierarchy of authorities issues certificates that are linked by cryptographic means. This linkage establishes a chain of

An Overview of Economic Approaches to Information Security Management

NARCIS (Netherlands)

Su, X.

The increasing concerns of clients, particularly in online commerce, plus the impact of legislations on information security have compelled companies to put more resources in information security. As a result, senior managers in many organizations are now expressing a much greater interest in

CERN Technical Training: new courses on computer security

CERN Multimedia

HR Department

2009-01-01

Two new trainings are available at CERN concerning computer security. • How to create secure software? The "Developing secure software" course (3.5 hours) is designed for software programmers, both for regular software and Web applications. It covers main aspects of security in different phases of the software development lifecycle. The last, optional hour discusses security issues of Web application developers. This course, although not hands-on, is interactive and full of real-life examples. The first session of this course will take place, in English, on 21 April in the CERN Technical Training Centre. More sessions will be scheduled in 2009. • How to safely navigate and send mails? The "Secure e-mail and Web browsing" course is an entry-level 1.5-hour course designed to show how to detect and avoid typical security pitfalls encountered when e-mailing and browsing the Web. It is designed for non-technical users of Internet Explorer and Outlook. The first sessions ...

CERN Technical Training: new courses on computer security

CERN Multimedia

HR Department

2009-01-01

Two new trainings are available at CERN concerning computer security. • How to create secure software? The "Developing secure software" course (3.5 hours) is designed for software programmers, both for regular software and Web applications. It covers main aspects of security in different phases of the software development lifecycle. The last, optional hour discusses security issues of Web application developers. This course, although not hands-on, is interactive and full of real-life examples. The first session of this course will take place, in English, on 21 April in the CERN Technical Training Centre. More sessions will be scheduled in 2009. • How to safely navigate and send mails? The "Secure e-mail and Web browsing" course is an entry-level 1.5-hour course designed to show how to detect and avoid typical security pitfalls encountered when e-mailing and browsing the Web. It is designed for non-technical users of Internet Explorer and Outlook. The first sessions o...

CERN Technical Training: new courses on computer security

CERN Multimedia

HR Department

2009-01-01

Two new trainings are available at CERN concerning computer security. • How to create secure software? The "Developing secure software" course (3.5 hours) is designed for software programmers, both for regular software and Web applications. It covers main aspects of security in different phases of the software development lifecycle. The last, optional hour discusses security issues of Web application developers. This course, although not hands-on, is interactive and full of real-life examples. The first session of this course will take place, in English, on 21 April in the CERN Technical Training Center. More sessions will be scheduled in 2009. • How to safely navigate and send mails? The "Secure e-mail and Web browsing" course is an entry-level 1.5-hour training aimed to show how to detect and avoid typical security pitfalls encountered when e-mailing and browsing the Web. It is designed for non-technical users of Internet Explorer and Outlook. The first sessions o...

IAEA Meeting to Highlight Technologies to Safely Manage Radioactive Waste

International Nuclear Information System (INIS)

2014-01-01

The two-day Forum was divided into four sessions that follow the journey of radioactive waste from its generation to final disposal: The first session provided an overview of the peaceful uses of nuclear technologies, the radioactive waste they generate, and of integrated management approaches adapted to various waste classes, as well as associated economic, security and safeguards considerations; The second session developed the steps required to manage radioactive waste before its disposal; The third illustrated disposal solutions for radioactive waste that must remain under regulatory control; and The fourth and final session focused on how evolving nuclear technologies, such as better use of nuclear fuel, innovative fuels and advanced reactors and fuel cycles, could affect future waste management needs

Security Attributes Based Digital Rights Management

NARCIS (Netherlands)

Chong, C.N.; van Buuren, R.; Hartel, Pieter H.; Kleinhuis, Geert

ost real-life systems delegate responsibilities to di�erent authorities. We apply this model to a dig- ital rights management system, to achieve exible security. In our model a hierarchy of authorities issues certi�cates that are linked by cryptographic means. This linkage establishes a chain of

Using VO Concept for Managing Dynamic Security Associations

NARCIS (Netherlands)

Demchenko, Y.; Gommans, L.; de Laat, C.T.A.M.

2006-01-01

This research paper presents results of the analysis how the Virtual Organisation (VO) concept can be used for managing dynamic security associations in collaborative applications and for complex resource provisioning. The paper provides an overview of the current practice in VO management at the

The Effect of Information Security Management on Organizational Processes Integration in Supply Chain

OpenAIRE

Mohsen Shafiei Nikabadi; Ahmad Jafarian; Azam Jalili Bolhasani

2012-01-01

: The major purpose of this article was that how information security management has effect on supply chain integration and the effect of implementing "information security management system" on enhancing supplies chain integration. In this respect, current research was seeking a combination overview to these tow approaches (Information Security Management and Organizational Processes Integration by Enterprise Resources Planning System) and after that determined factors of these two import...

Homeland Security. Management Challenges Facing Federal Leadership

National Research Council Canada - National Science Library

2002-01-01

...) and the Office of Personnel Management (OPM). Additionally, due to the dynamic and evolving nature of the government's homeland security activities, some of our work described in this report has already appeared in congressional testimony...

An Agile Enterprise Regulation Architecture for Health Information Security Management

Science.gov (United States)

Chen, Ying-Pei; Hsieh, Sung-Huai; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

2010-01-01

Abstract Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital. PMID:20815748

An agile enterprise regulation architecture for health information security management.

Science.gov (United States)

Chen, Ying-Pei; Hsieh, Sung-Huai; Cheng, Po-Hsun; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

2010-09-01

Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital.

Security information and event management systems: benefits and inefficiencies

OpenAIRE

Κάτσαρης, Δημήτριος Σ.

2014-01-01

In this Master’s thesis, the new trend in computer and information security industry called Security Information and Event Management systems will be covered. The evolution, advantages and weaknesses of these systems will be described, as well as a home-based implementation with open source tools will be proposed and implemented.

Smartphone-based secure authenticated session sharing in Internet of Personal Things

Science.gov (United States)

Krishnan, Ram; Ninglekhu, Jiwan

2015-03-01

In the context of password-based authentication, a user can only memorize limited number of usernames and passwords. They are generally referred to as user-credentials. Longer character length of passwords further adds complication in mastering them. The expansion of the Internet and our growing dependency on it, has made it almost impossible for us to handle the big pool of user-credentials. Using simple, same or similar passwords is considered a poor practice, as it can easily be compromised by password cracking tools and social engineering attacks. Therefore, a robust and painless technique to manage personal credentials for websites is desirable. In this paper, a novel technique for user-credentials management via a smart mobile device such as a smartphone in a local network is proposed. We present a secure user-credential management scheme in which user's account login (username) and password associated with websites domain name is saved into the mobile device's database using a mobile application. We develop a custom browser extension application for client and use it to import user's credentials linked with the corresponding website from the mobile device via the local Wi-Fi network connection. The browser extension imports and identifies the authentication credentials and pushes them into the target TextBox locations in the webpage, ready for the user to execute. This scheme is suitably demonstrated between two personal devices in a local network.

Sustaining Operational Resiliency: A Process Improvement Approach to Security Management

National Research Council Canada - National Science Library

Caralli, Richard A

2006-01-01

... potential to significantly disrupt an organization's pursuit of its mission. Security, business continuity, and IT operations management are activities that traditionally support operational risk management...

The Effect of Information Security Management on Organizational Processes Integration in Supply Chain

Directory of Open Access Journals (Sweden)

Mohsen Shafiei Nikabadi

2012-03-01

Full Text Available : The major purpose of this article was that how information security management has effect on supply chain integration and the effect of implementing "information security management system" on enhancing supplies chain integration. In this respect, current research was seeking a combination overview to these tow approaches (Information Security Management and Organizational Processes Integration by Enterprise Resources Planning System and after that determined factors of these two important issue by factor analysis. Researchers using a series of comments in the automotive experts (production planning and management and supply chain experts and caregivers car makers and suppliers in the first level and second level supply chain industry. In this way, it has been done that impact on how information security management processes enterprise supply chain integration with the help of statistical correlation analysis. The results of this investigation indicated effect of "information security management system" various dimensions that were coordination of information, prevent human errors and hardware, the accuracy of information and education for users on two dimensions of internal and external integration of business processes, supply chain and finally, it can increased integration of business processes in supply chain. At the end owing to quite these results, deployment of "information security management system" increased the integration of organizational processes in supply chain. It could be demonstrate with the consideration of relation of organizational integration processes whit the level of coordination of information, prevent errors and accuracy of information throughout the supply chain.

76 FR 62439 - Order of Succession for the Office of Disaster Management and National Security

Science.gov (United States)

2011-10-07

... Office of Disaster Management and National Security AGENCY: Office of the Secretary, HUD. ACTION: Notice... Succession for the Office of Disaster Management and National Security. This is the first order of succession... L. McClure, Acting Chief Disaster and National Security Officer, Office of Disaster Management and...

Strategy and management of network security at KEK

International Nuclear Information System (INIS)

Kiyoharu Hashimoto; Teiji Nakamura; Hitoshi Hirose, Yukio Karita; Youhei Morita; Soh Suzuki; Fukuko Yuasa

2001-01-01

Recently the troubles related to the network security have often occurred at KEK. According to their security policy, the authors have started the strategy against the daily attacks. It consists of two fundamental things; the monitoring and the access control. To monitor the network, the authors have installed the intrusion detection system and have managed it since 1998. For the second thing, the authors arranged three categories to classify all hosts (about 5000 hosts) at KEK according to their security level. To realize these three categories, the authors filter the incoming packet from outside KEK whether it has a SYN flag or not. The network monitoring and the access control produced good effects in keeping the security level high. Since 2000 the authors have started the transition of LAN from shared-media network to switched network. Now almost part of LAN was re-configured and in this new LAN 10 Mbps 100 Mbps/1Gbps Ethernet are supported. Currently the authors are planning further speedup (10 Gbps) and redundancy of network. Not only LAN but also WAN, network speed will be upgraded to 10 Gbps thanks to the strong promotion of IT by Japanese government. In this very high speed network, the authors' current strategy will be affected and again the network security becomes a big issue. The authors describe the experiences in practice of the current strategy and management know-how together with the discussion on the new strategy

Exploring example models of cross-sector, sessional employment of pharmacists to improve medication management and pharmacy support in rural hospitals.

Science.gov (United States)

Tan, Amy Cw; Emmerton, Lynne M; Hattingh, Laetitia; La Caze, Adam

2015-01-01

Many rural hospitals in Australia are not large enough to sustain employment of a full-time pharmacist, or are unable to recruit or retain a full-time pharmacist. The absence of a pharmacist may result in hospital nurses undertaking medication-related roles outside their scope of practice. A potential solution to address rural hospitals' medication management needs is contracted part-time ('sessional') employment of a local pharmacist external to the hospital ('cross-sector'). The aim of this study was to explore the roles and experiences of pharmacists in their provision of sessional services to rural hospitals with no on-site pharmacist and explore how these roles could potentially address shortfalls in medication management in rural hospitals. A qualitative study was conducted to explore models with pharmacists who had provided sessional services to a rural hospital. A semi-structured interview guide was informed by a literature review, preliminary research and stakeholder consultation. Participants were recruited via advertisement and personal contacts. Consenting pharmacists were interviewed between August 2012 and January 2013 via telephone or Skype for 40-55 minutes. Thirteen pharmacists with previous or ongoing hospital sessional contracts in rural communities across Australia and New Zealand participated. Most commonly, the pharmacists provided weekly services to rural hospitals. All believed the sessional model was a practical solution to increase hospital access to pharmacist-mediated support and to address medication management gaps. Roles perceived to promote quality use of medicines were inpatient consultation services, medicines information/education to hospital staff, assistance with accreditation matters and system reviews, and input into pharmaceutical distribution activities. This study is the first to explore the concept of sessional rural hospital employment undertaken by pharmacists in Australia and New Zealand. Insights from participants

The cloud security ecosystem technical, legal, business and management issues

CERN Document Server

Ko, Ryan

2015-01-01

Drawing upon the expertise of world-renowned researchers and experts, The Cloud Security Ecosystem comprehensively discusses a range of cloud security topics from multi-disciplinary and international perspectives, aligning technical security implementations with the most recent developments in business, legal, and international environments. The book holistically discusses key research and policy advances in cloud security - putting technical and management issues together with an in-depth treaties on a multi-disciplinary and international subject. The book features contributions from key tho

Implementing Information Security and Its Technology: A LineManagement Perspective

Energy Technology Data Exchange (ETDEWEB)

Barletta, William A.

2005-08-22

Assuring the security and privacy of institutionalinformation assets is a complex task for the line manager responsible forinternational and multi-national transactions. In the face of an unsureand often conflicting international legal framework, the line managermust employ all available tools in an Integrated Security and PrivacyManagement framework that ranges from legal obligations, to policy, toprocedure, to cutting edge technology to counter the rapidly evolvingcyber threat to information assets and the physical systems thatinformation systems control.

17 CFR 240.3b-15 - Definition of ancillary portfolio management securities activities.

Science.gov (United States)

2010-04-01

... governing body of the dealer and included in the internal risk management control system for the dealer... of incidental trading activities for portfolio management purposes; and (3) Are limited to risk... portfolio management securities activities. 240.3b-15 Section 240.3b-15 Commodity and Securities Exchanges...

Crisis-management and the Security in the Internet

Science.gov (United States)

Harada, Izumi

This paper discusses about the crisis-management and the security in the Internet. The crime that not is so far occurs during widespread to the society of the Internet, and a big social trouble. Moreover, the problem of a new security such as a cyber war and cyber terrorism appeared, too. It is necessary to recognize such a situation, and to do both correspondences corresponding to the environmental transformation by government and the people.

An energy security management model using quality function deployment and system dynamics

International Nuclear Information System (INIS)

Shin, Juneseuk; Shin, Wan-Seon; Lee, Changyong

2013-01-01

An energy security management model using quality function deployment (QFD) and system dynamics (SD) is suggested for application in public policymaking in developing economies. Through QFD, experts are guided toward identifying key energy security components, including indicators and policies, and in making these components consistent, focused, and customized for a particular country. Using these components as inputs, we construct an intermediate complex system dynamics model with a minimal number of crucial interactions. Key policies are simulated and evaluated in terms of the improvement of key indicators. Even with little data, our approach provides a coherent, useful, and customized energy security management model to help policymakers more effectively manage national energy security. To demonstrate its advantages, the model is applied to the Korean gas sector as an example. - Highlights: ► We suggest an energy security management model for developing economies. ► We identify a consistent set of key components, indicators and policies by using QFD. ► A coherent and practical system dynamics model based on QFD's output is constructed. ► The model is applied to the Korean gas sector as an example

Program Management at the National Nuclear Security Administration Office of Defense Nuclear Security: A Review of Program Management Documents and Underlying Processes

International Nuclear Information System (INIS)

Madden, Michael S.

2010-01-01

The scope of this paper is to review the National Nuclear Security Administration Office of Defense Nuclear Security (DNS) program management documents and to examine the underlying processes. The purpose is to identify recommendations for improvement and to influence the rewrite of the DNS Program Management Plan (PMP) and the documentation supporting it. As a part of this process, over 40 documents required by DNS or its stakeholders were reviewed. In addition, approximately 12 other documents produced outside of DNS and its stakeholders were reviewed in an effort to identify best practices. The complete list of documents reviewed is provided as an attachment to this paper.

The Importance of Information Security Management in Crisis Prevention in the Company

OpenAIRE

Wawak, Slawomir

2010-01-01

Management information system can be compared to the nervous system of a company. Its malfunction may cause adverse effects in many different areas of the company. Information Security Management is understood as tool of the information confidentiality, availability and integrity assurance. An effective information security management system reduces the risk of crisis in the company. It also allows to reduce the effects of the crisis occurring outside the company.

Information security risk management and incompatible parts of organization

Energy Technology Data Exchange (ETDEWEB)

Talabeigi, E.; Naeeini, S.G.J.

2016-07-01

Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value: The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.

Information security risk management and incompatible parts of organization

International Nuclear Information System (INIS)

Talabeigi, E.; Naeeini, S.G.J.

2016-01-01

Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value: The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.

76 FR 60067 - Privacy Act of 1974; Department of Homeland Security Federal Emergency Management Agency-012...

Science.gov (United States)

2011-09-28

... 1974; Department of Homeland Security Federal Emergency Management Agency--012 Suspicious Activity... establish a new system of records titled, ``Department of Homeland Security/Federal Emergency Management... Department of Homeland Security/Federal Emergency Management Agency to collect, maintain, and retrieve...

INFORMATION SECURITY MANAGEMENT: FACTORS THAT INFLUENCE ITS ADOPTION IN SMALL AND MID-SIZED BUSINESSES

Directory of Open Access Journals (Sweden)

Abner da Silva Netto

2008-02-01

Full Text Available The objectives of this study were verify in what measure the small and medium companies accomplish the management security information and identify which factors influence the small and medium companies to adopt measures of management security information. The source research was exploratory-descriptive and the design used was the survey. The sample was compound of 43 metal production industries located in ABC region. According to management information security literature and Brazilian norm of information security were identified the tools or techniques of management security information and classified it into three layers: physic, logic and human. The study identified that the human layer is the one that presents the major shortage of cares in the companies followed by the logical one. The companies get used to have the antivirus as the main security tool/technique according to the researched companies to guarantee the safety of information. Besides that, the research showed that 59% of the companies have a safety satisfactory level and the main motivator factor to adopt the management security information is "to avoid possible financial loss”. On the other hand, all the inhibitors factors showed important to the researched companies like: lack of knowledge, investments value, organization culture and difficulty to measure cost/benefit.

Information security management: a proposal to improve the effectiveness of information security in the scientific research environment

International Nuclear Information System (INIS)

Alexandria, Joao Carlos Soares de

2009-01-01

The increase of the connectivity in the business environment, combined with the growing dependency of information systems, has become the information security management an important governance tool. Information security has as main goal to protect the business transactions in order to work normally. In this way, It will be safeguarding the business continuity. The threats of information come from hackers' attacks, electronic frauds and spying, as well as fire, electrical energy interruption and humans fault. Information security is made by implementation of a set of controls, including of the others politics, processes, procedures, organizational structures, software and hardware, which require a continuous management and a well established structure to be able to face such challenges. This work tried to search the reasons why the organizations have difficulties to make a practice of information security management. Many of them just limit to adopt points measures, sometimes they are not consistent with their realities. The market counts on enough quantity of standards and regulations related to information security issues, for example, ISO/IEC 27002, American Sarbanes-Oxley act, Basel capital accord, regulations from regulatory agency (such as the Brazilians ones ANATEL, ANVISA and CVM). The market researches have showed that the information security implementation is concentrated on a well-defined group of organization mainly formed by large companies and from specifics sectors of economy, for example, financial and telecommunication. However, information security must be done by all organizations that use information systems to carry out their activities, independently of its size or economic area that it belongs. The situation of information security in the governmental sector of Brazil, and inside its research institutions, is considered worrying by the Brazilian Court of Accounts (TCU). This research work presents an assessment and diagnostic proposal of

Management of information security risks in a federal public institution: a case study

Directory of Open Access Journals (Sweden)

Jackson Gomes Soares Souza

2016-11-01

Full Text Available Public institutions bound to the Brazilian federal public sector must apply security measures, policies, procedures and guidelines as information assets protection measures. This case study sought to determine whether the management of information security risks is applied in a federal public institution according to Information Technology (I.T. managers perceptions and the results expose the importance of the roles played by people, responsibilities, policies, standards, procedures and their implementation aiming greater control of information security risks and opportunities related to information technology security.

IT Security Vulnerability and Incident Response Management

NARCIS (Netherlands)

Hafkamp, W.H.M.; Paulus, S.; Pohlman, N.; Reimer, H.

2006-01-01

This paper summarises the results of a Dutch PhD research project on IT security vulnerability and incident response management, which is supervised by the University of Twente in the Netherlands and which is currently in its final stage. Vulnerabilities are ‘failures or weaknesses in computer

Managing Ethical Difficulties in Healthcare: Communicating in Inter-professional Clinical Ethics Support Sessions.

Science.gov (United States)

Grönlund, Catarina Fischer; Dahlqvist, Vera; Zingmark, Karin; Sandlund, Mikael; Söderberg, Anna

2016-12-01

Several studies show that healthcare professionals need to communicate inter-professionally in order to manage ethical difficulties. A model of clinical ethics support (CES) inspired by Habermas' theory of discourse ethics has been developed by our research group. In this version of CES sessions healthcare professionals meet inter-professionally to communicate and reflect on ethical difficulties in a cooperative manner with the aim of reaching communicative agreement or reflective consensus. In order to understand the course of action during CES, the aim of this study was to describe the communication of value conflicts during a series of inter-professional CES sessions. Ten audio- and video-recorded CES sessions were conducted over eight months and were analyzed by using the video analysis tool Transana and qualitative content analysis. The results showed that during the CES sessions the professionals as a group moved through the following five phases: a value conflict expressed as feelings of frustration, sharing disempowerment and helplessness, the revelation of the value conflict, enhancing realistic expectations, seeing opportunities to change the situation instead of obstacles. In the course of CES, the professionals moved from an individual interpretation of the situation to a common, new understanding and then to a change in approach. An open and permissive communication climate meant that the professionals dared to expose themselves, share their feelings, face their own emotions, and eventually arrive at a mutual shared reality. The value conflict was not only revealed but also resolved.

Robust and Efficient Authentication Scheme for Session Initiation Protocol

Directory of Open Access Journals (Sweden)

Yanrong Lu

2015-01-01

Full Text Available The session initiation protocol (SIP is a powerful application-layer protocol which is used as a signaling one for establishing, modifying, and terminating sessions among participants. Authentication is becoming an increasingly crucial issue when a user asks to access SIP services. Hitherto, many authentication schemes have been proposed to enhance the security of SIP. In 2014, Arshad and Nikooghadam proposed an enhanced authentication and key agreement scheme for SIP and claimed that their scheme could withstand various attacks. However, in this paper, we show that Arshad and Nikooghadam’s authentication scheme is still susceptible to key-compromise impersonation and trace attacks and does not provide proper mutual authentication. To conquer the flaws, we propose a secure and efficient ECC-based authentication scheme for SIP. Through the informal and formal security analyses, we demonstrate that our scheme is resilient to possible known attacks including the attacks found in Arshad et al.’s scheme. In addition, the performance analysis shows that our scheme has similar or better efficiency in comparison with other existing ECC-based authentication schemes for SIP.

Architecture of security management unit for safe hosting of multiple agents

Science.gov (United States)

Gilmont, Tanguy; Legat, Jean-Didier; Quisquater, Jean-Jacques

1999-04-01

In such growing areas as remote applications in large public networks, electronic commerce, digital signature, intellectual property and copyright protection, and even operating system extensibility, the hardware security level offered by existing processors is insufficient. They lack protection mechanisms that prevent the user from tampering critical data owned by those applications. Some devices make exception, but have not enough processing power nor enough memory to stand up to such applications (e.g. smart cards). This paper proposes an architecture of secure processor, in which the classical memory management unit is extended into a new security management unit. It allows ciphered code execution and ciphered data processing. An internal permanent memory can store cipher keys and critical data for several client agents simultaneously. The ordinary supervisor privilege scheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility. The result is a secure processor that has hardware support for extensible multitask operating systems, and can be used for both general applications and critical applications needing strong protection. The security management unit and the internal permanent memory can be added to an existing CPU core without loss of performance, and do not require it to be modified.

EFFICIENCY INDICATORS INFORMATION MANAGEMENT IN INTEGRATED SECURITY SYSTEMS

Directory of Open Access Journals (Sweden)

N. S. Rodionova

2014-01-01

Full Text Available Summary. Introduction of information technology to improve the efficiency of security activity leads to the need to consider a number of negative factors associated with in consequence of the use of these technologies as a key element of modern security systems. One of the most notable factor is the exposure to information processes in protection systems security threats. This largely relates to integrated security systems (ISS is the system of protection with the highest level of informatization security functions. Significant damage to protected objects that they could potentially incur as a result of abnormal operation ISS, puts a very actual problem of assessing factors that reduce the efficiency of the ISS to justify the ways and methods to improve it. Because of the nature of threats and blocking distortion of information in the ISS of interest are: the volume undistorted ISF working environment, as a characteristic of data integrity; time access to information as a feature of its availability. This in turn leads to the need to use these parameters as the performance characteristics of information processes in the ISS - the completeness and timeliness of information processing. The article proposes performance indicators of information processes in integrated security systems in terms of optimal control procedures to protect information from unauthorized access. Set the considered parameters allows to conduct comprehensive security analysis of integrated security systems, and to provide recommendations to improve the management of information security procedures in them.

Report: Fiscal Year 2011 Federal Information Security Management Act Report Status of EPA’s Computer Security Program

Science.gov (United States)

Report #12-P-0062, November 9, 2011. Attached is the Office of Inspector General’s (OIG’s) Fiscal Year 2011 Federal Information Security Management Act (FISMA) Reporting Template, as prescribed by the Office of Management and Budget (OMB).

Security-Enhanced Autonomous Network Management

Science.gov (United States)

Zeng, Hui

2015-01-01

Ensuring reliable communication in next-generation space networks requires a novel network management system to support greater levels of autonomy and greater awareness of the environment and assets. Intelligent Automation, Inc., has developed a security-enhanced autonomous network management (SEANM) approach for space networks through cross-layer negotiation and network monitoring, analysis, and adaptation. The underlying technology is bundle-based delay/disruption-tolerant networking (DTN). The SEANM scheme allows a system to adaptively reconfigure its network elements based on awareness of network conditions, policies, and mission requirements. Although SEANM is generically applicable to any radio network, for validation purposes it has been prototyped and evaluated on two specific networks: a commercial off-the-shelf hardware test-bed using Institute of Electrical Engineers (IEEE) 802.11 Wi-Fi devices and a military hardware test-bed using AN/PRC-154 Rifleman Radio platforms. Testing has demonstrated that SEANM provides autonomous network management resulting in reliable communications in delay/disruptive-prone environments.

Information security risk management and incompatible parts of organization

Directory of Open Access Journals (Sweden)

Elham Talabeigi

2016-11-01

Full Text Available Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value:  The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.

Indian parliamentarians meet to discuss population and food security.

Science.gov (United States)

1996-01-01

96 parliamentarians and state legislators attended a seminar on November 8 on food security, population, and development. The one-day meeting was held at the Parliament House Annex in New Delhi and organized by the Indian Association of Parliamentarians on Population and Development as part of a regional campaign to highlight the relationship between population and food security. The first session of the day focused upon the impact of population on food security and nutrition, the second session was on the strategy for food security through poverty alleviation, and the third session discussed food security through trade and self-sufficiency. The participants believe that population size is growing faster than food production. Furthermore, it is important to view both food production and the capacity of people to buy food. Poverty is rooted in unemployment and unemployment is the result of overpopulation. As such, overpopulation causes unemployment which results in the inability of the poor to buy food. A declaration was adopted at the seminar.

Managing the human factor in information security how to win over staff and influence business managers

CERN Document Server

Lacey, David

2009-01-01

With the growth in social networking and the potential for larger and larger breaches of sensitive data,it is vital for all enterprises to ensure that computer users adhere to corporate policy and project staff design secure systems. Written by a security expert with more than 25 years'' experience, this book examines how fundamental staff awareness is to establishing security and addresses such challenges as containing threats, managing politics, developing programs, and getting a business to buy into a security plan. Illustrated with real-world examples throughout, this is a must-have guide for security and IT professionals.

Report: Fiscal Year 2010 Federal Information Security Management Act Report

Science.gov (United States)

Report #11-P-0017, November 16, 2010. Attached is the Office of Inspector General’s (OIG’s) Fiscal Year 2010 Federal Information Security Management Act (FISMA) Reporting Template, as prescribed by the Office of Management and Budget (OMB).

Summary of southeastern group breakout sessions

Science.gov (United States)

Bob Ford; Charles P. Nicholson

1993-01-01

The breakout sessions held by the southeastern representatives at the Partners In Flight meeting in Colorado were extremely well attended Most states were represented, as well as several federal agencies (including USFS, USFWS, TVA, EPA), and non-government organizations. Two sessions were held, one to discuss a strategy of management by...

Securing a Home Energy Managing Platform

DEFF Research Database (Denmark)

Mikkelsen, Søren Aagaard; Jacobsen, Rune Hylsberg

2016-01-01

Energy management in households gets increasingly more attention in the struggle to integrate more sustainable energy sources. Especially in the electrical system, smart grid towards a better utilisation of the energy production and distribution infrastructure. The Home Energy Management System...... (HEMS) is a critical infrastructure component in this endeavour. Its main goal is to enable energy services utilising smart devices in the households based on the interest of the residential consumers and external actors. With the role of being both an essential link in the communication infrastructure...... for balancing the electrical grid and a surveillance unit in private homes, security and privacy become essential to address. In this chapter, we identify and address potential threats Home Energy Management Platform (HEMP) developers should consider in the progress of designing architecture, selecting hardware...

Practical Methods for Information Security Risk Management

Directory of Open Access Journals (Sweden)

Cristian AMANCEI

2011-01-01

Full Text Available The purpose of this paper is to present some directions to perform the risk man-agement for information security. The article follows to practical methods through question-naire that asses the internal control, and through evaluation based on existing controls as part of vulnerability assessment. The methods presented contains all the key elements that concurs in risk management, through the elements proposed for evaluation questionnaire, list of threats, resource classification and evaluation, correlation between risks and controls and residual risk computation.

Analysis of information security management systems at 5 domestic hospitals with more than 500 beds.

Science.gov (United States)

Park, Woo-Sung; Seo, Sun-Won; Son, Seung-Sik; Lee, Mee-Jeong; Kim, Shin-Hyo; Choi, Eun-Mi; Bang, Ji-Eon; Kim, Yea-Eun; Kim, Ok-Nam

2010-06-01

The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals. The ISMS check-list derived from international/domestic standards was distributed to each hospital to complete and the staff of each hospital was interviewed. Information Security Indicator and Information Security Values were used to estimate the present security levels and evaluate the application of each hospital's current system. With regard to the moderate clause of the ISMS, the hospitals were determined to be in compliance. The most vulnerable clause was asset management, in particular, information asset classification guidelines. The clauses of information security incident management and business continuity management were deemed necessary for the establishment of successful ISMS. The level of current ISMS in the hospitals evaluated was determined to be insufficient. Establishment of adequate ISMS is necessary to ensure patient privacy and the safe use of medical records for various purposes. Implementation of ISMS which meet international standards with a long-term and comprehensive perspective is of prime importance. To reflect the requirements of the varied interests of medical staff, consumers, and institutions, the establishment of political support is essential to create suitable hospital ISMS.

Trust Account Fraud And Effective Information Security Management

Directory of Open Access Journals (Sweden)

Sameera Mubarak

2010-09-01

Full Text Available The integrity of lawyers trust accounts has come under scrutiny in the last few years. There are strong possibilities of information technology security breaches happening within the firms, either accidental or deliberate. The damage caused by these security breaches could be extreme. For example, a trust account fund in an Australian law firm was misused in a security breach in which Telstra charged. A$50,000 for phone usage, mainly for ISD calls to Hong Kong.Our study involved interviewing principles of ten law companies to find out solicitors attitudes to computer security and the possibility of breaches of their trust accounts. We simultaneously carried out a survey to see if the trends identified in our case-studies could be backed up with broader quantitative data. We have also conducted in-depth interviews of 5 trust account regulators from the Law society of South Australia to know their view points on security threats on trust accounts. An overall finding highlights that law firms were not current with technology to combat computer crime, and inadequate access control was a major concern in safeguarding account data. Our conclusions revealed the urgent need for law firms to adopt security controls, implement information security policies and procedures and obtain cooperation from management to communicate these policies to staff.

Software for security event management: Development and utilization

Directory of Open Access Journals (Sweden)

Aleksandr V. Kuznetcov

2017-11-01

Full Text Available We address the challenge to the information security coming from the lack of algorithmic machinery for managing the security events. We start with a mathematical formulation of the problem for a tabular processor by introducing an appropriate target function. Details of corresponding algorithm can be found by following the provided links. We describe our original software module that implements the algorithm for determining the registered security events. The module is based on the tabular processor certified by the Russian Federal Service for Technical and Export Control. We present a control sample for testing the developed module. The sample has the dimension 30x20 and contains 14 choices for threshold values of security events number. The results of the tests comply with the specified boundary conditions and demonstrate a nonlinear dependence of the objective function on the number of registered security events, as well as a nonlinear dependence of the percentage of the detected security event on the total initial number of security events to be registered at the event source. The performance of the module specifically, the central processing unit usage is found acceptable (not exceeding 33%, which allows one to use the software for typical automated workplaces equipped with appropriate tabular processors. Our approach is universal with respect to the application areas.

Secure PVM

Energy Technology Data Exchange (ETDEWEB)

Dunigan, T.H.; Venugopal, N.

1996-09-01

This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user`s PVM application, or, optionally, security can be provided on a message-by message basis. Diffe-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.

78 FR 79298 - Securities Exempted; Distribution of Shares by Registered Open-End Management Investment Company...

Science.gov (United States)

2013-12-30

...] Securities Exempted; Distribution of Shares by Registered Open- End Management Investment Company...) 551-6792, Investment Company Rulemaking Office, Division of Investment Management, U.S. Securities and... Distribution of shares by registered open-end management investment company. * * * * * (g) If a plan covers...

Proposal for a security management in cloud computing for health care.

Science.gov (United States)

Haufe, Knut; Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.

Proposal for a Security Management in Cloud Computing for Health Care

Directory of Open Access Journals (Sweden)

Knut Haufe

2014-01-01

Full Text Available Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.

In acceptance we trust? Conceptualising acceptance as a viable approach to NGO security management.

Science.gov (United States)

Fast, Larissa A; Freeman, C Faith; O'Neill, Michael; Rowley, Elizabeth

2013-04-01

This paper documents current understanding of acceptance as a security management approach and explores issues and challenges non-governmental organisations (NGOs) confront when implementing an acceptance approach to security management. It argues that the failure of organisations to systematise and clearly articulate acceptance as a distinct security management approach and a lack of organisational policies and procedures concerning acceptance hinder its efficacy as a security management approach. The paper identifies key and cross-cutting components of acceptance that are critical to its effective implementation in order to advance a comprehensive and systematic concept of acceptance. The key components of acceptance illustrate how organisational and staff functions affect positively or negatively an organisation's acceptance, and include: an organisation's principles and mission, communications, negotiation, programming, relationships and networks, stakeholder and context analysis, staffing, and image. The paper contends that acceptance is linked not only to good programming, but also to overall organisational management and structures. © 2013 The Author(s). Journal compilation © Overseas Development Institute, 2013.

Once more unto the breach managing information security in an uncertain world

CERN Document Server

Simmons, Andrea C

2012-01-01

In Once more unto the Breach, Andrea C Simmons speaks directly to information security managers and provides an insider's view of the role, offering priceless gems from her extensive experience and knowledge. Based on a typical year in the life of an information security manager, the book examines how the general principles can be applied to all situations and discusses the lessons learnt from a real project.

Strategic information security

CERN Document Server

Wylder, John

2003-01-01

Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

Analysis of Information Security Management Systems at 5 Domestic Hospitals with More than 500 Beds

OpenAIRE

Park, Woo-Sung; Seo, Sun-Won; Son, Seung-Sik; Lee, Mee-Jeong; Kim, Shin-Hyo; Choi, Eun-Mi; Bang, Ji-Eon; Kim, Yea-Eun; Kim, Ok-Nam

2010-01-01

Objectives The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals. Methods The ISMS check-list derived from international/domestic standards was distributed to each hospital to com...

Information Security Intelligence as a Basis for Modern Information Security Management

OpenAIRE

Natalia Georgievna Miloslavskaya; Aleksandr Ivanovich Tolstoy

2013-01-01

There is a transfer from the simple Log Management Systems and SIEM systems to those supporting Information Security Intelligence (ISI). ISIe as Business Intelligence enables companies to make more informed business decisions through more effective processing of great volumes of available information concerning their IT infrastructure. The relevance of such a transition is defined. The main goal and advantage of ISI are highlighted. The basic functionality of computer-based systems for ISI ar...

FlySec: a risk-based airport security management system based on security as a service concept

Science.gov (United States)

Kyriazanos, Dimitris M.; Segou, Olga E.; Zalonis, Andreas; Thomopoulos, Stelios C. A.

2016-05-01

Complementing the ACI/IATA efforts, the FLYSEC European H2020 Research and Innovation project (http://www.fly-sec.eu/) aims to develop and demonstrate an innovative, integrated and end-to-end airport security process for passengers, enabling a guided and streamlined procedure from the landside to airside and into the boarding gates, and offering for an operationally validated innovative concept for end-to-end aviation security. FLYSEC ambition turns through a well-structured work plan into: (i) innovative processes facilitating risk-based screening; (ii) deployment and integration of new technologies and repurposing existing solutions towards a risk-based Security paradigm shift; (iii) improvement of passenger facilitation and customer service, bringing security as a real service in the airport of tomorrow;(iv) achievement of measurable throughput improvement and a whole new level of Quality of Service; and (v) validation of the results through advanced "in-vitro" simulation and "in-vivo" pilots. On the technical side, FLYSEC achieves its ambitious goals by integrating new technologies on video surveillance, intelligent remote image processing and biometrics combined with big data analysis, open-source intelligence and crowdsourcing. Repurposing existing technologies is also in the FLYSEC objectives, such as mobile application technologies for improved passenger experience and positive boarding applications (i.e. services to facilitate boarding and landside/airside way finding) as well as RFID for carry-on luggage tracking and quick unattended luggage handling. In this paper, the authors will describe the risk based airport security management system which powers FLYSEC intelligence and serves as the backend on top of which FLYSEC's front end technologies reside for security services management, behaviour and risk analysis.

Certified training for nuclear and radioactive source security management

International Nuclear Information System (INIS)

Johnson, Daniel

2017-01-01

Radioactive sources are used by hospitals, research facilities and industry for such purposes as diagnosing and treating illnesses, sterilising equipment and inspecting welds. Unfortunately, many States, regulatory authorities and licensees may not appreciate how people with malevolent intentions could use radioactive sources, and statistics confirm that a number of security incidents happen around the globe. The adversary could be common thieves, activists, insiders, terrorists and organised crime groups. Mitigating this risk requires well trained and competent staff who have developed the knowledge, attributes and skills necessary to successfully discharge their security responsibilities. The International Atomic Energy Agency and the World Institute for Nuclear Security are leading international training efforts. The target audience is a multi-disciplinary group of professionals with management responsibilities for security at facilities with radioactive sources. These efforts to promote training and competence amongst practitioners have been recognised at the 2014 and 2016 Nuclear Security and Nuclear Industry Summits. (author)

Security analysis and enhanced user authentication in proxy mobile IPv6 networks.

Directory of Open Access Journals (Sweden)

Dongwoo Kang

Full Text Available The Proxy Mobile IPv6 (PMIPv6 is a network-based mobility management protocol that allows a Mobile Node(MN connected to the PMIPv6 domain to move from one network to another without changing the assigned IPv6 address. The user authentication procedure in this protocol is not standardized, but many smartcard based authentication schemes have been proposed. Recently, Alizadeh et al. proposed an authentication scheme for the PMIPv6. However, it could allow an attacker to derive an encryption key that must be securely shared between MN and the Mobile Access Gate(MAG. As a result, outsider adversary can derive MN's identity, password and session key. In this paper, we analyze Alizadeh et al.'s scheme regarding security and propose an enhanced authentication scheme that uses a dynamic identity to satisfy anonymity. Furthermore, we use BAN logic to show that our scheme can successfully generate and communicate with the inter-entity session key.

Security analysis and enhanced user authentication in proxy mobile IPv6 networks.

Science.gov (United States)

Kang, Dongwoo; Jung, Jaewook; Lee, Donghoon; Kim, Hyoungshick; Won, Dongho

2017-01-01

The Proxy Mobile IPv6 (PMIPv6) is a network-based mobility management protocol that allows a Mobile Node(MN) connected to the PMIPv6 domain to move from one network to another without changing the assigned IPv6 address. The user authentication procedure in this protocol is not standardized, but many smartcard based authentication schemes have been proposed. Recently, Alizadeh et al. proposed an authentication scheme for the PMIPv6. However, it could allow an attacker to derive an encryption key that must be securely shared between MN and the Mobile Access Gate(MAG). As a result, outsider adversary can derive MN's identity, password and session key. In this paper, we analyze Alizadeh et al.'s scheme regarding security and propose an enhanced authentication scheme that uses a dynamic identity to satisfy anonymity. Furthermore, we use BAN logic to show that our scheme can successfully generate and communicate with the inter-entity session key.

The role of national security culture in crisis management : the case of Kardak crisis

OpenAIRE

Savaş, Özlem

2008-01-01

Ankara : The Department of International Relations, Bilkent University, 2008. Thesis (Master's) -- Bilkent University, 2008. Includes bibliographical references leaves 94-103. This thesis analyzes the role of national security culture in crisis management. The use and significance of national security culture in the management of a crisis is the main concern discussed throughout this study. It is assumed that national security culture serves as the main guideline of states d...

Security and VO management capabilities in a large-scale Grid operating system

OpenAIRE

Aziz, Benjamin; Sporea, Ioana

2014-01-01

This paper presents a number of security and VO management capabilities in a large-scale distributed Grid operating system. The capabilities formed the basis of the design and implementation of a number of security and VO management services in the system. The main aim of the paper is to provide some idea of the various functionality cases that need to be considered when designing similar large-scale systems in the future.

78 FR 43890 - Privacy Act of 1974; Department of Homeland Security, Federal Emergency Management Agency-006...

Science.gov (United States)

2013-07-22

... titled, ``Department of Homeland Security/Federal Emergency Management Agency--006 Citizen Corps Database... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0049] Privacy Act of 1974; Department of Homeland Security, Federal Emergency Management Agency--006 Citizen Corps Program...

Multi-agent integrated password management (MIPM) application secured with encryption

Science.gov (United States)

Awang, Norkhushaini; Zukri, Nurul Hidayah Ahmad; Rashid, Nor Aimuni Md; Zulkifli, Zuhri Arafah; Nazri, Nor Afifah Mohd

2017-10-01

Users use weak passwords and reuse them on different websites and applications. Password managers are a solution to store login information for websites and help users log in automatically. This project developed a system that acts as an agent managing passwords. Multi-Agent Integrated Password Management (MIPM) is an application using encryption that provides users with secure storage of their login account information such as their username, emails and passwords. This project was developed on an Android platform with an encryption agent using Java Agent Development Environment (JADE). The purpose of the embedded agents is to act as a third-party software to ease the encryption process, and in the future, the developed encryption agents can form part of the security system. This application can be used by the computer and mobile users. Currently, users log into many applications causing them to use unique passwords to prevent password leaking. The crypto agent handles the encryption process using an Advanced Encryption Standard (AES) 128-bit encryption algorithm. As a whole, MIPM is developed on the Android application to provide a secure platform to store passwords and has high potential to be commercialised for public use.

Information Security Intelligence as a Basis for Modern Information Security Management

Directory of Open Access Journals (Sweden)

Natalia Georgievna Miloslavskaya

2013-12-01

Full Text Available There is a transfer from the simple Log Management Systems and SIEM systems to those supporting Information Security Intelligence (ISI. ISIe as Business Intelligence enables companies to make more informed business decisions through more effective processing of great volumes of available information concerning their IT infrastructure. The relevance of such a transition is defined. The main goal and advantage of ISI are highlighted. The basic functionality of computer-based systems for ISI are determined.

Information Systems Security Management: A Review and a Classification of the ISO Standards

Science.gov (United States)

Tsohou, Aggeliki; Kokolakis, Spyros; Lambrinoudakis, Costas; Gritzalis, Stefanos

The need for common understanding and agreement of functional and non-functional requirements is well known and understood by information system designers. This is necessary for both: designing the "correct" system and achieving interoperability with other systems. Security is maybe the best example of this need. If the understanding of the security requirements is not the same for all involved parties and the security mechanisms that will be implemented do not comply with some globally accepted rules and practices, then the system that will be designed will not necessarily achieve the desired security level and it will be very difficult to securely interoperate with other systems. It is therefore clear that the role and contribution of international standards to the design and implementation of security mechanisms is dominant. In this paper we provide a state of the art review on information security management standards published by the International Organization for Standardization and the International Electrotechnical Commission. Such an analysis is meaningful to security practitioners for an efficient management of information security. Moreover, the classification of the standards in the clauses of ISO/IEC 27001:2005 that results from our analysis is expected to provide assistance in dealing with the plethora of security standards.

Enterprise security IT security solutions : concepts, practical experiences, technologies

CERN Document Server

Fumy, Walter

2013-01-01

Addressing IT managers and staff, as well as CIOs and other executives dealing with corporate IT security, this book provides a broad knowledge on the major security issues affecting today's corporations and organizations, and presents state-of-the-art concepts and current trends for securing an enterprise.Areas covered include information security management, network and system security, identity and access management (IAM), authentication (including smart card based solutions and biometrics), and security certification. In-depth discussion of relevant technologies and standards (including cr

Instant collaboration: Using context-aware instant messaging for session management in distributed collaboration tools

DEFF Research Database (Denmark)

Hansen, Klaus Marius; Damm, Christian Heide

2002-01-01

Distributed collaboration has become increasingly important, and instant messaging has become widely used for distributed communication. We present findings from an investigation of instant messaging use for work-related activities in a commercial setting. Based on these findings, we propose...... a lightweight session management design for distributed collaboration tools based on context-aware instant messaging. An implementation of this design is presented and an ongoing evaluation is discussed....

EUROATLANTIC SECURITY AND CRISIS MANAGEMENT

Directory of Open Access Journals (Sweden)

Constantin MINCU

2011-06-01

Full Text Available This article briefly presents the international security environment developments, evaluated in a realistic way in the new ,,Strategic Concept – NATO (Lisbon 2010"; potential threats and hazards, both military and non-military, are present on a global, regional, national scale, determining an adequate NATO and EU reaction, and also from the member states. States and organizations currently pay and will pay special attention to building up and strengthening viable and effective systems of ”Emergency Situations (Crisis Management". This is also the case of Romania which has started this complex and expensive process in 2004, with satisfying results until now.

Information security risk management for computerized health information systems in hospitals: a case study of Iran.

Science.gov (United States)

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

Symmetric Link Key Management for Secure Neighbor Discovery in a Decentralized Wireless Sensor Network

Science.gov (United States)

2017-09-01

KEY MANAGEMENT FOR SECURE NEIGHBOR DISCOVERY IN A DECENTRALIZED WIRELESS SENSOR NETWORK by Kelvin T. Chew September 2017 Thesis Advisor...and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188) Washington, DC 20503. 1. AGENCY USE ONLY (Leave blank) 2. REPORT...DATE September 2017 3. REPORT TYPE AND DATES COVERED Master’s thesis 4. TITLE AND SUBTITLE SYMMETRIC LINK KEY MANAGEMENT FOR SECURE NEIGHBOR

Scope and approach to management of mixed wastes: introduction to the session

International Nuclear Information System (INIS)

Ausmus, B.S.

1986-01-01

Mixed wastes are those that are termed both radioactive and chemically hazardous based on regulatory criteria in the United States. Historically, mixed wastes that could be classified as radioactive wastes were treated, stored, and disposed under statutes governing radioactive wastes. In recent years, it has become apparent that: (a) hazardous wastes are generated in nuclear facilities; (b) many wastes are both radioactive and chemically hazardous; and (c) the management of chemically hazardous wastes and mixed wastes requires reexamination of current waste treatment/disposal methods and development/implementation of modified methods. The purpose of this session is to discuss specific aspects of the mixed waste management problems and to provide a forum for discussion of the technical and institutional barriers to problem solutions. The paper addresses several mixed waste problems and current approaches to their solutions, including: (1) mixed waste management in fuel cycle facilities; (2) mixed waste management in a US Dept. of Energy production facility; and (3) mixed wastes impacts on 10CFR61 compliance. Technical and institutional approaches to mixed waste management are explored in three areas: (1) alternatives for treatment prior to shallow land disposal; (2) potential benefits of recovery of strategic/critical materials from mixed wastes; and (3) shallow land disposal system compatibilities/problems

Certified Training for Nuclear and Radioactive Source Security Management.

Science.gov (United States)

Johnson, Daniel

2017-04-01

Radioactive sources are used by hospitals, research facilities and industry for such purposes as diagnosing and treating illnesses, sterilising equipment and inspecting welds. Unfortunately, many States, regulatory authorities and licensees may not appreciate how people with malevolent intentions could use radioactive sources, and statistics confirm that a number of security incidents happen around the globe. The adversary could be common thieves, activists, insiders, terrorists and organised crime groups. Mitigating this risk requires well trained and competent staff who have developed the knowledge, attributes and skills necessary to successfully discharge their security responsibilities. The International Atomic Energy Agency and the World Institute for Nuclear Security are leading international training efforts. The target audience is a multi-disciplinary group of professionals with management responsibilities for security at facilities with radioactive sources. These efforts to promote training and competence amongst practitioners have been recognised at the 2014 and 2016 Nuclear Security and Nuclear Industry Summits. © The Author 2016. Published by Oxford University Press. All rights reserved. For Permissions, please email: journals.permissions@oup.com.

The Concept of Defense Management in the 21st Century within Indonesia Maritime Security Framework

Directory of Open Access Journals (Sweden)

Herlina Juni Risma Saragih

2018-03-01

Full Text Available Conflict of Maritime Security in the Asia Pacific region, especially South China Sea is a conflict that has long occurred and a problem that is often raised both in a regional and international level. Related to the conflict takes Strategy and Management of the State's defense to anticipate the impact of the conflict situations on defense and security of the region. The purpose of this study is to analyze the concept of Defence Management Indonesia in the 21st century in the context of Indonesian Maritime Security, Case Studies U.S Rebalancing in Asia Pacific and South China Sea conflict, as well as to determine the readiness of Defence Management capabilities in the face of threats. The method used is a qualitative method of data collection methods through in-depth interview to the informant. The results showed that in order to improve maritime security in Indonesia has not been implemented in a structured and comprehensive defense in accordance with the management perspective of the countries more advanced, especially on defense preparedness in logistics management as a managing and defense equipment avaible owned by Indonesia government. Based on these results it is suggested the need for socialization implementation of Defense Management in Asia Pacific by Indonesia government in the context of Maritime Security comprehensively.

Is emergency management an integrated element of business continuity management? A case study with security professionals in Western Australia.

Science.gov (United States)

Frohde, Kenny; Brooks, David J

Emergency management (EM) and business continuity management (BCM) frameworks incorporate various strategic and operational measures. Defined within a number of national and international standards and guidelines, such concepts may be integrated within one another to provide increased resilience to disruptive events. Nevertheless, there is a degree of dispute regarding concept integration among security and EM professionals and bodies of knowledge. In line with cognitive psychology exemplar-based concepts, such disputes may be associated with a lack of precision in communality in the approach to EM and BCM. This paper presents a two-stage study, where stage 1 critiqued national and international literature and stage 2 applied semi-structured interviews with security managers in Western Australia. Findings indicate the existence of contradictory views on EM and its integration within BCM. As such, this study concludes that EM is considered a vital component of BCM by the majority of security managers. However, there is broader dispute regarding its degree of integration. Understanding the underpinnings of such disputes will aid in raising the standards and application of professionalism within security, EM and BCM domains, supporting clarification and definition of professional boundaries.

A Polynomial Subset-Based Efficient Multi-Party Key Management System for Lightweight Device Networks.

Science.gov (United States)

Mahmood, Zahid; Ning, Huansheng; Ghafoor, AtaUllah

2017-03-24

Wireless Sensor Networks (WSNs) consist of lightweight devices to measure sensitive data that are highly vulnerable to security attacks due to their constrained resources. In a similar manner, the internet-based lightweight devices used in the Internet of Things (IoT) are facing severe security and privacy issues because of the direct accessibility of devices due to their connection to the internet. Complex and resource-intensive security schemes are infeasible and reduce the network lifetime. In this regard, we have explored the polynomial distribution-based key establishment schemes and identified an issue that the resultant polynomial value is either storage intensive or infeasible when large values are multiplied. It becomes more costly when these polynomials are regenerated dynamically after each node join or leave operation and whenever key is refreshed. To reduce the computation, we have proposed an Efficient Key Management (EKM) scheme for multiparty communication-based scenarios. The proposed session key management protocol is established by applying a symmetric polynomial for group members, and the group head acts as a responsible node. The polynomial generation method uses security credentials and secure hash function. Symmetric cryptographic parameters are efficient in computation, communication, and the storage required. The security justification of the proposed scheme has been completed by using Rubin logic, which guarantees that the protocol attains mutual validation and session key agreement property strongly among the participating entities. Simulation scenarios are performed using NS 2.35 to validate the results for storage, communication, latency, energy, and polynomial calculation costs during authentication, session key generation, node migration, secure joining, and leaving phases. EKM is efficient regarding storage, computation, and communication overhead and can protect WSN-based IoT infrastructure.

Masters in Nuclear Security

International Nuclear Information System (INIS)

Rickwood, Peter

2013-01-01

Continuing global efforts to improve the security of nuclear and other radioactive material against the threat of malicious acts are being assisted by a new initiative, the development of a corps of professional experts to strengthen nuclear security. The IAEA, the European Commission, universities, research institutions and other bodies working in collaboration have established an International Nuclear Security Education Network (INSEN). In 2011, six European academic institutions, the Vienna University of Technology, the Brandenburg University of Applied Sciences, the Demokritos National Centre for Scientific Research in Greece, the Reactor Institute Delft of the Delft University of Technology in the Netherlands, the University of Oslo, and the University of Manchester Dalton Nuclear Institute, started developing a European Master of Science Programme in Nuclear Security Management. In March 2013, the masters project was inaugurated when ten students commenced studies at the Brandenburg University of Applied Sciences in Germany for two weeks. In April, they moved to the Delft University of Technology in the Netherlands for a further two weeks of studies. The pilot programme consists of six teaching sessions in different academic institutions. At the inauguration in Delft, IAEA Director General Yukiya Amano commended this effort to train a new generation of experts who can help to improve global nuclear security. ''It is clear that we will need a new generation of policy-makers and nuclear professionals - people like you - who will have a proper understanding of the importance of nuclear security,'' Mr. Amano told students and faculty members. ''The IAEA's goal is to support the development of such programmes on a global basis,'' said David Lambert, Senior Training Officer in the IAEA's Office of Nuclear Security. ''An existing postgraduate degree programme focused on nuclear security at Naif Arab University for Security Sciences (NAUSS) is currently supported by

ORACLE DATABASE SECURITY

OpenAIRE

Cristina-Maria Titrade

2011-01-01

This paper presents some security issues, namely security database system level, data level security, user-level security, user management, resource management and password management. Security is a constant concern in the design and database development. Usually, there are no concerns about the existence of security, but rather how large it should be. A typically DBMS has several levels of security, in addition to those offered by the operating system or network. Typically, a DBMS has user a...

Information security risk management for computerized health information systems in hospitals: a case study of Iran

Science.gov (United States)

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

VIRTUAL COGNITIVE CENTERS AS INTELLIGENT SYSTEMS FOR MANAGEMENT INFORMATION SUPPORT OF REGIONAL SECURITY

Directory of Open Access Journals (Sweden)

A. V. Masloboev

2014-03-01

Full Text Available The paper deals with engineering problems and application perspectives of virtual cognitive centers as intelligent systems for information support of interagency activities in the field of complex security management of regional development. A research prototype of virtual cognitive center for regional security management in crisis situations, implemented as hybrid cloud service based on IaaS architectural framework with the usage of multi-agent and web-service technologies has been developed. Virtual cognitive center is a training simulator software system and is intended for solving on the basis of distributed simulation such problems as: strategic planning and forecasting of risk-sustainable development of regional socioeconomic systems, agents of management interaction specification synthesis for regional components security in different crisis situations within the planning stage of joint anti-crisis actions.

Load control services in the management of power system security costs

International Nuclear Information System (INIS)

Jayantilal, A.; Strbac, G.

1999-01-01

The new climate of deregulation in the electricity industry is creating a need for a more transparent cost structure and within this framework the cost of system security has been a subject of considerable interest. Traditionally power system security has been supplied by out-of-merit generation, in the short term, and transmission reinforcement, in the long term. This paper presents a method of analysing the role of load-demand in the management of power system security costs by utilising load control services (LCS). It also proposes a competitive market to enable bidding from various participants within the electricity industry to supply system security. (author)

Using a Prediction Model to Manage Cyber Security Threats

Directory of Open Access Journals (Sweden)

Venkatesh Jaganathan

2015-01-01

Full Text Available Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

Using a Prediction Model to Manage Cyber Security Threats.

Science.gov (United States)

Jaganathan, Venkatesh; Cherurveettil, Priyesh; Muthu Sivashanmugam, Premapriya

2015-01-01

Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

Using a Prediction Model to Manage Cyber Security Threats

Science.gov (United States)

Muthu Sivashanmugam, Premapriya

2015-01-01

Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization. PMID:26065024

Spring security 3.x cookbook

CERN Document Server

Mankale, Anjana

2013-01-01

This book follows a cookbook style exploring various security solutions provided by Spring Security for various vulnerabilities and threat scenarios that web applications may be exposed to at the authentication and session level layers.This book is for all Spring-based application developers as well as Java web developers who wish to implement robust security mechanisms into web application development using Spring Security.Readers are assumed to have a working knowledge of Java web application development, a basic understanding of the Spring framework, and some knowledge of the fundamentals o

Key Management for Secure Multicast over IPv6 Wireless Networks

Directory of Open Access Journals (Sweden)

Siddiqi Mohammad Umar

2006-01-01

Full Text Available Multicasting is an efficient method for transmission and routing of packets to multiple destinations using fewer network resources. Along with widespread deployment of wireless networks, secure multicast over wireless networks is an important and challenging goal. In this paper, we extend the scope of a recent new key distribution scheme to a security framework that offers a novel solution for secure multicast over IPv6 wireless networks. Our key management framework includes two scenarios for securely distributing the group key and rekey messages for joining and leaving a mobile host in secure multicast group. In addition, we perform the security analysis and provide performance comparisons between our approach and two recently published scenarios. The benefits of our proposed techniques are that they minimize the number of transmissions required to rekey the multicast group and impose minimal storage requirements on the multicast group. In addition, our proposed schemes are also very desirable from the viewpoint of transmission bandwidth savings since an efficient rekeying mechanism is provided for membership changes and they significantly reduce the required bandwidth due to key updating in mobile networks. Moreover, they achieve the security and scalability requirements in wireless networks.

Group versus individual sessions delivered by a physiotherapist for female urinary incontinence: an interview study with women attending group sessions nested within a randomised controlled trial

Directory of Open Access Journals (Sweden)

Smith Jan

2009-09-01

Full Text Available Abstract Background The aim was to explore the concerns and expectations of women invited to attend group physiotherapy sessions for the management of female urinary incontinence and whether the experience changed their views; and to gather recommendations from women attending group sessions on the design and delivery of these sessions Methods An interview study nested within a randomised controlled trial in five British NHS physiotherapy departments, including 22 women who had expressed a preference for an individual physiotherapy session but were randomised to, and attended, group sessions. Results Embarrassment was woven throughout women's accounts of experiencing urinary incontinence and seeking health care. Uncertainty about the nature of group sessions was a source of concern. Attending the first session was seen as a big hurdle by many women. However, a sense of relief was common once the session started, with most women describing some benefit from attendance. Recommendations for design and delivery of the sessions from women focused on reducing embarrassment and uncertainty prior to attendance. Conclusion Taking account of women's embarrassment and providing detailed information about the content of group sessions will enable women to benefit from group physiotherapy sessions for the management of female urinary incontinence. Trial Registration Trial registration number: ISRCTN 16772662

Information Technology Management: Social Security Administration Practices Can Be Improved

National Research Council Canada - National Science Library

Shaw, Clay

2001-01-01

To improve SSAs IT management practices, we recommend that the Acting Commissioner of Social Security direct the Chief Information Officer and the Deputy Commissioner for Systems to complete the following actions...

Group Policy Fundamentals, Security, and the Managed Desktop

CERN Document Server

Moskowitz, Jeremy

2010-01-01

The ultimate Group Policy guide-now updated for Windows 7 and Server 2008 R2!. IT and network administrators can streamline their Windows Server management tasks by using Group Policy tools to automate or implement rules, processes, or new security across the enterprise. In this comprehensive guide, Microsoft Group Policy MVP Jeremy Moskowitz thoroughly explores Group Policy across all Windows platforms, including the latest on Windows 7 and Server 2008 R2. If you're a Windows network administrator managing scores of users and computers, you need this essential reference on your desk.: Covers

Three Essays on Information Technology Security Management in Organizations

Science.gov (United States)

Gupta, Manish

2011-01-01

Increasing complexity and sophistication of ever evolving information technologies has spurred unique and unprecedented challenges for organizations to protect their information assets. Companies suffer significant financial and reputational damage due to ineffective information technology security management, which has extensively been shown to…

SESSION V: INTEGRATED APPROACHES IN LAND AND WATER ...

African Journals Online (AJOL)

SESSION V: INTEGRATED APPROACHES IN LAND AND WATER MANAGEMENT RESEARCH/LAND AND WATER MANAGEMENT ECONOMICS AND POLICY - Socioeconomic implications of improved forage species on smallholder farms in Kenya.

Database and applications security integrating information security and data management

CERN Document Server

Thuraisingham, Bhavani

2005-01-01

This is the first book to provide an in-depth coverage of all the developments, issues and challenges in secure databases and applications. It provides directions for data and application security, including securing emerging applications such as bioinformatics, stream information processing and peer-to-peer computing. Divided into eight sections, each of which focuses on a key concept of secure databases and applications, this book deals with all aspects of technology, including secure relational databases, inference problems, secure object databases, secure distributed databases and emerging

TECHNIQUE OF OPTIMAL AUDIT PLANNING FOR INFORMATION SECURITY MANAGEMENT SYSTEM

Directory of Open Access Journals (Sweden)

F. N. Shago

2014-03-01

Full Text Available Complication of information security management systems leads to the necessity of improving the scientific and methodological apparatus for these systems auditing. Planning is an important and determining part of information security management systems auditing. Efficiency of audit will be defined by the relation of the reached quality indicators to the spent resources. Thus, there is an important and urgent task of developing methods and techniques for optimization of the audit planning, making it possible to increase its effectiveness. The proposed technique gives the possibility to implement optimal distribution for planning time and material resources on audit stages on the basis of dynamics model for the ISMS quality. Special feature of the proposed approach is the usage of a priori data as well as a posteriori data for the initial audit planning, and also the plan adjustment after each audit event. This gives the possibility to optimize the usage of audit resources in accordance with the selected criteria. Application examples of the technique are given while planning audit information security management system of the organization. The result of computational experiment based on the proposed technique showed that the time (cost audit costs can be reduced by 10-15% and, consequently, quality assessments obtained through audit resources allocation can be improved with respect to well-known methods of audit planning.

77 FR 2133 - Debt Management Advisory Committee Meeting

Science.gov (United States)

2012-01-13

..., pursuant to 5 U.S.C. App. 2, Sec. 10(a)(2), that a meeting will be held at the Hay-Adams Hotel, 16th Street... management advisory committee: Treasury Borrowing Advisory Committee of the Securities Industry and Financial... his designate that the Committee discuss particular issues and conduct a working session. Following...

78 FR 62941 - Debt Management Advisory Committee Meeting

Science.gov (United States)

2013-10-22

..., pursuant to 5 U.S.C. App. 2, Sec. 10(a)(2), that a meeting will be held at the Hay-Adams Hotel, 16th Street... management advisory committee: Treasury Borrowing Advisory Committee of The Securities Industry and Financial... his designate that the Committee discuss particular issues and conduct a working session. Following...

78 FR 22034 - Debt Management Advisory Committee Meeting

Science.gov (United States)

2013-04-12

..., pursuant to 5 U.S.C. App. 2, Sec. 10(a)(2), that a meeting will be held at the Hay-Adams Hotel, 16th Street... management advisory committee: Treasury Borrowing Advisory Committee of The Securities Industry and Financial... his designate that the Committee discuss particular issues and conduct a working session. Following...

Information Security Management Practices of K-12 School Districts

Science.gov (United States)

Nyachwaya, Samson

2013-01-01

The research problem addressed in this quantitative correlational study was the inadequacy of sound information security management (ISM) practices in K-12 school districts, despite their increasing ownership of information assets. Researchers have linked organizational and sociotechnical factors to the implementation of information security…

A novel proposed network security management approach for cyber attacks

International Nuclear Information System (INIS)

Ahmed, Z.; Nazir, B.; Zafar, M.F.; Anwar, M.M.; Azam, K.; Asar, A.U.

2007-01-01

Network security is a discipline that focuses on securing networks from unauthorized access. Given the Escalating threats of malicious cyber attacks, modern enterprises employ multiple lines of defense. A comprehensive defense strategy against such attacks should include (I) an attack detection component that deter- mines the fact that a program is compromised, (2) an attack identification and prevention component that identifies attack packets so that one can block such packets in the future and prevents the attack from further propagation. Over the last decade, a significant amount of research has been vested in the systems that can detect cyber attacks either statically at compile time or dynamically at run time, However, not much effort is spent on automated attack packet identification or attack prevention. In this paper we present a unified solution to the problems mentioned above. We implemented this solution after the forward engineering of Open Source Security Information Management (OSSIM) system called Preventive Information Security management (PrISM) system that correlates input from different sensors so that the resulting product can automatically detect any cyber attack against it and prevents by identifying the actual attack packet(s). The PrISM was always able to detect the attacks, identify the attack packets and most often prevent by blocking the attacker's IP address to continue normal execution. There is no additional run-time performance overhead for attack prevention. (author)

Leadership, Management, and Organization for National Security Space: Report to Congress of the Independent Assessment Panel on the Organization and Management of National Security Space

National Research Council Canada - National Science Library

Young, A. T; Anderson, Edward; Bien, Lyle; Fogleman, Ronald R; Hall, Keith; Lyles, Lester; Mark, Hans

2008-01-01

The Independent Assessment Panel (IAP) was chartered to review and assess the DoD management and organization of National Security in Space and make appropriate recommendations to strengthen the U.S. position...

Enforcement actions and their effectiveness in securities regulation: Empirical evidence from management earnings forecasts

Directory of Open Access Journals (Sweden)

Yunling Song

2012-03-01

Full Text Available Due to resource constraints, securities regulators cannot find or punish all firms that have conducted irregular or even illegal activities (hereafter referred to as fraud. Those who study securities regulations can only find the instances of fraud that have been punished, not those that have not been punished, and it is these unknown cases that would make the best control sample for studies of enforcement action criteria. China’s mandatory management earnings forecasts solve this sampling problem. In the A-share market, firms that have not forecasted as mandated are likely in a position to be punished by securities regulators or are attempting to escape punishment, and their identification allows researchers to build suitable study and control samples when examining securities regulations. Our results indicate that enforcement actions taken by securities regulators are selective. The probability that a firm will be punished for irregular management forecasting is significantly related to proxies for survival rates. Specifically, fraudulent firms with lower return on assets (ROAs or higher cash flow risk are more likely to be punished. Further analysis shows that selective enforcement of regulations has had little positive effect on the quality of listed firms’ management forecasts.

A NEW FORM OF SECURITY COOPERATION AND COLLECTIVECONFLICT MANAGEMENT IN THE POST COLD WARINTERNATIONAL SYSTEM

Directory of Open Access Journals (Sweden)

Sinem KOCAMAZ

2011-01-01

Full Text Available International security environment changed completely after the Cold War.During the Cold War years security challenges wereshaped by competitive powerrelations between Soviet Union and the United States. On the other hand after theend of the Cold War, global security was redefinedand wide range of securitychallenges and threats occurred. After fragmentation of security threats, newthreats emerged such as terrorist attacks, massacres which are made by humansown governments, chronic politic instabilities, environmental degradations etc.Under these circumstances new forms of security cooperation became more vitalin order to cope with these complex challenges. Inthis respect third partiesbecame an actor to manage conflicts, security challenges and crises. Unliketraditional nation-state intervention, regional organizations, international agenciesand non-governmental organizations became more active in conflict managementprocess. In this framework this study will evaluateperformance and theeffectiveness of the main actors in the collectiveconflict management (CCMprocess.

Survey on Security Issues in File Management in Cloud Computing Environment

Science.gov (United States)

Gupta, Udit

2015-06-01

Cloud computing has pervaded through every aspect of Information technology in past decade. It has become easier to process plethora of data, generated by various devices in real time, with the advent of cloud networks. The privacy of users data is maintained by data centers around the world and hence it has become feasible to operate on that data from lightweight portable devices. But with ease of processing comes the security aspect of the data. One such security aspect is secure file transfer either internally within cloud or externally from one cloud network to another. File management is central to cloud computing and it is paramount to address the security concerns which arise out of it. This survey paper aims to elucidate the various protocols which can be used for secure file transfer and analyze the ramifications of using each protocol.

Information Security Management as a Bridge in Cloud Systems from Private to Public Organizations

Directory of Open Access Journals (Sweden)

Myeonggil Choi

2015-08-01

Full Text Available Cloud computing has made it possible for private companies to make rapid changes in their computing environments. However, in the public sector, security issues hinder institutions from adopting cloud computing. To solve these security challenges, in this paper, we propose a methodology for information security management, which quantitatively classifies the importance of information in cloud systems in the public sector. In this study, we adopt a Delphi approach to establish the classification criteria of the proposed methodology in an objective and systematic manner. Further, through a case study of a public corporation, we try to validate the usefulness of the proposed methodology. The results of this study will help public institutions to consider introducing cloud computing and to manage cloud systems effectively and securely.

Information governance and security protecting and managing your company's proprietary information

CERN Document Server

Iannarelli, John G

2014-01-01

Information Governance and Security shows managers in any size organization how to create and implement the policies, procedures and training necessary to keep their organization's most important asset-its proprietary information-safe from cyber and physical compromise. Many intrusions can be prevented if appropriate precautions are taken, and this book establishes the enterprise-level systems and disciplines necessary for managing all the information generated by an organization. In addition, the book encompasses the human element by considering proprietary information lost, damaged, or destroyed through negligence. By implementing the policies and procedures outlined in Information Governance and Security, organizations can proactively protect their reputation against the threats that most managers have never even thought of. Provides a step-by-step outline for developing an information governance policy that is appropriate for your organization Includes real-world examples and cases to help illustrate key ...

Cyber indicators of compromise: a domain ontology for security information and event management

Science.gov (United States)

2017-03-01

heuristics, mapping, and detection. CybOX is aimed at supporting a broad range of important cyber security domains to include [31]: • Digital...REPORT TYPE AND DATES COVERED Master’s thesis 4. TITLE AND SUBTITLE CYBER INDICATORS OF COMPROMISE: A DOMAIN ONTOLOGY FOR SECURITY INFORMATION AND...Distribution is unlimited. CYBER INDICATORS OF COMPROMISE: A DOMAIN ONTOLOGY FOR SECURITY INFORMATION AND EVENT MANAGEMENT Marsha D. Rowell

User Behaviours Associated with Password Security and Management

Directory of Open Access Journals (Sweden)

Kay Bryant

2006-11-01

Full Text Available Control mechanisms established on the boundary of an information system are an important preliminary step to minimising losses from security breaches. The primary function of such controls is to restrict the use of information systems and resources to authorized users. Password-based systems remain the predominant method of user authentication despite the many sophisticated and viable security alternatives that have emerged from research and development. However, the literature shows that passwords are often compromised through the poor security and management practices of users. This paper examines user password composition and security practices for email accounts. The results of a survey that examines user practice in creating and using passwords are reported. The results show that many users know about the risks of hackers, viruses and so on and take preliminary steps to combat them such as having passwords longer than eight characters. However, this appears to be as far as many users are willing to accede to the probability that their information and computing resources can be compromised. This paper makes some recommendations for the education of users in creating and maintaining their passwords. The responsibility for these educational programs can be shared between governments, organisations, educational institutions at all levels, and software vendors.

A governor's guide to emergency management. Volume two : homeland security

Science.gov (United States)

2002-09-19

Homeland security is a complex challenge that demands significant investment; collaboration among local, state, and federal governments; and integration with the private sector. The purpose of A Governor's Guide to Emergency Management Volume Two: Ho...

An enhanced password authentication scheme for session initiation protocol with perfect forward secrecy.

Science.gov (United States)

Qiu, Shuming; Xu, Guoai; Ahmad, Haseeb; Guo, Yanhui

2018-01-01

The Session Initiation Protocol (SIP) is an extensive and esteemed communication protocol employed to regulate signaling as well as for controlling multimedia communication sessions. Recently, Kumari et al. proposed an improved smart card based authentication scheme for SIP based on Farash's scheme. Farash claimed that his protocol is resistant against various known attacks. But, we observe some accountable flaws in Farash's protocol. We point out that Farash's protocol is prone to key-compromise impersonation attack and is unable to provide pre-verification in the smart card, efficient password change and perfect forward secrecy. To overcome these limitations, in this paper we present an enhanced authentication mechanism based on Kumari et al.'s scheme. We prove that the proposed protocol not only overcomes the issues in Farash's scheme, but it can also resist against all known attacks. We also provide the security analysis of the proposed scheme with the help of widespread AVISPA (Automated Validation of Internet Security Protocols and Applications) software. At last, comparing with the earlier proposals in terms of security and efficiency, we conclude that the proposed protocol is efficient and more secure.

An enhanced password authentication scheme for session initiation protocol with perfect forward secrecy

Science.gov (United States)

2018-01-01

The Session Initiation Protocol (SIP) is an extensive and esteemed communication protocol employed to regulate signaling as well as for controlling multimedia communication sessions. Recently, Kumari et al. proposed an improved smart card based authentication scheme for SIP based on Farash’s scheme. Farash claimed that his protocol is resistant against various known attacks. But, we observe some accountable flaws in Farash’s protocol. We point out that Farash’s protocol is prone to key-compromise impersonation attack and is unable to provide pre-verification in the smart card, efficient password change and perfect forward secrecy. To overcome these limitations, in this paper we present an enhanced authentication mechanism based on Kumari et al.’s scheme. We prove that the proposed protocol not only overcomes the issues in Farash’s scheme, but it can also resist against all known attacks. We also provide the security analysis of the proposed scheme with the help of widespread AVISPA (Automated Validation of Internet Security Protocols and Applications) software. At last, comparing with the earlier proposals in terms of security and efficiency, we conclude that the proposed protocol is efficient and more secure. PMID:29547619

Managing Radioactive Waste. Problems and Challenges in a Globalizing World

International Nuclear Information System (INIS)

2010-09-01

Many countries are at a crossroads in terms of maintaining their energy supply. The existing resources of fossil fuels are dwindling, and global warming makes their use increasingly problematic. Nuclear power is now often regarded inevitable for future sustainability, energy security, and economic prosperity. There are, however, still unsolved problems regarding nuclear power. The fact that no country has established a final waste repository for spent nuclear fuel throws fundamental doubt on nuclear energy expansion. Also, the processes of globalization have transformed the nuclear industry towards increased privatization, concentration, and internationalization. This leads to uncertainties regarding the responsibility for nuclear waste management. In these circumstances is it of greatest importance that scholars from different disciplines, as well as policy makers and practitioners within the field, meet to share experiences. This conference had the general objective of producing knowledge about the challenges caused by global developmental trends, and what the management of nuclear waste implies for contemporary and future social development. Over 100 persons attended the conferences. Papers available at the conference site have been separately indexed. Several contributions were also made as PP-presentation, which are available at the site, among others the Keynote Speeches: Waiting for the Nuclear Renaissance: Exploring the Nexus of Expansion and Disposal in Europe (Jane Dawson); Applying the Risk Governance Framework: Institutional Requirements for Dealing with Nuclear Waste (Ortwin Renn); Learning to Listen: The Long Road to Legitimating Radioactive Waste Management Policies (Frans Berkhout); The Nuclear Waste Debate is Irrational but We Need Not Panic (Frank von Hippel). The conference was divided into the following sessions: Session A: Political characteristics matters; Session B: Radioactivity, geology, society. On a problem definition of HLW-management

Managing Radioactive Waste. Problems and Challenges in a Globalizing World

Energy Technology Data Exchange (ETDEWEB)

2010-09-15

Many countries are at a crossroads in terms of maintaining their energy supply. The existing resources of fossil fuels are dwindling, and global warming makes their use increasingly problematic. Nuclear power is now often regarded inevitable for future sustainability, energy security, and economic prosperity. There are, however, still unsolved problems regarding nuclear power. The fact that no country has established a final waste repository for spent nuclear fuel throws fundamental doubt on nuclear energy expansion. Also, the processes of globalization have transformed the nuclear industry towards increased privatization, concentration, and internationalization. This leads to uncertainties regarding the responsibility for nuclear waste management. In these circumstances is it of greatest importance that scholars from different disciplines, as well as policy makers and practitioners within the field, meet to share experiences. This conference had the general objective of producing knowledge about the challenges caused by global developmental trends, and what the management of nuclear waste implies for contemporary and future social development. Over 100 persons attended the conferences. Papers available at the conference site have been separately indexed. Several contributions were also made as PP-presentation, which are available at the site, among others the Keynote Speeches: Waiting for the Nuclear Renaissance: Exploring the Nexus of Expansion and Disposal in Europe (Jane Dawson); Applying the Risk Governance Framework: Institutional Requirements for Dealing with Nuclear Waste (Ortwin Renn); Learning to Listen: The Long Road to Legitimating Radioactive Waste Management Policies (Frans Berkhout); The Nuclear Waste Debate is Irrational but We Need Not Panic (Frank von Hippel). The conference was divided into the following sessions: Session A: Political characteristics matters; Session B: Radioactivity, geology, society. On a problem definition of HLW-management

The information systems security officer's guide establishing and managing an information protection program

CERN Document Server

Kovacich, Gerald L

2003-01-01

Information systems security continues to grow and change based on new technology and Internet usage trends. In order to protect your organization's confidential information, you need information on the latest trends and practical advice from an authority you can trust. The new ISSO Guide is just what you need. Information Systems Security Officer's Guide, Second Edition, from Gerald Kovacich has been updated with the latest information and guidance for information security officers. It includes more information on global changes and threats, managing an international information secur

Security, privacy and ethics in electronic records management in the ...

African Journals Online (AJOL)

Security, privacy and ethics in electronic records management in the South African public sector. ... Computers have become such valuable tools for conducting business ... One great advantage of the computers is the ease with which a large

US-China Security Management: Assessing the Military-to-Miltary Relationship

National Research Council Canada - National Science Library

Pollpeter, Kevin

2004-01-01

.... This study documents the history of U.S. security management with China from 1971 to the present and, based on that history, examines the arguments for and against conducting certain types of activities with the PLA...

Security of pipeline facilities

Energy Technology Data Exchange (ETDEWEB)

Lee, S.C. [Alberta Energy and Utilities Board, Calgary, AB (Canada); Van Egmond, C.; Duquette, L. [National Energy Board, Calgary, AB (Canada); Revie, W. [Canada Centre for Mineral and Energy Technology, Ottawa, ON (Canada)

2005-07-01

This working group provided an update on provincial, federal and industry directions regarding the security of pipeline facilities. The decision to include security issues in the NEB Act was discussed as well as the Pipeline Security Management Assessment Project, which was created to establish a better understanding of existing security management programs as well as to assist the NEB in the development and implementation of security management regulations and initiatives. Amendments to the NEB were also discussed. Areas of pipeline security management assessment include physical safety management; cyber and information security management; and personnel security. Security management regulations were discussed, as well as implementation policies. Details of the Enbridge Liquids Pipelines Security Plan were examined. It was noted that the plan incorporates flexibility for operations and is integrated with Emergency Response and Crisis Management. Asset characterization and vulnerability assessments were discussed, as well as security and terrorist threats. It was noted that corporate security threat assessment and auditing are based on threat information from the United States intelligence community. It was concluded that the oil and gas industry is a leader in security in North America. The Trans Alaska Pipeline Incident was discussed as a reminder of how costly accidents can be. Issues of concern for the future included geographic and climate issues. It was concluded that limited resources are an ongoing concern, and that the regulatory environment is becoming increasingly prescriptive. Other concerns included the threat of not taking international terrorism seriously, and open media reporting of vulnerability of critical assets, including maps. tabs., figs.

Bibliography on peace, security, and international conflict management

International Nuclear Information System (INIS)

Anon.

1993-01-01

This bibliography presents an annotated list of approximately one hundred titles for public libraries seeking to serve the college-educated nonspecialist in the fields of peace, security, and international conflict management. representative titles have been selected in eight subject areas: (1) arms control, disarmament, and proliferation; (2) causes and nature of international conflict; (3) conflict management, diplomacy, and negotiation; (4) human rights and ethnic and religious conflicts; (5) international law and international order; (6) international organizations and transnationalism; (7) other approaches to, and overviews of, security and peace; and (8) religion and ethics. Three criteria determined selection of titles: the book is in print and is expected to remain in print for the foreseeable future; the book is of interest to the college-educated lay reader with a serious interest in the subject; and the list, as a whole, illustrates the full spectrum of debate, both in selection of topics and selection of titles. As an aid to the identification and acquisition of any of these materials, the editors have provided a bibliographic citation with an annotation that includes the following: author, title, statement of responsibility, publisher, publication information, pagination, and ISBN or ISSN

The 68th Session of the International Labour Conference, June 1982.

Science.gov (United States)

International Labour Review, 1982

1982-01-01

This year's session adopted new standards such as maintenance of migrant workers' social security rights, protection of workers against unjustified dismissal, and vocational rehabilitation. This article describes the conference's examination of these technical agenda items, and its annual review of the application of Conventions and…

Security credentials management system (SCMS) design and analysis for the connected vehicle system : draft.

Science.gov (United States)

2013-12-27

This report presents an analysis by Booz Allen Hamilton (Booz Allen) of the technical design for the Security Credentials Management System (SCMS) intended to support communications security for the connected vehicle system. The SCMS technical design...

Computer Security: the security marathon, part 2

CERN Multimedia

Computer Security Team

2014-01-01

Do you recall our latest article on the “Security Marathon” (see here) and why it’s wrong to believe that computer security is a sprint, that a quick hack is invulnerable, that quick bug-fixing is sufficient, that plugging security measures on top of existing structures is a good idea, that once you are secure, your life is cosy?   In fact, security is a marathon for us too. Again and again, we have felt comfortable with the security situation at CERN, with dedicated protections deployed on individual hosts, with the security measures deployed by individual service managers, with the attentiveness and vigilance of our users, and with the responsiveness of the Management. Again and again, however, we subsequently detect or receive reports that this is wrong, that protections are incomplete, that security measures are incomplete, that security awareness has dropped. Thus, unfortunately, we often have to go back to square one and address similar issues over and over...

A computer science approach to managing security in health care.

Science.gov (United States)

Asirelli, P; Braccini, G; Caramella, D; Coco, A; Fabbrini, F

2002-09-01

The security of electronic medical information is very important for health care organisations, which have to ensure confidentiality, integrity and availability of the information provided. This paper will briefly outline the legal measures adopted by the European Community, Italy and the United States to regulate the use and disclosure of medical records. It will then go on to highlight how information technology can help to address these issues with special reference to the management of organisation policies. To this end, we will present a modelling example for the security policy of a radiological department.

Quantifiably secure power grid operation, management, and evolution :

Energy Technology Data Exchange (ETDEWEB)

Gray, Genetha Anne.; Watson, Jean-Paul; Silva Monroy, Cesar Augusto; Gramacy, Robert B.

2013-09-01

This report summarizes findings and results of the Quantifiably Secure Power Grid Operation, Management, and Evolution LDRD. The focus of the LDRD was to develop decisionsupport technologies to enable rational and quantifiable risk management for two key grid operational timescales: scheduling (day-ahead) and planning (month-to-year-ahead). Risk or resiliency metrics are foundational in this effort. The 2003 Northeast Blackout investigative report stressed the criticality of enforceable metrics for system resiliency the grids ability to satisfy demands subject to perturbation. However, we neither have well-defined risk metrics for addressing the pervasive uncertainties in a renewable energy era, nor decision-support tools for their enforcement, which severely impacts efforts to rationally improve grid security. For day-ahead unit commitment, decision-support tools must account for topological security constraints, loss-of-load (economic) costs, and supply and demand variability especially given high renewables penetration. For long-term planning, transmission and generation expansion must ensure realized demand is satisfied for various projected technological, climate, and growth scenarios. The decision-support tools investigated in this project paid particular attention to tailoriented risk metrics for explicitly addressing high-consequence events. Historically, decisionsupport tools for the grid consider expected cost minimization, largely ignoring risk and instead penalizing loss-of-load through artificial parameters. The technical focus of this work was the development of scalable solvers for enforcing risk metrics. Advanced stochastic programming solvers were developed to address generation and transmission expansion and unit commitment, minimizing cost subject to pre-specified risk thresholds. Particular attention was paid to renewables where security critically depends on production and demand prediction accuracy. To address this

New Session of introductory “E-Groups Training”

CERN Multimedia

2013-01-01

The session provides a short introduction of E-Groups and how to use it to efficiently manage mailing lists at CERN. Alongside a general overview of the E-Groups application, E-Groups specific terminology, the management of dynamic and static groups and the specific settings for mails and archives are discussed in detail.   The course is intended to give newcomers a clear idea of what E-Groups are and how they can be used at CERN. It should enable users to be more efficient when being confronted in particular with: the creation of dynamic and static E-groups and the decision whether the one or the other type is more appropriate, the management of E-group memberships, and the setting of mailing/archiving related properties. The session will also focus on some best practices and give general advice on how to use E-Groups. This introductory training session is given jointly by members of the IT-OIS and GS-AIS groups and is intended for any member at CERN potentially being confronted with the ...

On the security of SSL/TLS-enabled applications

OpenAIRE

Das, Manik Lal; Samdaria, Navkar

2014-01-01

SSL/TLS (Secure Socket Layer/Transport Layer Security)-enabled web applications aim to provide public key certificate based authentication, secure session key establishment, and symmetric key based traffic confidentiality. A large number of electronic commerce applications, such as stock trading, banking, shopping, and gaming rely on the security strength of the SSL/TLS protocol. In recent times, a potential threat, known as main-in-the-middle (MITM) attack, has been exploited by attackers of...

75 FR 75188 - Listening Session Regarding Improving the Accessibility of Government Information

Science.gov (United States)

2010-12-02

... SOCIAL SECURITY ADMINISTRATION Listening Session Regarding Improving the Accessibility of... of diverse communities and provide better solutions, the U.S. Council of CIOs, in collaboration with... out of? What technologies should the Federal government use that would enhance your interactions with...

Security risks in nuclear waste management: Exceptionalism, opaqueness and vulnerability.

Science.gov (United States)

Vander Beken, Tom; Dorn, Nicholas; Van Daele, Stijn

2010-01-01

This paper analyses some potential security risks, concerning terrorism or more mundane forms of crime, such as fraud, in management of nuclear waste using a PEST scan (of political, economic, social and technical issues) and some insights of criminologists on crime prevention. Nuclear waste arises as spent fuel from ongoing energy generation or other nuclear operations, operational contamination or emissions, and decommissioning of obsolescent facilities. In international and EU political contexts, nuclear waste management is a sensitive issue, regulated specifically as part of the nuclear industry as well as in terms of hazardous waste policies. The industry involves state, commercial and mixed public-private bodies. The social and cultural dimensions--risk, uncertainty, and future generations--resonate more deeply here than in any other aspect of waste management. The paper argues that certain tendencies in regulation of the industry, claimed to be justified on security grounds, are decreasing transparency and veracity of reporting, opening up invisible spaces for management frauds, and in doing allowing a culture of impunity in which more serious criminal or terrorist risks could arise. What is needed is analysis of this 'exceptional' industry in terms of the normal cannons of risk assessment - a task that this paper begins. Copyright 2009 Elsevier Ltd. All rights reserved.

The Economic Security of the City in the Strategic Management System

Directory of Open Access Journals (Sweden)

Hubarieva Iryna O.

2017-03-01

Full Text Available The article investigates the problem of economic security of the city in the strategic management system. The article describes the process of ensuring the economic security of the city. The organizational approach was approved using the example of Kharkiv city. The list of threats to the economic security of the city and their urgency is justified by combining such methods as expert surveys, SWOT-analysis and the hierarchy analysis method. There proposed a methodical approach to assessing the economic security of the city based on a hierarchically built system of indices (integral, complex and partial, which allowed determining the level of economic security of the city and imbalances in the development of its functional components. It is proposed to work out scenarios for ensuring the economic security of the city by combining the cognitive modeling and the scenario approach, which makes it possible to determine directions of the implementation of the strategy for ensuring the economic security of the city and choose leverages of state regulation. There presented a mechanism for ensuring the economic security of the city, which includes the following elements: an action plan to implement the strategy for ensuring the economic security of the city; institutional and organizational support; programming and project planning; scientific and methodological support; financial support. The obtained results reveal, deepen and establish conceptual foundations for ensuring the economic security of the city.

Closing session

International Nuclear Information System (INIS)

2014-01-01

This part makes a summary of the different sessions and discussions of the workshop in a series of slide presentations: Summary of Opening Session; Summary of Session 1: Analysis of External Hazard Potential; Summary of session 2: Specific features of analysis and modeling of particular natural external hazards; Summary of session-3: Practices and research efforts on natural external events PSA; Summary of session 4: Modeling of NPP response to natural external events in PSA; Summary of session 5: Seismic Risk Analysis; Summary of session 6: Use of external events PSA with the focus on regulatory body role; Facilitated discussion 1 summary: Where do we stand in the analysis of external events?; Summary Facilitated Discussion 2: Findings and Good Practices for External Events Analysis

Working session 3: Tubing integrity

International Nuclear Information System (INIS)

Cueto-Felgueroso, C.; Strosnider, J.

1997-01-01

Twenty-three individuals representing nine countries (Belgium, Canada, the Czech Republic, France, Japan, the Slovak Republic, Spain, the UK, and the US) participated in the session on tube integrity. These individuals represented utilities, vendors, consultants and regulatory authorities. The major subjects discussed by the group included overall objectives of managing steam generator tube degradation, necessary elements of a steam generator degradation management program, the concept of degradation specific management, structural integrity evaluations, leakage evaluations, and specific degradation mechanisms. The group's discussions on these subjects, including conclusions and recommendations, are summarized in this article

Advanced Approach to Information Security Management System Model for Industrial Control System

Directory of Open Access Journals (Sweden)

Sanghyun Park

2014-01-01

Full Text Available Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS. ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

Advanced approach to information security management system model for industrial control system.

Science.gov (United States)

Park, Sanghyun; Lee, Kyungho

2014-01-01

Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

Advanced Approach to Information Security Management System Model for Industrial Control System

Science.gov (United States)

2014-01-01

Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS. PMID:25136659

On Security Management: Improving Energy Efficiency, Decreasing Negative Environmental Impact, and Reducing Financial Costs for Data Centers

Directory of Open Access Journals (Sweden)

Katarzyna Mazur

2015-01-01

Full Text Available Security management is one of the most significant issues in nowadays data centers. Selection of appropriate security mechanisms and effective energy consumption management together with caring for the environment enforces a profound analysis of the considered system. In this paper, we propose a specialized decision support system with a multilevel, comprehensive analysis scheme. As a result of the extensive use of mathematical methods and statistics, guidelines and indicators returned by the proposed approach facilitate the decision-making process and conserve decision-maker’s time and attention. In the paper we utilized proposed multilevel analysis scheme to manage security-based data flow in the example data center. Determining the most secure, energy-efficient, environmental friendly security mechanisms, we implemented the role-based access control method in Quality of Protection Modeling Language (QoP-ML and evaluated its performance in terms of mentioned factors.

Information Systems Security Audit

OpenAIRE

Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

2007-01-01

The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

Discussion on the Technology and Method of Computer Network Security Management

Science.gov (United States)

Zhou, Jianlei

2017-09-01

With the rapid development of information technology, the application of computer network technology has penetrated all aspects of society, changed people's way of life work to a certain extent, brought great convenience to people. But computer network technology is not a panacea, it can promote the function of social development, but also can cause damage to the community and the country. Due to computer network’ openness, easiness of sharing and other characteristics, it had a very negative impact on the computer network security, especially the loopholes in the technical aspects can cause damage on the network information. Based on this, this paper will do a brief analysis on the computer network security management problems and security measures.

Ballmer, Barrett weigh in on security

CERN Multimedia

Sullivan, T

2003-01-01

ORLANDO, Fla. - Speaking in separate sessions Tuesday at the Gartner Symposium/ITxpo, Microsoft CEO Steve Ballmer and Intel's chief Craig Barrett discussed the problems of computer/network security (1/2 page).

The corporate security professional

DEFF Research Database (Denmark)

Petersen, Karen Lund

2013-01-01

In our age of globalization and complex threat environments, every business is called upon to manage security. This tendency is reflected in the fact that a wide range of businesses increasingly think about security in broad terms and strive to translate national security concerns into corporate...... speech. This article argues that the profession of the security manager has become central for understanding how the relationship between national and corporate security is currently negotiated. The national security background of most private sector security managers makes the corporate security...... professional inside the company a powerful hybrid agent. By zooming in on the profession and the practice of national security inside companies, the article raises questions about where to draw the line between corporate security and national security along with the political consequences of the constitution...

Statement of the Director General to the forty-second regular session of the General Conference of the International Atomic Energy Agency

International Nuclear Information System (INIS)

1998-01-01

In his Statement on the forty-second regular session of the General Conference of the IAEA, the Director General of the Agency highlighted the role of the IAEA in four areas: nuclear power and the fuel cycle, nuclear and radiation safety, nuclear verification and the security of material, and transfer of technology. The final part of the Statement is devoted to the process of programme and management review initiated by the Director General to ensure that the Agency maintains and enhances its record as an effective and efficient organization

Information and Knowledge Management in the Scope of the Information Security practices: the human factor within Organizations

Directory of Open Access Journals (Sweden)

Luciana Emirena Santos Carneiro

2013-08-01

Full Text Available The security of informational assets has always been a corporate requirement. These assets can be scaled in three main spheres, namely, people, organizational processes and technologies. The internet, the web, the broadcast of networks, and the growing presence of technology both in people's lives and in organizational contexts have caused profound transformations in the intrinsic processes that constitute personal and organizational routines. On the one hand, these changes provided by the technological progress have fostered competitiveness and decentralization; on the other hand, they require better management, control, security and protection for information and knowledge. This article presents the results of an investigation within information security realm, focusing on the human aspects of knowledge and information management related to security practices. Using a quality-quantitative approach, we identify behavioral actions and profiles of employees of a company in the field of healthcare, which reveal some connections with information security failures. We conclude that the human element is a relevant variable, even a critical one, for the management of information security in organizations.

Biometrics based authentication scheme for session initiation protocol

OpenAIRE

Xie, Qi; Tang, Zhixiong

2016-01-01

Many two-factor challenge-response based session initiation protocol (SIP) has been proposed, but most of them are vulnerable to smart card stolen attacks and password guessing attacks. In this paper, we propose a novel three-factor SIP authentication scheme using biometrics, password and smart card, and utilize the pi calculus-based formal verification tool ProVerif to prove that the proposed protocol achieves security and authentication. Furthermore, our protocol is highly efficient when co...

Mathematical model as means of optimization of the automation system of the process of incidents of information security management

Directory of Open Access Journals (Sweden)

Yulia G. Krasnozhon

2018-03-01

Full Text Available Modern information technologies have an increasing importance for development dynamics and management structure of an enterprise. The management efficiency of implementation of modern information technologies directly related to the quality of information security incident management. However, issues of assessment of the impact of information security incidents management on quality and efficiency of the enterprise management system are not sufficiently highlighted neither in Russian nor in foreign literature. The main direction to approach these problems is the optimization of the process automation system of the information security incident management. Today a special attention is paid to IT-technologies while dealing with information security incidents at mission-critical facilities in Russian Federation such as the Federal Tax Service of Russia (FTS. It is proposed to use the mathematical apparatus of queueing theory in order to build a mathematical model of the system optimization. The developed model allows to estimate quality of the management taking into account the rules and restrictions imposed on the system by the effects of information security incidents. Here an example is given in order to demonstrate the system in work. The obtained statistical data are shown. An implementation of the system discussed here will improve the quality of the Russian FTS services and make responses to information security incidents faster.

Managing information security in a process industrial environment; Gestao de seguranca da informacao em processos industriais

Energy Technology Data Exchange (ETDEWEB)

Pereira, Raphael Gomes; Aguiar, Leandro Pfleger de [Siemens Company (Brazil)

2008-07-01

With the recently globalization expansion (growth), the exploration of energetic resources is crossing over countries boundaries, resulting in worldwide companies exploring Oil and Gas fields available in any place of the world. To the government's bodies, this information about those fields should be treated as a national security interest subject by bringing an adequate management and protection to all the important and critical information and assets, and making possible, at the same time, the freedom and transparency in concurrence processes. This create a complex security context to be managed, where information disruption might, for instance, imply in broke of integrity in public auctions processes as a result of privileged information usage. Furthermore, with the terrorism problem, the process itself becomes an attractive target for different kinds of attacks, motivated by the opportunism to explore the known incapacity of the big industries in well manage their large and complex environments. With all transformations that are happening in productive processes, as the growing TCP/IP protocol usage, the Windows operating systems adoption in SCADA systems and the integration of industrial with business network, are factors that contribute to an eminent landscape of problems. This landscape demonstrates the need from the organizations and countries that are operating in energetic resources exploration, for renew their risk management areas, establishing a unique and integrated process to protect information security infrastructure. This work presents a study of the challenges to be faced by the organizations while rebuilding their internal processes to integrate the risk management and information security areas, as long as a set of essential steps to establish an affective corporative governance of risk management and compliance aspects. Moreover, the work presents the necessary points of the government involvement to improve all the regulatory aspects

Statement to the forty-fourth regular session of the IAEA General Conference 2000. IAEA General Conference. Vienna, 18 September 2000

International Nuclear Information System (INIS)

ElBaradei, M.

2000-01-01

In his Statement on the forty-fourth regular session of the General Conference of the IAEA, the Director General of the Agency highlighted IAEA's achievements in connection with its major functions: as catalyst for the development and transfer of nuclear technology (nuclear power, nuclear fuel cycle and waste management, preservation of nuclear expertise, nuclear science and applications, laboratory and research activities, future challenges in nuclear technology), as a recognized authority on nuclear safety (international conventions, establishment of international standards, safety services, early shutdown of nuclear power plants, decommissioning issues, Kursk submarine accident, future challenges in nuclear safety), and as an instrument for the verification of nuclear non-proliferation (safeguards agreements and additional protocols, implementation of United Nations Security Council Resolutions relating to Iraq, safeguards agreement with the Democratic People's Republic of Korea, application of IAEA Safeguards in the Middle East, other verification activities, security of material, future challenges in verification. He also discussed the Agency's technical co-operation programme and the Agency management for maximum efficiency and effectiveness, and the new outreach policy

Adequate Security Protocols Adopt in a Conceptual Model in Identity Management for the Civil Registry of Ecuador

Science.gov (United States)

Toapanta, Moisés; Mafla, Enrique; Orizaga, Antonio

2017-08-01

We analyzed the problems of security of the information of the civil registries and identification at world level that are considered strategic. The objective is to adopt the appropriate security protocols in a conceptual model in the identity management for the Civil Registry of Ecuador. In this phase, the appropriate security protocols were determined in a Conceptual Model in Identity Management with Authentication, Authorization and Auditing (AAA). We used the deductive method and exploratory research to define the appropriate security protocols to be adopted in the identity model: IPSec, DNSsec, Radius, SSL, TLS, IEEE 802.1X EAP, Set. It was a prototype of the location of the security protocols adopted in the logical design of the technological infrastructure considering the conceptual model for Identity, Authentication, Authorization, and Audit management. It was concluded that the adopted protocols are appropriate for a distributed database and should have a direct relationship with the algorithms, which allows vulnerability and risk mitigation taking into account confidentiality, integrity and availability (CIA).

A Certificate Authority (CA-based cryptographic solution for HIPAA privacy/security regulations

Directory of Open Access Journals (Sweden)

Sangram Ray

2014-07-01

Full Text Available The Health Insurance Portability and Accountability Act (HIPAA passed by the US Congress establishes a number of privacy/security regulations for e-healthcare systems. These regulations support patients’ medical privacy and secure exchange of PHI (protected health information among medical practitioners. Three existing HIPAA-based schemes have been studied but appear to be ineffective as patients’ PHI is stored in smartcards. Moreover, carrying a smartcard during a treatment session and accessing PHI from different locations results in restrictions. In addition, authentication of the smartcard presenter would not be possible if the PIN is compromised. In this context, we propose an MCS (medical center server should be located at each hospital and accessed via the Internet for secure handling of patients’ PHI. All entities of the proposed e-health system register online with the MCS, and each entity negotiates a contributory registration key, where public-key certificates issued and maintained by CAs are used for authentication. Prior to a treatment session, a doctor negotiates a secret session key with MCS and uploads/retrieves patients’ PHI securely. The proposed scheme has five phases, which have been implemented in a secure manner for supporting HIPAA privacy/security regulations. Finally, the security aspects, computation and communication costs of the scheme are analyzed and compared with existing methods that display satisfactory performance.

Homeland Security

Science.gov (United States)

Provides an overview of EPA's homeland security roles and responsibilities, and links to specific homeland security issues: water security, research, emergency response, recovery, and waste management.

Network Security Is Manageable

Science.gov (United States)

Roberts, Gary

2006-01-01

An effective systems librarian must understand security vulnerabilities and be proactive in preventing problems. Specifics of future attacks or security challenges cannot possibly be anticipated, but this paper suggests some simple measures that can be taken to make attacks less likely to occur: program the operating system to get automatic…

Information security management principles

CERN Document Server

Taylor, Andy; Finch, Amanda; Sutton, David; Taylor, Andy

2013-01-01

In today's technology-driven environment, there is an ever-increasing demand for information delivery. A compromise has to be struck between security and availability. This book is a pragmatic guide to information assurance for both business professionals and technical experts. This second edition includes the security of cloud-based resources.

The promise of acceptance as an NGO security management approach.

Science.gov (United States)

Fast, Larissa; Freeman, Faith; O'Neill, Michael; Rowley, Elizabeth

2015-04-01

This paper explores three questions related to acceptance as a security management approach. Acceptance draws upon relationships with community members, authorities, belligerents and other stakeholders to provide consent for the presence and activities of a non-governmental organisation (NGO), thereby reducing threats from these actors. Little is documented about how NGOs gain and maintain acceptance, how they assess and monitor the presence and degree of acceptance, or how they determine whether acceptance is effective in a particular context. Based on field research conducted in April 2011 in Kenya, South Sudan and Uganda, we address each of these three issues and argue that acceptance must be actively sought as both a programme and a security management strategy. In the paper we delineate elements common to all three contexts as well as missed opportunities, which identify areas that NGOs can and should address as part of an acceptance approach. © 2015 The Author(s). Disasters © Overseas Development Institute, 2015.

Concepts for a standard based cross-organisational information security management system in the context of a nationwide EHR.

Science.gov (United States)

Mense, Alexander; Hoheiser-Pförtner, Franz; Schmid, Martin; Wahl, Harald

2013-01-01

Working with health related data necessitates appropriate levels of security and privacy. Information security, meaning ensuring confidentiality, integrity, and availability, is more organizational, than technical in nature. It includes many organizational and management measures, is based on well-defined security roles, processes, and documents, and needs permanent adaption of security policies, continuously monitoring, and measures assessment. This big challenge for any organization leads to implementation of an information security management system (ISMS). In the context of establishing a regional or national electronic health record for integrated care (ICEHR), the situation is worse. Changing the medical information exchange from on-demand peer-to-peer connections to health information networks requires all organizations participating in the EHR system to have consistent security levels and to follow the same security guidelines and rules. Also, the implementation must be monitored and audited, establishing cross-organizational information security management systems (ISMS) based on international standards. This paper evaluates requirements and defines basic concepts for an ISO 27000 series-based cross-organizational ISMS in the healthcare domain and especially for the implementation of the nationwide electronic health record in Austria (ELGA).

BUSINESS PROCESS MANAGEMENT, AN IMPORTANT AID IN OPTIMIZING ORGANIZATIONAL PROCESSES IN NATIONAL SECURITY INSTITUTIONS

Directory of Open Access Journals (Sweden)

Laurentiu Barcan

2018-04-01

Full Text Available Being required to conform to the large number of regulations, standards and requirements, information security should be considered a general problem of organization that requires involvement at the level of management and must involve all departments and activities of an organization, from professionals in the field to information to users. Creating a culture of security is essential to the organization through continuous education of staff, permanent collaboration with partners in a common approach to security issues, but also through customer awareness of information security risks.

JWIG: Yet Another Framework for Maintainable and Secure Web Applications

DEFF Research Database (Denmark)

Møller, Anders; Schwarz, Mathias Romme

2009-01-01

Although numerous frameworks for web application programming have been developed in recent years, writing web applications remains a challenging task. Guided by a collection of classical design principles, we propose yet another framework. It is based on a simple but flexible server......-oriented architecture that coherently supports general aspects of modern web applications, including dynamic XML construction, session management, data persistence, caching, and authentication, but it also simplifies programming of server-push communication and integration of XHTML-based applications and XML-based web...... services.The resulting framework provides a novel foundation for developing maintainable and secure web applications....

a review of game theory approach to cyber security risk management

African Journals Online (AJOL)

HOD

Keywords: Cyber Security, Risk Management, Game Theory, Model. 1. INTRODUCTION. Risk is ... behaviors. This implies they are triggered by self- motivated goal .... embrace diligence verification of the recipient of the email as well as lack of ...

New York State Forum for Information Resource Management: 1998-1999 Annual Report.

Science.gov (United States)

New York State Forum for Information Resource Management.

This annual report of the New York State Forum for Information Resource Management begins with a section that summarizes key activities for 1998-99, including partnerships with other organizations, sessions on the use of information in government and information security, programs on the challenges of electronic commerce for government,…

Natural Resources Management and Food Security in the Context of Sustainable Development

International Nuclear Information System (INIS)

John, H.

2011-01-01

This paper elaborates on the inseparable link between sustain ability of natural resources and food security. A strategic framework that envisages conservation, improvement and sustainable uses of natural resources is proposed which meets the essential requirements for food security. Sustainability has traditionally been accepted as encompassing three dimensions, namely environment, economics and society but it is necessary to widen this approach for a more complete understanding of this term. Environmental degradation curtails ecosystem services, leading to impoverishment of vulnerable communities and insecurity. Food, whether derived from land or sea, is a product of complex environmental linkages, and biodiversity has a pivotal role to play in producing it. Technology, production methods and management requirements are different for food derived from land and sea, but essentially all foodstuffs utilize environmental resources whose sustain ability is crucial for food security. This analysis necessitates consideration of the basic concepts of sustainable development and food security, the strength of the link between these and differences in the patterns of sustainable management of agriculture, fisheries and aquaculture. The growing role of genetically engineered organisms has been included because of the immense possibilities these offer for maximizing food production despite the environmental and ethical concerns raised. (author)

Sustaining Operational Resiliency: A Process Improvement Approach to Security Management

National Research Council Canada - National Science Library

Caralli, Richard A

2006-01-01

.... Coordinating these efforts to sustain operational resiliency requires a process-oriented approach that can be defined, measured, and actively managed. This report describes the fundamental elements and benefits of a process approach to security and operational resiliency and provides a notional view of a framework for process improvement.

The Shaping of Managers' Security Objectives through Information Security Awareness Training

Science.gov (United States)

Harris, Mark A.

2010-01-01

Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…

Auditing Organizational Security

Science.gov (United States)

2017-01-01

Organi- zation for Standardiza- tion ( ISO ): ISO 27000 : Information Systems Se- curity Management. A robust program of internal auditing of a...improvement is the basis and underpinning of the ISO . All processes must be considered ongoing and never at an “end state.” Top management develops a...security management system, including security policies and security objectives, plus threats and risks. Orga- nizations already working with ISO 9000

Computers, business, and security the new role for security

CERN Document Server

Schweitzer, James A

1987-01-01

Computers, Business, and Security: The New Role for Security addresses the professional security manager's responsibility to protect all business resources, with operating environments and high technology in mind. This book discusses the technological aspects of the total security programs.Organized into three parts encompassing 10 chapters, this book begins with an overview of how the developing information age is affecting business management, operations, and organization. This text then examines a number of vulnerabilities that arise in the process of using business computing and communicat

AUTOCHTHONOUS APPROACHING IN THE MANAGEMENT OF THE SECURITY RISK

Directory of Open Access Journals (Sweden)

Burtescu Emil

2008-05-01

Full Text Available An optimal management for a corporation, no matter what size the corporation is, it must contain the management of the security risk. On the importance that is given to the risk management can depend the well functioning of the corporation. An important role in this process has the owner of the business and the way that this one understands the risk. A good understanding of the risk by the owner will have as effect the allocation of sufficient funds to implement controls meant to bring the risk level in order to be an acceptable one. The autochthonous corporations, in a great part even because of the inexistence of reglementations in this domain, have an empiric approach of the phenomena.

Secure Software Configuration Management Processes for nuclear safety software development environment

International Nuclear Information System (INIS)

Chou, I.-Hsin

2011-01-01

Highlights: → The proposed method emphasizes platform-independent security processes. → A hybrid process based on the nuclear SCM and security regulations is proposed. → Detailed descriptions and Process Flow Diagram are useful for software developers. - Abstract: The main difference between nuclear and generic software is that the risk factor is infinitely greater in nuclear software - if there is a malfunction in the safety system, it can result in significant economic loss, physical damage or threat to human life. However, secure software development environment have often been ignored in the nuclear industry. In response to the terrorist attacks on September 11, 2001, the US Nuclear Regulatory Commission (USNRC) revised the Regulatory Guide (RG 1.152-2006) 'Criteria for use of computers in safety systems of nuclear power plants' to provide specific security guidance throughout the software development life cycle. Software Configuration Management (SCM) is an essential discipline in the software development environment. SCM involves identifying configuration items, controlling changes to those items, and maintaining integrity and traceability of them. For securing the nuclear safety software, this paper proposes a Secure SCM Processes (S 2 CMP) which infuses regulatory security requirements into proposed SCM processes. Furthermore, a Process Flow Diagram (PFD) is adopted to describe S 2 CMP, which is intended to enhance the communication between regulators and developers.

Biometrics based authentication scheme for session initiation protocol.

Science.gov (United States)

Xie, Qi; Tang, Zhixiong

2016-01-01

Many two-factor challenge-response based session initiation protocol (SIP) has been proposed, but most of them are vulnerable to smart card stolen attacks and password guessing attacks. In this paper, we propose a novel three-factor SIP authentication scheme using biometrics, password and smart card, and utilize the pi calculus-based formal verification tool ProVerif to prove that the proposed protocol achieves security and authentication. Furthermore, our protocol is highly efficient when compared to other related protocols.

Ecosystem Management: Tomorrow’s Approach to Enhancing Food Security under a Changing Climate

Directory of Open Access Journals (Sweden)

Mike Rivington

2011-06-01

Full Text Available This paper argues that a sustainable ecosystem management approach is vital to ensure the delivery of essential ‘life support’ ecosystem services and must be mainstreamed into societal conscience, political thinking and economic processes. Feeding the world at a time of climate change, environmental degradation, increasing human population and demand for finite resources requires sustainable ecosystem management and equitable governance. Ecosystem degradation undermines food production and the availability of clean water, hence threatening human health, livelihoods and ultimately societal stability. Degradation also increases the vulnerability of populations to the consequences of natural disasters and climate change impacts. With 10 million people dying from hunger each year, the linkages between ecosystems and food security are important to recognize. Though we all depend on ecosystems for our food and water, about seventy per cent of the estimated 1.1 billion people in poverty around the world live in rural areas and depend directly on the productivity of ecosystems for their livelihoods. Healthy ecosystems provide a diverse range of food sources and support entire agricultural systems, but their value to food security and sustainable livelihoods are often undervalued or ignored. There is an urgent need for increased financial investment for integrating ecosystem management with food security and poverty alleviation priorities. As the world’s leaders worked towards a new international climate change agenda in Cancun, Mexico, 29 November–10 December 2010 (UNFCCC COP16, it was clear that without a deep and decisive post-2012 agreement and major concerted effort to reduce the food crisis, the Millennium Development Goals will not be attained. Political commitment at the highest level will be needed to raise the profile of ecosystems on the global food agenda. It is recommended that full recognition and promotion be given of the linkages

Quality of Security Service: Adaptive Security

National Research Council Canada - National Science Library

Levin, Timothy E; Irvine, Cynthia E; Spyropoulou, Evdoxia

2004-01-01

The premise of Quality of Security Service is that system and network management functions can be more effective if variable levels of security services and requirements can be presented to users or network tasks...

Cyber Security for the Spaceport Command and Control System: Vulnerability Management and Compliance Analysis

Science.gov (United States)

Gunawan, Ryan A.

2016-01-01

With the rapid development of the Internet, the number of malicious threats to organizations is continually increasing. In June of 2015, the United States Office of Personnel Management (OPM) had a data breach resulting in the compromise of millions of government employee records. The National Aeronautics and Space Administration (NASA) is not exempt from these attacks. Cyber security is becoming a critical facet to the discussion of moving forward with projects. The Spaceport Command and Control System (SCCS) project at the Kennedy Space Center (KSC) aims to develop the launch control system for the next generation launch vehicle in the coming decades. There are many ways to increase the security of the network it uses, from vulnerability management to ensuring operating system images are compliant with securely configured baselines recommended by the United States Government.

Applicants' preference for impression management tactic in employment interviews by Transportation Security Administration.

Science.gov (United States)

Scudder, Joseph N; Lamude, Kevin G

2009-04-01

Following past findings on employment interviews, this study hypothesized applicants would have a preference for using self-promoting tactics of impression management over other focuses. Self-reports of impression management tactics were collected from 124 applicants who had interviews for screener positions with the Transportation Security Administration. Contrary to the hypothesis, analysis indicated participants reported they used more ingratiation tactics attempting to praise the interviewer than self-promotion tactics which focused on their own accomplishments. Special qualifications for security jobs which required well-developed perceptual abilities and the controlling structure of the interview context were perhaps responsible for present results differing from prior findings.

Building effective cybersecurity programs a security manager's handbook

CERN Document Server

Schreider, Tari

2017-01-01

You know by now that your company could not survive without the Internet. Not in today's market. You are either part of the digital economy or reliant upon it. With critical information assets at risk, your company requires a state-of-the-art cybersecurity program. But how do you achieve the best possible program? Tari Schreider, in Building Effective Cybersecurity Programs: A Security Manager's Handbook, lays out the step-by-step roadmap to follow as you build or enhance your cybersecurity program.

Security Management in a Multimedia System

Science.gov (United States)

Rednic, Emanuil; Toma, Andrei

2009-01-01

In database security, the issue of providing a level of security for multimedia information is getting more and more known. For the moment the security of multimedia information is done through the security of the database itself, in the same way, for all classic and multimedia records. So what is the reason for the creation of a security…

Adaptive engineering management tools of enterprise economic security

Directory of Open Access Journals (Sweden)

G.E. Krokhicheva

2018-06-01

Full Text Available This paper discusses the organizational and methodological foundations and methods exploited to forecast, analyze and scale down threats and risks in the sphere of economic security, to solve the adaptation problems, to implement and to evaluate of the potency of protective measures. The object of the conducted research is associated with various economic activities of the commercial enterprises affiliated in Rostov region. A suggested model of the formation and functioning of adaptive engineering tools for managing economic security in the form of derivative balance of the enterprise resources and the sources of their formation will allow the proprietors, executive board and mana-gerial staff to obtain necessary information within the requested context regarding the enterprise vital economic interests. In addition, the paper pays attention to the methodological aspects of accounting description and estimation of the iterative achievements to meet the desired adaptation results, implemented within the framework of the described iterative algorithm aimed at ensuring strategic prediction.

Development of information security and vulnerability risk management system for J-PARC

International Nuclear Information System (INIS)

Ishikawa, Hiroyuki; Tate, Akihiro; Murakami, Tadashi

2012-02-01

In J-PARC (Japan Proton Accelerator Research Complex) we have set up intra-network (internal network, we will abbreviate it as JLAN, below) to support research activity and communication among users. In JLAN, we set up various kinds of security devices to keep JLAN secure. However, the servers which provide information or service to public are still in danger of being accessed illegally. If there is an illegal access, that may cause defacement of data or information leak. Furthermore, the victim servers are manipulated by the malicious attackers, and they themselves attack the external information equipments. Vulnerability of servers enables unauthorized access. So, vulnerability test with use of a vulnerability tool is one of the most effective ways to take measures for vulnerability of the equipments. However, it is not enough to just conduct a vulnerability test. It is also essential for information security to take measures to cover constantly for the vulnerability of servers. We focused on the points above, and developed the vulnerability testing system for security. It is not only a testing tool for the vulnerability of servers, but also management system which enables the server administrators in charge of taking measures for vulnerabilities to manage risks and handles PDCA (Plan-Do-Check-Action) cycles as countermeasure for vulnerability. In this paper, we report the technologies and ingenuities for the development of the above system. (author)

Center for computer security: Computer Security Group conference. Summary

Energy Technology Data Exchange (ETDEWEB)

None

1982-06-01

Topics covered include: computer security management; detection and prevention of computer misuse; certification and accreditation; protection of computer security, perspective from a program office; risk analysis; secure accreditation systems; data base security; implementing R and D; key notarization system; DOD computer security center; the Sandia experience; inspector general's report; and backup and contingency planning. (GHT)

Security dialogues: building better relationships between security and business

OpenAIRE

Ashenden, Debi; Lawrence, Darren

2016-01-01

In the real world, there's often a discrepancy between an organization's mandated security processes and what actually happens. The social practice of security flourishes in the space between and around formal organizational security processes. By recognizing the value of risk management as a communication tool, security practitioners can tap opportunities to improve the security dialogue with staff.

Management of organizations in Serbia from the aspect of the maturity analysis of information security

Directory of Open Access Journals (Sweden)

Trivan Dragan

2016-01-01

Full Text Available The aim of this work is focused on research of information security in organizations, with a focus on cybersecurity. In accordance with the theoretical analysis, the subject of the empirical part of the work is the analysis of information security in Serbia, in order to better understand the information security programs and management structures in organizations in Serbia. The survey covers a variety of industries and discusses how organizations assess, develop, create and support their programs to ensure information security. The survey included 53 companies. The results that were obtained enabled us to select five core elements of the program on the state of information security and cybersecurity in Serbian companies: most companies had not been exposed to cybersecurity incidents; in most companies policy, procedures and spheres of responsibility for information security exist, there are not enough controls to ensure compliance with relevant safety standards by third parties, top management and end-users are insufficiently familiar with cybersecurity risks, although they apply basic measures of protection, safety protection systems are very rare. The scientific goal of this work is to, on the basis of the results obtained, make conclusions that can contribute to the study of corporate information security with special emphasis on cybersecurity. The practical aim of the research is the application of the results for more efficient implementation process of security against cyber attacks in the Serbian organizations.

Use of a "secure room" and a security guard in the management of the violent, aggressive or suicidal patient in a rural hospital: a 3-year audit.

Science.gov (United States)

Brock, Gordon; Gurekas, Vydas; Gelinas, Anne-Fredrique; Rollin, Karina

2009-01-01

Little has been published on the management of psychiatric crises in rural areas, and little is known of the security needs or use of "secure rooms" in rural hospitals. We conducted a 3-year retrospective chart audit on the use of our secure room/security guard system at a rural hospital in a town of 3500, located 220 km from our psychiatric referral centre. Use of our secure room/security guard system occurred at the rate of 1.1 uses/1000 emergency department visits, with the most common indication being physician perception of risk of patient suicide or self-harm. Concern for staff safety was a factor in 10% of uses. Eighty percent of patients were treated locally, with most being released from the secure room after 2 days or less. Fourteen percent of patients required ultimate transfer to our psychiatric referral centre and 6% to a detoxification centre. The average annual cost of security was $16 259.61. A secure room can provide the opportunity for close observation of a potentially self-harming patient, additional security for staff and early warning if a patient flees the hospital. Most admissions were handled locally, obviating the need for transfer to distant psychiatric referral centres. Most patients who were admitted were already known as having a psychiatric illness and 80% of the patients required the use of the secure room/security guard system for less than a 2-night stay, suggesting that most rural mental health crises pass quickly. Most patients admitted to a rural hospital with a mental health crisis can be managed locally if an adequate secure room/security guard system is available.

The Effects of Secure Attachments on Preschool Children's Conflict Management Skills.

Science.gov (United States)

Kesner, John

This study examined the relationship between the security of children's attachment relationships to parents and teachers and how children negotiate and manage conflicts. Sixty-six preschool-aged children participated in story completion tasks regarding their attachment relationship with parents and teachers, and in hypothetical situations…

The Identity Crisis. Security, Privacy and Usability Issues in Identity Management

NARCIS (Netherlands)

Alpár, G.; Hoepman, J.H.; Siljee, B.I.J.

2011-01-01

This paper studies the current "identity crisis" caused by the substantial security, privacy and usability shortcomings encountered in existing systems for identity management. Some of these issues are well known, while others are much less understood. This paper brings them together in a single,

Connected Vehicle Pilot Deployment Program phase 1 : security management operating concept : New York City : final report.

Science.gov (United States)

2016-05-18

This document describes the Security Management Operating Concept (SMOC) for the New York City Department of Transportation (NYCDOT) Connected Vehicle Pilot Deployment (CVPD) Project. This SMOC outlines the security mechanisms that will be used to pr...

Information security risk management and incompatible parts of organization

OpenAIRE

Talabeigi, Elham; Naeeini, Seyyed Gholamreza Jalali

2016-01-01

Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in...

Standardi za upravljanje sigurnošću podataka / Standards for management data security

Directory of Open Access Journals (Sweden)

Dejan Vuletić

2006-10-01

Full Text Available U radu su analizirani osnovni pojmovi vezani za upravljanje sigurnošću podataka. Ukazano je na potrebu i značaj standardizacije u oblasti informaciono-komunikacionih tehnologija, naročito prema standardima Međunarodne organizacije za standardizaciju (International Standardization Organization - ISO. U završnom delu rada prikazane su proaktivne i reaktivne aktivnosti u upravljanju sigurnošću podataka. / In this article basic notions of management data security are analyzed. We indicated demand and importance of standardization in information-communication technology domain, especially according to International Standardization Organization. In the final part of the article we illustrated both proactive and reactive activities in management data security.

Building organisational cyber resilience: A strategic knowledge-based view of cyber security management.

Science.gov (United States)

Ferdinand, Jason

The concept of cyber resilience has emerged in recent years in response to the recognition that cyber security is more than just risk management. Cyber resilience is the goal of organisations, institutions and governments across the world and yet the emerging literature is somewhat fragmented due to the lack of a common approach to the subject. This limits the possibility of effective collaboration across public, private and governmental actors in their efforts to build and maintain cyber resilience. In response to this limitation, and to calls for a more strategically focused approach, this paper offers a knowledge-based view of cyber security management that explains how an organisation can build, assess, and maintain cyber resilience.

System of economics' security management in economic activity of meat processing enterprises formation

OpenAIRE

Iryna Sosnovska

2015-01-01

This article is devoted to creation of economics' security management system production and economic activity of meat current processing enterprises. The article reflects research results of various scientists scientific works regarding interpretation of economic security system and shows the lack of this concept single interpretation. There are summarized observation of current activities of meat processing plants specifics as a conclusion there are a large number of different programs and c...

Information Security Policy Modeling for Network Security Systems

Directory of Open Access Journals (Sweden)

Dmitry Sergeevich Chernyavskiy

2014-12-01

Full Text Available Policy management for network security systems (NSSs is one of the most topical issues of network security management. Incorrect configurations of NSSs lead to system outages and appearance of vulnerabilities. Moreover, policy management process is a time-consuming task, which includes significant amount of manual work. These factors reduce efficiency of NSSs’ utilization. The paper discusses peculiarities of policy management process and existing approaches to policy modeling, presents a model aimed to formalize policies for NSSs independently on NSSs’ platforms and select the most effective NSSs for implementation of the policies.

Safe and Secure Services Based on NGN

Science.gov (United States)

Fukazawa, Tomoo; Nisase, Takemi; Kawashima, Masahisa; Hariu, Takeo; Oshima, Yoshihito

Next Generation Network (NGN), which has been undergoing standardization as it has developed, is expected to create new services that converge the fixed and mobile networks. This paper introduces the basic requirements for NGN in terms of security and explains the standardization activities, in particular, the requirements for the security function described in Y.2701 discussed in ITU-T SG-13. In addition to the basic NGN security function, requirements for NGN authentication are also described from three aspects: security, deployability, and service. As examples of authentication implementation, three profiles-namely, fixed, nomadic, and mobile-are defined in this paper. That is, the “fixed profile” is typically for fixed-line subscribers, the “nomadic profile” basically utilizes WiFi access points, and the “mobile profile” provides ideal NGN mobility for mobile subscribers. All three of these profiles satisfy the requirements from security aspects. The three profiles are compared from the viewpoint of requirements for deployability and service. After showing that none of the three profiles can fulfill all of the requirements, we propose that multiple profiles should be used by NGN providers. As service and application examples, two promising NGN applications are proposed. The first is a strong authentication mechanism that makes Web applications more safe and secure even against password theft. It is based on NGN ID federation function. The second provides an easy peer-to-peer broadband virtual private network service aimed at safe and secure communication for personal/SOHO (small office, home office) users, based on NGN SIP (session initiation protocol) session control.

Evaluation of the central libraries information security management at governmental universities located in Tehran, according to the international standard ISO/IEC 27002

Directory of Open Access Journals (Sweden)

Milad Malekolkalami

2014-02-01

Full Text Available This study assessed the evaluation of information security management status in central Libraries of governmental universities located in Tehran, according to ISO / I.E.C. 27002. Research method applied for the study is descriptive Survey and a questionnaire was used for collecting information. The questionnaire was distributed between the 74 central library managers of governmental universities in Tehran according to the recent list on the website of Ministry of Science, Research and Technology, that includes 39 components based on 11 indicators of the standard ISO/ I.E.C. 27002. Analysis of data has been done by using both descriptive and inferential statistics by Microsoft Excel 2007and SPSS statistical softwares. The results of research showed that the mean for libraries in 11 indexes are as follows: The mean for the first index, Security policy, is 3.91 , in the second index, organization of information security, is 4.23, in the third index, asset security management, is 4.38, in the fourth index, Human Resources Security management, is 4, in the fifth index, physical and environment Security management, is 4.07, in the sixth index, operations management and communications, is 4.15, in the Seventh index, access controls management, is 4.38, in the eighth index, information system acquisition, development and maintenance, is 3.92, in the ninth index, information security incident management, is 3.84, in the tenth index, business continuity management, is 3.46, in the eleventh index, compliance, is 3.69 that match with the standard ISO / IEC. 27002. The results of Research shown that totally mean for standard ISO/I.E.C. 27002 in the field of information security management in the central libraries, is 4 being in a good condition and there is no significant differences between the performance of the Central libraries of the governmental Universities in Tehran, since It is not observed significant difference between them in the field of

Security and emergency management technical assistance for the top 50 transit agencies

Science.gov (United States)

2007-04-01

Between May 2002 and July 2006, the Federal Transit Administration (FTA) provided technical assistance to the top 50 transit agencies through the Security and Emergency Management Technical Assistance Program (SEMTAP). The scope and purpose of the pr...

Secure Trust Based Key Management Routing Framework for Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Jugminder Kaur

2016-01-01

Full Text Available Security is always a major concern in wireless sensor networks (WSNs. Several trust based routing protocols are designed that play an important role in enhancing the performance of a wireless network. However they still have some disadvantages like limited energy resources, susceptibility to physical capture, and little protection against various attacks due to insecure wireless communication channels. This paper presents a secure trust based key management (STKF routing framework that establishes a secure trustworthy route depending upon the present and past node to node interactions. This route is then updated by isolating the malicious or compromised nodes from the route, if any, and a dedicated link is created between every pair of nodes in the selected route with the help of “q” composite random key predistribution scheme (RKPS to ensure data delivery from source to destination. The performance of trust aware secure routing framework (TSRF is compared with the proposed routing scheme. The results indicate that STKF provides an effective mechanism for finding out a secure route with better trustworthiness than TSRF which avoids the data dropping, thereby increasing the data delivery ratio. Also the distance required to reach the destination in the proposed protocol is less hence effectively utilizing the resources.

Efficient User Authentication and Key Management for Peer-to-Peer Live Streaming Systems

Institute of Scientific and Technical Information of China (English)

LIU Xuening; YIN Hao; LIN Chuang; DU Changlai

2009-01-01

Recent development of the peer-to-peer (P2P) live streaming technique has brought unprece-dented new momentum to the Internet with the characters of effective, scalable, and low cost. However, be-fore these applications can be successfully deployed as commercial applications, efficient access control mechanisms are needed. This work based on earlier research of the secure streaming architecture in Trust-Stream, analyzes how to ensure that only authorized users can access the original media in the P2P live streaming system by adopting a user authentication and key management scheme. The major features of this system include (1) the management server issues each authorized user a unique public key certificate,(2) the one-way hash chain extends the certificate's lifetime, (3) the original media is encrypted by the ses-sion key and delivered to the communication group, and (4) the session key is periodically updated and dis-tributed with the media. Finally, analyses and test results show that scheme provides a secure, scalable, re-liable, and efficient access control solution for P2P live streaming systems.

Evaluating the Level of Internal Control System in the Management of Financial Security of Bank

Directory of Open Access Journals (Sweden)

Pidvysotska Lyudmyla J.

2017-06-01

Full Text Available The article is aimed at studying the organization and technology of evaluation process of the internal control system of bank in order to ensure financial security management of its activities. The work of the internal audit service on monitoring and evaluating the performance of the bank’s internal control system was analyzed. It has been found that improving the level of financial security of commercial banks is conditional upon improvements in the quality of audits and the provision of sound and objective conclusions. The interrelation of the tasks of internal audit service and the tasks of bank’s financial security management has been determined. Methodological recommendations on evaluation of the bank’s internal control system on the basis of results of audit have been proposed.

17 CFR 249.325 - Form 13F, report of institutional investment manager pursuant to section 13(f) of the Securities...

Science.gov (United States)

2010-04-01

... institutional investment manager pursuant to section 13(f) of the Securities Exchange Act of 1934. 249.325... manager pursuant to section 13(f) of the Securities Exchange Act of 1934. This form shall be used by institutional investment managers which are required to furnish reports pursuant to section 13(f) of the...

Information Security Governance: When Compliance Becomes More Important than Security

OpenAIRE

Tan , Terence C. C.; Ruighaver , Anthonie B.; Ahmad , Atif

2010-01-01

International audience; Current security governance is often based on a centralized decision making model and still uses an ineffective 20th century risk management approach to security. This approach is relatively simple to manage since it needs almost no security governance below the top enterprise level where most decisions are made. However, while there is a role for more corporate governance, new regulations, and improved codes of best practice to address current weak organizational secu...

ITIL® and information security

International Nuclear Information System (INIS)

Jašek, Roman; Králík, Lukáš; Popelka, Miroslav

2015-01-01

This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework

Factors Influencing the Adoption of Biometric Security Technologies by Decision Making Information Technology and Security Managers

OpenAIRE

Lease, David R.

2005-01-01

The research conducted under this study offers an understanding of the reasons why information technology (IT) and/or information assurance (IA) managers choose to recommend or not to recommend particular technologies, specifically biometric security, to their organizations. A review of the relevant literature provided the foundation to develop a set of research questions and factors for this research effort. The research questions became the basis of the study’s stated hypotheses for examini...

Evaluating of foreign trade security

OpenAIRE

Vasyliev Andriy

2015-01-01

A method of evaluating foreign trade security is considered based on horizontally integrated approach to research security issues, taking into account the conditions of management, factors, components and levels of external security. The work was based theories of security, economics, management theory, practice of state regulation of foreign trade.

75 FR 11191 - Privacy Act of 1974; Retirement of Department of Homeland Security Federal Emergency Management...

Science.gov (United States)

2010-03-10

... 20472. For privacy issues please contact: Mary Ellen Callahan (703-235- 0780), Chief Privacy Officer... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Privacy Act of 1974; Retirement of Department of Homeland Security Federal Emergency Management Agency System of Records AGENCY: Privacy Office...

International conference on nuclear security: Global directions for the future. Contributed papers

International Nuclear Information System (INIS)

2005-01-01

This volume includes contributed papers presented during sessions named as follows: Efforts to strengthen the global security framework, Efforts to strengthen nuclear security in Member states, role of the IAEA underpinning the global efforts, and looking forward: sustaining progress

International conference on nuclear security: Global directions for the future. Contributed papers

Energy Technology Data Exchange (ETDEWEB)

NONE

2005-07-01

This volume includes contributed papers presented during sessions named as follows: Efforts to strengthen the global security framework, Efforts to strengthen nuclear security in Member states, role of the IAEA underpinning the global efforts, and looking forward: sustaining progress.

LESSONS LEARNED FROM CYBER SECURITY ASSESSMENTS OF SCADA AND ENERGY MANAGEMENT SYSTEMS

Energy Technology Data Exchange (ETDEWEB)

Ray Fink

2006-10-01

The results from ten cyber security vulnerability assessments of process control, SCADA and energy management systems, or components of those systems were reviewed to identify common problem areas. The common vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. In each vulnerability category, relative measures were assigned to the severity of the vulnerability and ease with which an attacker could exploit the vulnerability. Suggested mitigations are identified in each category. Recommended mitigations having the highest impact on reducing vulnerability are listed for asset owners and system vendors.

Session-RPE for quantifying the load of different youth basketball training sessions.

Science.gov (United States)

Lupo, C; Tessitore, A; Gasperi, L; Gomez, Mar

2017-03-01

The aim of the study was to evaluate youth basketball training, verifying the reliability of the session-RPE method in relation to session duration (session) categories. Six male youth basketball players (age, 16.5±0.5 years; height, 195.5±6.75 cm; body mass, 93.9±10.9 kg; and body mass index, 23.6±2.8 kg.m -2 ) were monitored (HR, type and duration of workouts) during 15 (66 individual) training sessions (80±26 minutes). Edwards' HR method was used as a reference measure of internal training load (ITL); the CR-10 RPE scale was administered 30 minutes after the end of each session. The results obtained showed that all comparisons between different session durations and workout portions revealed effects in term of Edwards' ITLs except for warm-up portions. Moderate to strong relationships between Edwards' and session- RPE methods emerged for all sessions (r = .85, P sessions (r range = .79 - .95, P session durations (session-RPE to monitor the ITL, regardless of session durations and workout portions.

Information Security in the 1990s: Keeping the Locks on.

Science.gov (United States)

Kovac, Ron J.

1999-01-01

As the Internet proliferates, it drastically increases an institution's level of data insecurity. Hacker attacks can result in denial of service, data corruption or erasure, and passive theft (via spoofing, splicing, or session stealing). To ensure data security, a firewall (screening software program) and a security policy should be implemented.…

Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems.

Science.gov (United States)

Amin, Ruhul; Islam, S K Hafizul; Biswas, G P; Khan, Muhammad Khurram; Li, Xiong

2015-11-01

The E-health care systems employ IT infrastructure for maximizing health care resources utilization as well as providing flexible opportunities to the remote patient. Therefore, transmission of medical data over any public networks is necessary in health care system. Note that patient authentication including secure data transmission in e-health care system is critical issue. Although several user authentication schemes for accessing remote services are available, their security analysis show that none of them are free from relevant security attacks. We reviewed Das et al.'s scheme and demonstrated their scheme lacks proper protection against several security attacks such as user anonymity, off-line password guessing attack, smart card theft attack, user impersonation attack, server impersonation attack, session key discloser attack. In order to overcome the mentioned security pitfalls, this paper proposes an anonymity preserving remote patient authentication scheme usable in E-health care systems. We then validated the security of the proposed scheme using BAN logic that ensures secure mutual authentication and session key agreement. We also presented the experimental results of the proposed scheme using AVISPA software and the results ensure that our scheme is secure under OFMC and CL-AtSe models. Moreover, resilience of relevant security attacks has been proved through both formal and informal security analysis. The performance analysis and comparison with other schemes are also made, and it has been found that the proposed scheme overcomes the security drawbacks of the Das et al.'s scheme and additionally achieves extra security requirements.

A Model for an Information Security Risk Management (ISRM) Framework for Saudi Arabian Organisations

Science.gov (United States)

Alshareef, Naser

2016-01-01

Countries in the Gulf represent thriving, globally important commercial centres. They have embraced technology and modern management methods, often originating in the western countries. In adapting to quite different cultures these do not always operate as successfully. The adoption and practices of the Information Security Risk Management (ISRM)…

Implementing an Information Security Program

Energy Technology Data Exchange (ETDEWEB)

Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.; O' Neil, Lori Ross; Leitch, Rosalyn; Johnson, Christopher; Lewis, John G.; Rodger, Robert M.

2017-11-01

The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to cover information security best practices, planning for an information security management system, and implementing security controls for information security.

A Risk Management Process for Consumers: The Next Step in Information Security

NARCIS (Netherlands)

van Cleeff, A.

2010-01-01

Simply by using information technology, consumers expose themselves to considerable security risks. Because no technical or legal solutions are readily available, and awareness programs have limited impact, the only remedy is to develop a risk management process for consumers. Consumers need to

Managing the security of nursing data in the electronic health record.

Science.gov (United States)

Samadbeik, Mahnaz; Gorzin, Zahra; Khoshkam, Masomeh; Roudbari, Masoud

2015-02-01

The Electronic Health Record (EHR) is a patient care information resource for clinicians and nursing documentation is an essential part of comprehensive patient care. Ensuring privacy and the security of health information is a key component to building the trust required to realize the potential benefits of electronic health information exchange. This study was aimed to manage nursing data security in the EHR and also discover the viewpoints of hospital information system vendors (computer companies) and hospital information technology specialists about nursing data security. This research is a cross sectional analytic-descriptive study. The study populations were IT experts at the academic hospitals and computer companies of Tehran city in Iran. Data was collected by a self-developed questionnaire whose validity and reliability were confirmed using the experts' opinions and Cronbach's alpha coefficient respectively. Data was analyzed through Spss Version 18 and by descriptive and analytic statistics. The findings of the study revealed that user name and password were the most important methods to authenticate the nurses, with mean percent of 95% and 80%, respectively, and also the most significant level of information security protection were assigned to administrative and logical controls. There was no significant difference between opinions of both groups studied about the levels of information security protection and security requirements (p>0.05). Moreover the access to servers by authorized people, periodic security update, and the application of authentication and authorization were defined as the most basic security requirements from the viewpoint of more than 88 percent of recently-mentioned participants. Computer companies as system designers and hospitals information technology specialists as systems users and stakeholders present many important views about security requirements for EHR systems and nursing electronic documentation systems. Prioritizing

Secure data management : 8th VLDB workshop, SDM 2011 Seattle, WA, USA, September 2, 2011 : proceedings

NARCIS (Netherlands)

Jonker, W.; Petkovic, M.

2011-01-01

Preface. This year was the eighth edition of the VLDB Secure Data Management Workshop. The topic of data security remains an important area of research especially due to the steady growing proliferation of emerging data services such as cloud computing, location-based services, and health-related

Post-Session Authentication

DEFF Research Database (Denmark)

Ahmed, Naveed; Jensen, Christian D.

2012-01-01

Entity authentication provides confidence in the claimed identity of a peer entity, but the manner in which this goal is achieved results in different types of authentication. An important factor in this regard is the order between authentication and the execution of the associated session....... In this paper, we consider the case of post-session authentication, where parties authenticate each other at the end of their interactive session. This use of authentication is different from session-less authentication (e.g., in RFID) and pre-session authentication (e.g., for access control.) Post......-session authentication, although a new term, is not a new concept; it is the basis of at least a few practical schemes. We, for the first time, systematically study it and present the underlying authentication model. Further, we show that an important class of problems is solvable using post-session authentication...

Risk management and security services interaction--a must in today's health care environment.

Science.gov (United States)

Stultz, M S

1990-01-01

The author shows why risk managers and security directors are natural partners in the effort of a hospital to reduce risks from such occurrences as baby kidnappings, serial killers, thefts, and rapes/sexual assaults.

Security robots for nuclear materials management

International Nuclear Information System (INIS)

Deming, R.

1986-01-01

Robots have successfully invaded industry where they have replaced costly personnel performing their tasks cheaper and better in most cases. There may be a place for a unique class of robots, security robots, in nuclear materials management. Robots could be employed in the functions of general response, patrol and neutralizing dangerous situations. The last is perhaps most important. Ion Track Instruments of Burlington, Massachusetts has designed an excellent unit to protect life in hazardous situations. The unit can detect, disrupt or remove explosives. It can enter dangerous areas to reconnoiter the extent of danger. It can communicate with those in a dangerous area. It can fight fires or clean an area using a 2 1/2 inch, two man hose. If necessary, it can engage an adversary in a fire fight using a twelve gauge shot gun

Obtaining Knowledge for Innovation: Benefits and Harms of Procedures for Managing Information Security

Directory of Open Access Journals (Sweden)

José Geraldo Pereira Barbosa

2012-06-01

Full Text Available The research reported in this article aims to describe how the processes of information security used in a manufacturing and packaging paper company influenced the attainment of knowledge on two innovations. The study was conducted through field research, using interviews, narratives, direct observation and thematic analysis for data collection and data processing. The research started from the assumption that even considering the importance of managing information security and its benefits to an organization, the processes of logical security, and physical access controls, would undermine the process of obtaining and transference of knowledge required by innovations. It was observed the presence of five instruments of physical and logical security: "confidentiality", "general control of protection", "antivirus", "backups" and "facility security procedures" which did not interfere negatively in obtaining knowledge. The single barrier identified for the transfer of knowledge was the lack of absorptive capacity of knowledge workers. Therefore, the case describes a situation where a clearly and consistent information security policy allowed the obtaining and transferring of knowledge necessary for innovation. In other words, the assumption of the research was rejected by the findings.

International Conference SES 2009: Secure Energy Supply

International Nuclear Information System (INIS)

2009-01-01

The Conference included the following sessions: Opening addresses; (I) Energy policy; (II) Environment, Renewable sources and NPPs; (III) Secure energy supply - New nuclear units. Verbal 21 presentations have been inputted into INIS, all in the form of the full authors' presentations.

Management of Control System Information SecurityI: Control System Patch Management

Energy Technology Data Exchange (ETDEWEB)

Quanyan Zhu; Miles McQueen; Craig Rieger; Tamer Basar

2011-09-01

The use of information technologies in control systems poses additional potential threats due to the frequent disclosure of software vulnerabilities. The management of information security involves a series of policy-making on the vulnerability discovery, disclosure, patch development and patching. In this paper, we use a system approach to devise a model to understand the interdependencies of these decision processes. In more details, we establish a theoretical framework for making patching decision for control systems, taking into account the requirement of functionability of control systems. We illustrate our results with numerical simulations and show that the optimal operation period of control systems given the currently estimated attack rate is roughly around a half a month.

Topical Session on the Decommissioning and Dismantling Safety Case

International Nuclear Information System (INIS)

2002-01-01

Set up by the Radioactive Waste Management Committee (RWMC), the WPDD brings together senior representatives of national organisations who have a broad overview of Decommissioning and Dismantling (D and D) issues through their work as regulators, implementers, R and D experts or policy makers. These include representatives from regulatory authorities, industrial decommissioners from the NEA Cooperative Programme on Exchange of Scientific and Technical Information on Nuclear Installation Decommissioning Projects (CPD), and cross-representation from the NEA Committee on Nuclear Regulatory Activities, the Committee on Radiation Protection and Public Health, and the RWMC. The EC is a member of the WPDD and the IAEA also participates. This ensures co-ordination amongst activities in these international programmes. Participation from civil society organisations is considered on a case by case basis, and has already taken place through the active involvement of the Group of Municipalities with Nuclear Installations at the first meeting of the WPDD At its second meeting, in Paris, 5-7 December 2001, the WPDD held two topical sessions on the D and D Safety Case and on the Management of Materials from D and D, respectively. This report documents the topical session on the safety case. The topical session was meant to provide an exchange of information and experience on the following issues: What topics should be included in a safety case? Of what should it consist? Is there sufficient and complete guidance nationally and internationally? How do practices differ internationally? Main boundary condition to this session was that it would deal with plants where spent fuel has been removed. Also the topical sessions was kept at a level that makes the most of the varied constituency of the WPDD. Namely, interface issues are important, and issue-identification and discussion was the immediate goal. There was less interest in examining areas where variability amongst national

Panel on protection and management of plutonium: Subpanel on safeguards and security

International Nuclear Information System (INIS)

Tape, J.W.

1995-01-01

Nuclear materials safeguards and security systems are described in the context of the nuclear nonproliferation regime. Materials of interest to safeguards, threats, proposals to strengthen International Atomic Energy Agency safeguards, evolving safeguards issues and requirements, system effectiveness, and elements of a global nuclear materials management regime are discussed. Safeguards are seen as an essential element of nuclear materials management, but not a driver for decisions regarding nuclear power or the disposal of excess weapon nuclear materials

Indirect effect of management support on users' compliance behaviour towards information security policies.

Science.gov (United States)

Humaidi, Norshima; Balakrishnan, Vimala

2018-01-01

Health information systems are innovative products designed to improve the delivery of effective healthcare, but they are also vulnerable to breaches of information security, including unauthorised access, use, disclosure, disruption, modification or destruction, and duplication of passwords. Greater openness and multi-connectedness between heterogeneous stakeholders within health networks increase the security risk. The focus of this research was on the indirect effects of management support (MS) on user compliance behaviour (UCB) towards information security policies (ISPs) among health professionals in selected Malaysian public hospitals. The aim was to identify significant factors and provide a clearer understanding of the nature of compliance behaviour in the health sector environment. Using a survey design and stratified random sampling method, self-administered questionnaires were distributed to 454 healthcare professionals in three hospitals. Drawing on theories of planned behaviour, perceived behavioural control (self-efficacy (SE) and MS components) and the trust factor, an information system security policies compliance model was developed to test three related constructs (MS, SE and perceived trust (PT)) and their relationship to UCB towards ISPs. Results showed a 52.8% variation in UCB through significant factors. Partial least squares structural equation modelling demonstrated that all factors were significant and that MS had an indirect effect on UCB through both PT and SE among respondents to this study. The research model based on the theory of planned behaviour in combination with other human and organisational factors has made a useful contribution towards explaining compliance behaviour in relation to organisational ISPs, with trust being the most significant factor. In adopting a multidimensional approach to management-user interactions via multidisciplinary concepts and theories to evaluate the association between the integrated management

Information technology as a tool for the Italian Institute of Social Security (INPS) in the management of social security and civil disability: Pro and cons.

Science.gov (United States)

Sammicheli, Michele; Scaglione, Marcella

2018-01-01

We examine, from a medical-legal perspective, the pro and cons of the information technology procedures that the Italian Institute of Social Security (INPS) has implemented to manage the provision of social disability assistance, meaning that separate from the payment of pension contributions, being welfare, anchored to an administrative requirement by way of the compulsory payment of a minimum social security contribution.

Homeland Security and Emergency Management Education: An Investigation into Workforce Needs

Science.gov (United States)

Carlson, Cameron D.

2017-01-01

The U.S. Department of Homeland Security (DHS) was created in the wake of the September 11th 2001 terrorist events. DHS's formation, the largest reorganization of a governmental agency in over 50 years, brought a new emphasis on the protection of the nation, its citizens and its infrastructure to government emergency management policy. Previously,…

Using Blockchain and smart contracts for secure data provenance management

OpenAIRE

Ramachandran, Aravind; Kantarcioglu, Dr. Murat

2017-01-01

Blockchain technology has evolved from being an immutable ledger of transactions for cryptocurrencies to a programmable interactive the environment for building distributed reliable applications. Although, blockchain technology has been used to address various challenges, to our knowledge none of the previous work focused on using blockchain to develop a secure and immutable scientific data provenance management framework that automatically verifies the provenance records. In this work, we le...

Information security becoming a priority for utilities

Energy Technology Data Exchange (ETDEWEB)

Nicolaides, S. [Numerex, Atlanta, GA (United States)

2009-10-15

As part of North America's national critical infrastructure, utilities are finding themselves at the forefront of a security issue. In October 2007, a leading security service provider reported a 90 per cent increase in the number of hackers attempting to attack its utility clients in just one year. Utilities are vulnerable to cyber attacks that could disrupt power production and the transmission system. This article discussed the need for intelligent technologies in securely enabling resource management and operational efficiency of the utilities market. It discussed the unique security challenges that utilities face at a time of greater regulatory activity, heightened environmental concerns, tighter data security requirements and an increasing need for remote monitoring and control. A new tool has emerged for cyber security in the form of an international standard that may offer a strong guideline to work toward 11 security domains. These include security policy; organization of information security; asset management; human resources security; physical and environmental security; communications and operations management; access control; information systems acquisition; development and maintenance; information security incident management; business continuity management; and compliance. 2 figs.

98th LHCC meeting Agenda OPEN Session and CLOSED Session

CERN Document Server

CERN. Geneva

2009-01-01

OPEN Session on Wednesday, 8 July at 9h00-11h00 in Main Auditorium, Live webcast, followed by CLOSED Session, Conference room 160-1-009 11h20-17h00. CLOSED Session continued on Thursday, 9 July at 9h00-12h30

THE ROLE OF THE INNOVATION POTENTIAL IN THE MANAGEMENT SYSTEM OF ECONOMIC SECURITY OF ENTERPRISES

Directory of Open Access Journals (Sweden)

Y. P. Anisimov

2015-01-01

Full Text Available The article explores the theoretical foundations of innovative potential of the enterprise and its role for sustainable development and economic security. The urgency of the problem of sustainable development innovative capacity, low level of theoretical and practical elaboration, poor methodological and conceptual basis for the development of economic security, increasing competitiveness and strengthening market situation of enterprises, determined the choice of the research topic. Scientific awareness of the key problems of the economy determined the significance of the research topic, the relevance of which is determined by the need for new theoretical concepts, methodological developments and practical recommendations on the role of innovation potential in the management system of economic security of enterprises. The system of economic security management is the basis of the successful functioning and development of enterprises. In market conditions, the economic security of organizations is directly outside-the implementation of innovations into the production process, which is an effective means of increasing competitiveness, improving the quality of products. The innovative capacity of enterprises consists of a unique ability to increase such components as material and investment, information, personnel that will help the organization to achieve new strategic goals. It should be noted that not all products are offered by organizations on the existing market, generates potential, but only one that is potentially profitable. That is, the products created on the basis of innovative technologies, from-while a high quality and should demand amongst consumers. Economic security policy is a system of views, different measures, methods of solutions, specific actions in the area of economic security, which determine the conditions for achieving business goals. Thus, the implemented security policy allocates the organization to carry out economic

Session-RPE for quantifying the load of different youth basketball training sessions

Directory of Open Access Journals (Sweden)

C Lupo

2016-12-01

Full Text Available The aim of the study was to evaluate youth basketball training, verifying the reliability of the session-RPE method in relation to session duration (< and ≥ 80 minutes and workout typology (reduced and high warm-up, conditioning, technical, tactical, game portions within a single session categories. Six male youth basketball players (age, 16.5±0.5 years; height, 195.5±6.75 cm; body mass, 93.9±10.9 kg; and body mass index, 23.6±2.8 kg.m-2 were monitored (HR, type and duration of workouts during 15 (66 individual training sessions (80±26 minutes. Edwards’ HR method was used as a reference measure of internal training load (ITL; the CR-10 RPE scale was administered 30 minutes after the end of each session. The results obtained showed that all comparisons between different session durations and workout portions revealed effects in term of Edwards’ ITLs except for warm-up portions. Moderate to strong relationships between Edwards’ and session- RPE methods emerged for all sessions (r = .85, P < .001, player’s sessions (r range = .79 - .95, P < .001, session durations (< 80 minutes: r = .67, P < .001; ≥ 80 minutes: r = .75, P < .001, and workout portions (r range = .78 - .89, P range = .002 - < .001. The findings indicated that coaches of youth basketball players can successfully use session-RPE to monitor the ITL, regardless of session durations and workout portions.

AES based secure low energy adaptive clustering hierarchy for WSNs

Science.gov (United States)

Kishore, K. R.; Sarma, N. V. S. N.

2013-01-01

Wireless sensor networks (WSNs) provide a low cost solution in diversified application areas. The wireless sensor nodes are inexpensive tiny devices with limited storage, computational capability and power. They are being deployed in large scale in both military and civilian applications. Security of the data is one of the key concerns where large numbers of nodes are deployed. Here, an energy-efficient secure routing protocol, secure-LEACH (Low Energy Adaptive Clustering Hierarchy) for WSNs based on the Advanced Encryption Standard (AES) is being proposed. This crypto system is a session based one and a new session key is assigned for each new session. The network (WSN) is divided into number of groups or clusters and a cluster head (CH) is selected among the member nodes of each cluster. The measured data from the nodes is aggregated by the respective CH's and then each CH relays this data to another CH towards the gateway node in the WSN which in turn sends the same to the Base station (BS). In order to maintain confidentiality of data while being transmitted, it is necessary to encrypt the data before sending at every hop, from a node to the CH and from the CH to another CH or to the gateway node.

Security management based on trust determination in cognitive radio networks

Science.gov (United States)

Li, Jianwu; Feng, Zebing; Wei, Zhiqing; Feng, Zhiyong; Zhang, Ping

2014-12-01

Security has played a major role in cognitive radio networks. Numerous researches have mainly focused on attacking detection based on source localization and detection probability. However, few of them took the penalty of attackers into consideration and neglected how to implement effective punitive measures against attackers. To address this issue, this article proposes a novel penalty mechanism based on cognitive trust value. The main feature of this mechanism has been realized by six functions: authentication, interactive, configuration, trust value collection, storage and update, and punishment. Data fusion center (FC) and cluster heads (CHs) have been put forward as a hierarchical architecture to manage trust value of cognitive users. Misbehaving users would be punished by FC by declining their trust value; thus, guaranteeing network security via distinguishing attack users is of great necessity. Simulation results verify the rationality and effectiveness of our proposed mechanism.

Managing Security Risks in an Industrial Investment – Analysis Directions

Directory of Open Access Journals (Sweden)

Stefan Dragomir

2016-05-01

Full Text Available This paper achieved an analysis of some important management strategies for an investment, in correlation with index of global pollution. Environmental security assessment shall be determined taking into account the workplace security and effects on health, safety of workers in an industry investment. It is necessary to observe and collect a larger number of data generated by the development of an industrial process, so as to make a deep analysis on global pollution index and how it is affected industrial investment environment. This research shows how can the substances that infest the environment to produce much damage and influence the environmental factors (air, water, soil, landscape, fauna and flora. When we know the risks that characterize the plant equipment, we can protect the life and we can protect the environment for a sustainable development in the future.

National Cyber Security Policy

Indian Academy of Sciences (India)

National Cyber Security Policy. Salient Features: Caters to ... Creating a secure cyber ecosystem. Creating an assurance framework. Encouraging Open Standards. Strengthening the Regulatory framework. Creating mechanisms for security threat early warning, vulnerability management and response to security threats.

Securing radioactive sources into disuse, NORM, management, security assessment, exclusion, exemption and clearance

International Nuclear Information System (INIS)

Bastidas Pazmino, Jorge

2008-01-01

Full text: The Ecuadorian Atomic Energy Commission, through the unity of Radiation Protection Services, with the area of Radioactive Waste Management, has made the study of disused radioactive sources at the national level and are kept in the Temporary Storage of Radioactive Waste; has been made joint efforts with the Department of Energy of the United States for the repatriation of sources originating in that country; similarly, the use of radioactive materials in medicine, industry and research has had a significant increase in the country in the recent years, resulting in the generation of radioactive wastes requiring proper management, to ensure protection to human health and the environment now and into the future. Ecuador, through the Ecuadorian Atomic Energy Commission ensures that the Radioactive Waste Management is done by ensuring an adequate level of protection to human beings and the environment, seeks to meet the objectives of protection of human health, environmental protection, protection beyond national borders; protection of future generations; charges imposed on future generations; national legal framework; control of the production of radioactive wastes; unit interplay between production and radioactive waste management; security installations; in the same way within this framework are the NORM of which has been carried out preliminary studies in the Ecuador Orient, which is part of the lung that Amazon uses oxygen to the whole world, have been submitted NORM as a result of oil hidden within the operation, which has presented measures of exposure high inlays within hose from the wells operating and currently looking to move to the next stage, which are considering different alternatives for managing radioactive waste as more appropriate. (author)

Unix Security Cookbook

Science.gov (United States)

Rehan, S. C.

This document has been written to help Site Managers secure their Unix hosts from being compromised by hackers. I have given brief introductions to the security tools along with downloading, configuring and running information. I have also included a section on my recommendations for installing these security tools starting from an absolute minimum security requirement.

Security Clearances and the Protection of National Security Information: Law and Procedures

National Research Council Canada - National Science Library

Cohen, Sheldon

2000-01-01

... designed to protect National Security information. The report provides an authoritative compendium for lawyers, security officers and for managers of corporations who must deal with the legal and procedural aspects of security clearances...

Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security

National Research Council Canada - National Science Library

Ganger, Gregory

2000-01-01

This report contains the technical content of a recent funding proposal. In it, we propose a new approach to network security in which each individual device erects its own security perimeter and defends its own critical resources...

Study on Mandatory Access Control in a Secure Database Management System

Institute of Scientific and Technical Information of China (English)

无

2001-01-01

This paper proposes a security policy model for mandatory access control in class B1 database management system whose level of labeling is tuple. The relation-hierarchical data model is extended to multilevel relation-hierarchical data model. Based on the multilevel relation-hierarchical data model, the concept of upper-lower layer relational integrity is presented after we analyze and eliminate the covert channels caused by the database integrity. Two SQL statements are extended to process polyinstantiation in the multilevel secure environment. The system is based on the multilevel relation-hierarchical data model and is capable of integratively storing and manipulating multilevel complicated objects (e. g., multilevel spatial data) and multilevel conventional data ( e. g., integer. real number and character string).

Managing security in an e-business environment

OpenAIRE

Davcev, Ljupco

2009-01-01

Technological developments over the past few years have made significant contributions to securing the Internet for e-business. Ensuring security for e-business information exchange is essential as it entails exchange of sensitive information. E-business transactions entail transfer of funds with buyers, sellers and business partners. Vulnerabilities and security incidents in the digital environment require an understanding of technology issues and security challenges for privacy and trust...

How to implement security controls for an information security program at CBRN facilities

International Nuclear Information System (INIS)

Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

2015-01-01

This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

How to implement security controls for an information security program at CBRN facilities

Energy Technology Data Exchange (ETDEWEB)

Lenaeus, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)

2015-12-01

This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

An Energy-Efficient Secure Routing and Key Management Scheme for Mobile Sinks in Wireless Sensor Networks Using Deployment Knowledge

Directory of Open Access Journals (Sweden)

Le Xuan Hung

2008-12-01

Full Text Available For many sensor network applications such as military or homeland security, it is essential for users (sinks to access the sensor network while they are moving. Sink mobility brings new challenges to secure routing in large-scale sensor networks. Previous studies on sink mobility have mainly focused on efficiency and effectiveness of data dissemination without security consideration. Also, studies and experiences have shown that considering security during design time is the best way to provide security for sensor network routing. This paper presents an energy-efficient secure routing and key management for mobile sinks in sensor networks, called SCODEplus. It is a significant extension of our previous study in five aspects: (1 Key management scheme and routing protocol are considered during design time to increase security and efficiency; (2 The network topology is organized in a hexagonal plane which supports more efficiency than previous square-grid topology; (3 The key management scheme can eliminate the impacts of node compromise attacks on links between non-compromised nodes; (4 Sensor node deployment is based on Gaussian distribution which is more realistic than uniform distribution; (5 No GPS or like is required to provide sensor node location information. Our security analysis demonstrates that the proposed scheme can defend against common attacks in sensor networks including node compromise attacks, replay attacks, selective forwarding attacks, sinkhole and wormhole, Sybil attacks, HELLO flood attacks. Both mathematical and simulation-based performance evaluation show that the SCODEplus significantly reduces the communication overhead, energy consumption, packet delivery latency while it always delivers more than 97 percent of packets successfully.

Security risk assessment and management in chemical plants : Challenges and new trends

NARCIS (Netherlands)

Khakzad Rostami, N.; Martinez, Imee Su; Kwon, Hyuk-Myun; Stewart, Constantine; Perera, Rohan; Reniers, G.L.L.M.E.

2017-01-01

he present study is to point out the outcomes of the Sem-inar on the Chemical Weapon Convention and Chemical Safety and Security Management for Member States in the Asia Region held by Organization for the Prohibition of Chemical Weapons in Doha, Qatar, in February 2017. The seminar was aimed at

Convergence of Corporate and Information Security

OpenAIRE

Syed; Rahman, M.; Donahue, Shannon E.

2010-01-01

As physical and information security boundaries have become increasingly blurry many organizations are experiencing challenges with how to effectively and efficiently manage security within the corporate. There is no current standard or best practice offered by the security community regarding convergence; however many organizations such as the Alliance for Enterprise Security Risk Management (AESRM) offer some excellent suggestions for integrating a converged security program. This paper rep...

Efficient and Security Enhanced Anonymous Authentication with Key Agreement Scheme in Wireless Sensor Networks.

Science.gov (United States)

Jung, Jaewook; Moon, Jongho; Lee, Donghoon; Won, Dongho

2017-03-21

At present, users can utilize an authenticated key agreement protocol in a Wireless Sensor Network (WSN) to securely obtain desired information, and numerous studies have investigated authentication techniques to construct efficient, robust WSNs. Chang et al. recently presented an authenticated key agreement mechanism for WSNs and claimed that their authentication mechanism can both prevent various types of attacks, as well as preserve security properties. However, we have discovered that Chang et al's method possesses some security weaknesses. First, their mechanism cannot guarantee protection against a password guessing attack, user impersonation attack or session key compromise. Second, the mechanism results in a high load on the gateway node because the gateway node should always maintain the verifier tables. Third, there is no session key verification process in the authentication phase. To this end, we describe how the previously-stated weaknesses occur and propose a security-enhanced version for WSNs. We present a detailed analysis of the security and performance of our authenticated key agreement mechanism, which not only enhances security compared to that of related schemes, but also takes efficiency into consideration.

Media rights and media security

Science.gov (United States)

Baugher, Mark

2005-03-01

Digital Rights Management (DRM) systems typically do not treat rights management as a security problem. DRM uses cryptographic techniques but not security relationships. Instead, DRM systems use "tamper-resistant mechanisms" to discourage unauthorized access to rights-managed content. Although proven ineffective in practice, tamper-resistant mechanisms penalize legitimate customers with added complexity and costs that arise from tamper-resisting data or program code. This paper explores how a security relationship between provider and consumer might be more effective for managing rights to content works on two-way networks.

INFORMATION SECURITY MANAGEMENT IN ORGANIZATIONS

OpenAIRE

Ndungu , Maryanne; Kandel, Sushila

2015-01-01

In today's globally interconnected economy, information security has become one of the most complex issues of concern at the world's leading organizations. The capital value of information is significantly increasing and forming a large part of the shareholder value due to increased dependence on information. Organizations that want to achieve competitive advantage amongst other goals have information security at the centre of their concerns. It is now evident that information is a busin...

Round table discussion during session 2

International Nuclear Information System (INIS)

Mays, C.

2004-01-01

The round table discussions of the second session of the FSC Belgium Workshop addressed the following questions: - Do local stakeholders have, internally or externally, all the expertise they need in order to address the issues raised by radioactive waste management projects? - Do institutional stakeholders have all the expertise they need to take local impacts into account? - What kinds of expert input are sought and attained by the different stakeholders? - Were any formal methods used to aid local partnerships perform technology assessments? Or other types of assessment? - How to maintain the knowledge and expertise achieved by the stakeholders? Discussion took place after the plenary presentations, at tables grouping Belgian stakeholders and FSC delegates. As in Session I, most of the round table discussion focussed specifically on the experience of the local partnerships. Many insights were shared about the nature and role of expertise in complex decision making. They are summarised below, on the basis of the feedback provided to the plenary by each round table. Some of these insights can be generalised to other contexts. All in all, a profile emerged of the local partnerships as a unique and effective tool to deal with knowledge issues in managing risk. (author)

Security-Enhanced Push Button Configuration for Home Smart Control.

Science.gov (United States)

Han, Junghee; Park, Taejoon

2017-06-08

With the emergence of smart and converged home services, the need for the secure and easy interplay of various devices has been increased. Push Button Configuration (PBC) is one of the technologies proposed for easy set-up of a secure session between IT and consumer devices. Although the Wi-Fi Direct specification explicitly states that all devices must support the PBC method, its applicability is very limited. This is because the security vulnerability of PBC can be maliciously exploited so that attackers can make illegitimate sessions with consumer devices. To address this problem, this paper proposes a novel Security-enhanced PBC (SePBC) scheme with which we can uncover suspicious or malicious devices. The proposed mechanism has several unique features. First, we develop a secure handshake distance measurement protocol by preventing an adversary sitting outside the region from maliciously manipulating its distance to be fake. Second, it is compatible with the original Wi-Fi PBC without introducing a brand-new methodology. Finally, SePBC uses lightweight operations without CPU-intensive cryptography computation and employs inexpensive H/W. Moreover, it needs to incur little overhead when there is no attack. This paper also designs and implements the proposed SePBC in the real world. Our experimental results and analysis show that the proposed SePBC scheme effectively defeats attacks on PBC while minimizing the modification of the original PBC equipment.

Fault-tolerant and QoS based Network Layer for Security Management

Directory of Open Access Journals (Sweden)

Mohamed Naceur Abdelkrim

2013-07-01

Full Text Available Wireless sensor networks have profound effects on many application fields like security management which need an immediate, fast and energy efficient route. In this paper, we define a fault-tolerant and QoS based network layer for security management of chemical products warehouse which can be classified as real-time and mission critical application. This application generate routine data packets and alert packets caused by unusual events which need a high reliability, short end to end delay and low packet loss rate constraints. After each node compute his hop count and build his neighbors table in the initialization phase, packets can be routed to the sink. We use FELGossiping protocol for routine data packets and node-disjoint multipath routing protocol for alert packets. Furthermore, we utilize the information gathering phase of FELGossiping to update the neighbors table and detect the failed nodes, and we adapt the network topology changes by rerun the initialization phase when chemical units were added or removed from the warehouse. Analysis shows that the network layer is energy efficient and can meet the QoS constraints of unusual events packets.

75 FR 52760 - Medicare Program; Listening Session Regarding the Implementation of Section 10332 of the Patient...

Science.gov (United States)

2010-08-27

...] Medicare Program; Listening Session Regarding the Implementation of Section 10332 of the Patient Protection... of the Patient Protection and Affordable Care Act (the Affordable Care Act), which amended section 1874 of the Social Security Act: Availability of Medicare Data for Performance Measurement. The purpose...

Optimisation of the securities portfolio as a part of the risk management process

Directory of Open Access Journals (Sweden)

Srečko Devjak

2004-01-01

Full Text Available Securities of Slovene companies are listed at the Ljubljana Stock Exchange. Market capitalisation at the Ljubljana Stock Exchange has been growing since 1996 due to new listings of equities. On the basis of financial data time series for listed equities, the financial investor can calculate a risk for each individual security with a selected risk measure and can determine an optimal portfolio, subject to selected constraints. In this paper, we shall consequently determine an optimal portfolio of equities for the financial investor, investing his assets only in selected equities listed at the Ljubljana Stock Exchange. Selecting an appropriate risk measure is especially important for a commercial bank in a risk management process. Commercial banks can use internal models in the risk management process and for the purpose of capital charges as well. An optimal portfolio will be calculated, using a non-linear mathematical model.

Session-RPE for quantifying load of different youth taekwondo training sessions.

Science.gov (United States)

Lupo, Corrado; Capranica, Laura; Cortis, Cristina; Guidotti, Flavia; Bianco, Antonino; Tessitore, Antonio

2017-03-01

The session rating of perceived exertion (session-RPE) proved to be a valuable method to quantify the internal training load (ITL) in taekwondo. However, no study validated this method in youth taekwondo athletes performing different training sessions. Thus this study aimed at evaluating the reliability of the session-RPE to monitor the ITL of prepubescent taekwondo athletes during pre-competitive (PC) and competitive (C) training sessions. Five female (age: 12.0±0.7 y; height: 1.54±0.08 m; body mass: 48.8±7.3 kg) and four male (age: 12.0±0.8 yrs; height: 1.55±0.07 m; body mass: 47.3±5.3 kg) taekwondo athletes were monitored during 100 individual sessions (PC: N.=33; C: N.=67). The Edwards' HR method was used as reference measure of ITL; the CR-10 RPE scale was administered at 1- and 30-minutes from the end of each session. No difference for gender emerged. The ITLs of C (Edwards: 228±40 arbitrary units, AU) resulted higher than that of PC (192±26 AU; P=0.04). Although all training typologies and data collections achieved significant correlations between Edwards' and session-RPE methods, a large relationship (r =0.71, Psessions evaluated at 30 minutes of the recovery phases. Findings support coaches of prepubescent taekwondo athletes to successfully use session-RPE to monitor the ITL of different training typologies. However, PC training evaluated at 30 minutes of the recovery phase represents the best condition for a highly reliable ITL perception.

45 CFR 2508.9 - What officials are responsible for the security, management and control of Corporation record...

Science.gov (United States)

2010-10-01

..., management and control of Corporation record keeping systems? 2508.9 Section 2508.9 Public Welfare... IMPLEMENTATION OF THE PRIVACY ACT OF 1974 § 2508.9 What officials are responsible for the security, management and control of Corporation record keeping systems? (a) The Director of Administration and Management...

Quantum key distribution session with 16-dimensional photonic states

Science.gov (United States)

Etcheverry, S.; Cañas, G.; Gómez, E. S.; Nogueira, W. A. T.; Saavedra, C.; Xavier, G. B.; Lima, G.

2013-01-01

The secure transfer of information is an important problem in modern telecommunications. Quantum key distribution (QKD) provides a solution to this problem by using individual quantum systems to generate correlated bits between remote parties, that can be used to extract a secret key. QKD with D-dimensional quantum channels provides security advantages that grow with increasing D. However, the vast majority of QKD implementations has been restricted to two dimensions. Here we demonstrate the feasibility of using higher dimensions for real-world quantum cryptography by performing, for the first time, a fully automated QKD session based on the BB84 protocol with 16-dimensional quantum states. Information is encoded in the single-photon transverse momentum and the required states are dynamically generated with programmable spatial light modulators. Our setup paves the way for future developments in the field of experimental high-dimensional QKD. PMID:23897033

Security Analysis and Improvement of an Anonymous Authentication Scheme for Roaming Services

Directory of Open Access Journals (Sweden)

Youngsook Lee

2014-01-01

Full Text Available An anonymous authentication scheme for roaming services in global mobility networks allows a mobile user visiting a foreign network to achieve mutual authentication and session key establishment with the foreign-network operator in an anonymous manner. In this work, we revisit He et al.’s anonymous authentication scheme for roaming services and present previously unpublished security weaknesses in the scheme: (1 it fails to provide user anonymity against any third party as well as the foreign agent, (2 it cannot protect the passwords of mobile users due to its vulnerability to an offline dictionary attack, and (3 it does not achieve session-key security against a man-in-the-middle attack. We also show how the security weaknesses of He et al.’s scheme can be addressed without degrading the efficiency of the scheme.

Assessing treatment integrity in cognitive-behavioral therapy: comparing session segments with entire sessions.

Science.gov (United States)

Weck, Florian; Grikscheit, Florian; Höfling, Volkmar; Stangier, Ulrich

2014-07-01

The evaluation of treatment integrity (therapist adherence and competence) is a necessary condition to ensure the internal and external validity of psychotherapy research. However, the evaluation process is associated with high costs, because therapy sessions must be rated by experienced clinicians. It is debatable whether rating session segments is an adequate alternative to rating entire sessions. Four judges evaluated treatment integrity (i.e., therapist adherence and competence) in 84 randomly selected videotapes of cognitive-behavioral therapy for major depressive disorder, social anxiety disorder, and hypochondriasis (from three different treatment outcome studies). In each case, two judges provided ratings based on entire therapy sessions and two on session segments only (i.e., the middle third of the entire sessions). Interrater reliability of adherence and competence evaluations proved satisfactory for ratings based on segments and the level of reliability did not differ from ratings based on entire sessions. Ratings of treatment integrity that were based on entire sessions and session segments were strongly correlated (r=.62 for adherence and r=.73 for competence). The relationship between treatment integrity and outcome was comparable for ratings based on session segments and those based on entire sessions. However, significant relationships between therapist competence and therapy outcome were only found in the treatment of social anxiety disorder. Ratings based on segments proved to be adequate for the evaluation of treatment integrity. The findings demonstrate that session segments are an adequate and cost-effective alternative to entire sessions for the evaluation of therapist adherence and competence. Copyright © 2014. Published by Elsevier Ltd.

INC93: international nuclear congress. Technical sessions summaries

International Nuclear Information System (INIS)

Boulton, J.

1993-01-01

The conference dealt mainly with safety, environmental and human aspects of nuclear energy, including waste management. This volume consists of summaries of the technical sessions contained in Volumes 2 and 3. The individual papers have also been abstracted separately for INIS, with the summaries abridged

INC93: international nuclear congress. Technical sessions summaries

Energy Technology Data Exchange (ETDEWEB)

Boulton, J

1994-12-31

The conference dealt mainly with safety, environmental and human aspects of nuclear energy, including waste management. This volume consists of summaries of the technical sessions contained in Volumes 2 and 3. The individual papers have also been abstracted separately for INIS, with the summaries abridged.

Managing for Enterprise Security

National Research Council Canada - National Science Library

Caralli, Richard A; Allen, Julia H; Stevens, James F; Willke, Bradford J; Wilson, William R

2004-01-01

Security has become one of the most urgent issues for many organizations. It is an essential requirement for doing business in a globally networked economy and for achieving organizational goals and mission...

Efficient and secure authentication protocol for roaming user in ...

Indian Academy of Sciences (India)

BALU L PARNE

2018-05-29

May 29, 2018 ... 1 Department of Computer Science and Engineering, Visvesvaraya National Institute of Technology (VNIT), ... proposed protocol is presented by BAN logic and the security ..... with session key Sk of the HLR to protect from.

Session B1 Management for sustainable use — Rangeland auditing ...

African Journals Online (AJOL)

We need to monitor the capacity of healthy rangeland to support a broad suite of ecosystem services for a wide range of stakeholders — in a fair, objective and representative way. ... A hybrid session structure will be utilised: distilling wisdom from relevant posters; formal presentations; and stimulating structured debate.

Controlling disasters: Local emergency management perceptions about Federal Emergency Management and Homeland Security actions after September 11, 2001.

Science.gov (United States)

Hildebrand, Sean

This article examines local emergency manager's beliefs regarding control over tasks during various stages of the hazard cycle since federal policies went into effect following the September 11 attacks. The study considers whether a disparity exists between the actions of local officials during each phase of the "hazard cycle" and the policy expectations of the federal government, which call for greater federal control over activities in emergency management and homeland security. To do so, hypothesis testing investigates the jurisdiction's use of comprehensive emergency management (CEM) practices, the perceived "clarity" of the federal policy demands, and if the local actors feel coerced to comply with federal policy demands so that grant funding is not compromised. Using a model developed from "third-generation" policy implementation research, the results show that the odds of local officials citing federal control over these actions have very limited statistical significance. This signals that the perceived lack of local input into the development of these federal policies and the policies' limited use of traditional CEM measures may not be in concert with what local actors perform in the field. Simply put, the respondents claim to understand the federal policy demands, support the concept of federal control as the policies describe, yet follow their own plans or traditional CEM principles, even if such actions do not support the federal policy demands. These results align with pre-existing research in the emergency management field that show issues with efforts to centralize policies under the Department of Homeland Security and Federal Emergency Management Agency.

Communicating Uncertainty about Climate Change for Application to Security Risk Management

Science.gov (United States)

Gulledge, J. M.

2011-12-01

The science of climate change has convincingly demonstrated that human activities, including the release of greenhouse gases, land-surface changes, particle emissions, and redistribution of water, are changing global and regional climates. Consequently, key institutions are now concerned about the potential social impacts of climate change. For example, the 2010 Quadrennial Defense Review Report from the U.S. Department of Defense states that "climate change, energy security, and economic stability are inextricably linked." Meanwhile, insured losses from climate and weather-related natural disasters have risen dramatically over the past thirty years. Although these losses stem largely from socioeconomic trends, insurers are concerned that climate change could exacerbate this trend and render certain types of climate risk non-diversifiable. Meanwhile, the climate science community-broadly defined as physical, biological, and social scientists focused on some aspect of climate change-remains largely focused scholarly activities that are valued in the academy but not especially useful to decision makers. On the other hand, climate scientists who engage in policy discussions have generally permitted vested interests who support or oppose climate policies to frame the discussion of climate science within the policy arena. Such discussions focus on whether scientific uncertainties are sufficiently resolved to justify policy and the vested interests overstate or understate key uncertainties to support their own agendas. Consequently, the scientific community has become absorbed defending scientific findings to the near exclusion of developing novel tools to aid in risk-based decision-making. For example, the Intergovernmental Panel on Climate Change (IPCC), established expressly for the purpose of informing governments, has largely been engaged in attempts to reduce unavoidable uncertainties rather than helping the world's governments define a science-based risk-management

Managing the security of radioactive sources

International Nuclear Information System (INIS)

Cameron, R.

2003-01-01

The issue of security of radioactive sources had arisen as a result of incidents where people were unintentionally exposed in various parts of the world. However after 11 September 2001, the focus on security was intensified by concerns over those who might wish to use radioactive sources for malevolent purposes. This paper will discuss the questions of the type and nature of these concerns and outline a process for assessing the threat and then assigning security measures for sources. The paper is based on work done by the author while at the IAEA and published as part of IAEATecdoc-1355

Macro Security Methodology for Conducting Facility Security and Sustainability Assessments

International Nuclear Information System (INIS)

Herdes, Greg A.; Freier, Keith D.; Wright, Kyle A.

2007-01-01

Pacific Northwest National Laboratory (PNNL) has developed a macro security strategy that not only addresses traditional physical protection systems, but also focuses on sustainability as part of the security assessment and management process. This approach is designed to meet the needs of virtually any industry or environment requiring critical asset protection. PNNL has successfully demonstrated the utility of this macro security strategy through its support to the NNSA Office of Global Threat Reduction implementing security upgrades at international facilities possessing high activity radioactive sources that could be used in the assembly of a radiological dispersal device, commonly referred to as a 'dirty bomb'. Traditional vulnerability assessments provide a snap shot in time of the effectiveness of a physical protection system without significant consideration to the sustainability of the component elements that make up the system. This paper describes the approach and tools used to integrate technology, plans and procedures, training, and sustainability into a simple, quick, and easy-to-use security assessment and management tool.

Information Security Maturity as an Integral Part of ISMS based Risk Management Tools

NARCIS (Netherlands)

Fetler, Ben; Harpes, Carlo

2016-01-01

Measuring the continuous improvement of Information Security Management Systems (ISMS) is often neglected as most organizations do not know how to extract key-indicators that could be used for this purpose. The underlying work presents a six-level maturity model which can be fully integrated in a

Top management turnover and firm default risk: Evidence from the Chinese securities market

Directory of Open Access Journals (Sweden)

Wei Ting

2011-06-01

Full Text Available China has moved rapidly from a socialist planned economy to a market economy. As a result, many enterprises in China are seeking talented top management to increase their performance and decrease their default risk. Studies abound regarding top management turnover and its relationship with firm performance, however, few studies have connected top management turnover with firm default risk. In China, a market with extensive financial fraud, firm default risk is an important factor and thus we explore this relationship in the Chinese securities market. Our results indicate that firms with higher default risk are more likely to change their top management in the next financial reporting period. In addition, following changes in top management, such firms default less than other companies.

Top management turnover and firm default risk:Evidence from the Chinese securities market

Institute of Scientific and Technical Information of China (English)

Wei; Ting

2011-01-01

China has moved rapidly from a socialist planned economy to a market economy.As a result,many enterprises in China are seeking talented top management to increase their performance and decrease their default risk.Studies abound regarding top management turnover and its relationship with firm performance,however,few studies have connected top management turnover with firm default risk.In China,a market with extensive financial fraud,firm default risk is an important factor and thus we explore this relationship in the Chinese securities market.Our results indicate that firms with higher default risk are more likely to change their top management in the next financial reporting period.In addition,following changes in top management,such firms default less than other companies.

Formal description of the OSI session layer: session service

NARCIS (Netherlands)

van Sinderen, Marten J.; van Eijk, P.H.J.; Vissers, C.A.; Diaz, M.

1989-01-01

The LOTOS formal description of the OSI session service is presented on basis of specification samples from the full description, giving account of how specification styles and session service architectural elements are reflected in the description. Both information (data types) and process

Information Security Maturity Model

OpenAIRE

Information Security Maturity Model

2011-01-01

To ensure security, it is important to build-in security in both the planning and the design phases andadapt a security architecture which makes sure that regular and security related tasks, are deployedcorrectly. Security requirements must be linked to the business goals. We identified four domains thataffect security at an organization namely, organization governance, organizational culture, thearchitecture of the systems, and service management. In order to identify and explore the strengt...

Session 31B - Panel: Opportunities in the UK with the Nuclear Decommissioning Authority (NDA)

International Nuclear Information System (INIS)

Benda, Gary; Hayes, David; Gorham, Ron; Wareing, Mark; Simper, Adrian; Selby, Terry

2006-01-01

The NDA participated in a panel session 31B on Wednesday afternoon starting at 3:15. The NDA is a non-departmental public body, set up in April 2005 under the Energy Act 2004 to take strategic responsibility for the UK's nuclear legacy. Details of their organization and history are located on their web site at www.nda.gov.uk. Also copies of their Power Point presentations made at WM'06 are available on their web site. Their core objective is to ensure that the 20 civil public sector nuclear sites under our ownership are decommissioned and cleaned up safely, securely, cost effectively and in ways that protect the environment for this and future generations. They lead the development of a unified and coherent decommissioning strategy, working in partnership with regulators and site licensees to achieve best value, optimum impact on local communities, and the highest environmental standards. The NDA's main task is the decommissioning and clean up of civil nuclear sites. If the Government decides it is necessary, however, the Energy Act 2004 allows the NDA to take responsibility for sites currently operated by, or on behalf of, the Ministry of Defence (MoD). Resources will then be transferred from the MoD to meet the costs of clean up. The NDA made a number of presentations to allow conference delegates the opportunity to understand some of the major aspects of their work and to interact with NDA staff. These included the following topics and gave opportunity for audience discussion: - A brief presentation to update on progress by the NDA; - Outline of low level waste management and the prioritisation process; - Discussion of the competition schedule related to low level waste management and the Drigg site. The following presentations and handout were delivered in various sessions of the conference as noted below and are available on their web page including the WM'06 Plenary Session presentation by Sir Anthony Cleaver, Chairman of the NDA. During Session 31B, the

On the Importance of Safety and Security at Work for the Organizational Management

Directory of Open Access Journals (Sweden)

Jeanina Ciurea

2017-12-01

Full Text Available One of the most important aspects regarding human resource management in any organization should be the one concerning the safety and security at work of the employees. Unfortunately, this remains an insufficiently discussed issue, not only in literature, but also in practice. Articles in this field are not so numerous, while official reports indicate a high number of incidents that occur every year, in every country. The enterprises should focus much more on this aspect, but in many cases, the management lacks from this point of view, the policy regarding the safety and health of employees being kept at the lowest positions on the list of aspects that need immediate attention. The present paper tries to highlight the importance of the issue of safety and security at work, the first part consisting in a brief review of the literature in this field, while the second part presents statistical data available for the past years, both in Romania and Europe, regarding this problem.

2008 Homeland Security S and T Stakeholders Conference West. Volume 4. Wednesday

Science.gov (United States)

2008-01-16

www.npia.police.uk Polonium 210 Interoperability - lessons Major Incident - CBRN Images courtesy of BBC www.npia.police.uk Boscastle 2007...Washington Training Session 37: Preparing First Responders for Food Systems Disasters Jerry Gillespie, DVM, PhD Director, Western Institute for... Food Safety and Security Training Session 39: Technology Adoption & Innovation 1 Dr. Neal Thornberry, Innovation Chair Graduate School of

Information security architecture an integrated approach to security in the organization

CERN Document Server

Killmeyer, Jan

2006-01-01

Information Security Architecture, Second Edition incorporates the knowledge developed during the past decade that has pushed the information security life cycle from infancy to a more mature, understandable, and manageable state. It simplifies security by providing clear and organized methods and by guiding you to the most effective resources available.